为Typecho添加一个简易Waf 提高安全性

Author： Juneha
发布时间：April 20, 2023
428 views
No comments
605 words
Categories：备忘录

0x1 前言

最近一段时间typecho出了不少漏洞xss等这里加个简单的Waf来防御，用的是360Webscan-0.1.3.4的规则,只针对未登入的用户进行拦截，因为我的博客实际情况就只有我一个用户

0x02 添加Waf

首先在/var/Widget/Login.php 加上下列代码

    /** 登入设置Session **/
    session_start();
    $_SESSION['WAF'] = 1;

然后在/config.inc.php加上包含waf文件的代码

/** 包含Waf文件 **/
session_start();
if(!$_SESSION['WAF']){
  include_once '文件名.php';  
}

然后就WAF文件本体,保存到网站根目录然后修改包含的文件名即可

<?php
//禁止直接访问
if (strtolower(basename(__FILE__)) == strtolower(basename($_SERVER['PHP_SELF']))) {
    header('HTTP/1.0 403 Forbidden');
    exit;
}

webscan_error();

//拦截开关(1为开启，0关闭)
$webscan_switch=1;

//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)
$webscan_post=1;
$webscan_get=1;
$webscan_cookie=1;
$webscan_referre=1;

//后台白名单,后台操作将不会拦截,添加"|"隔开
$adminurl=__TYPECHO_ADMIN_DIR__;
$webscan_white_directory=str_replace('/','\/',$adminurl);

//url白名单,可以自定义添加url白名单
$webscan_white_url = array();

//防护脚本版本号
define("WEBSCAN_VERSION", '0.1.3.4');

$getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//post拦截规则
$postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//cookie拦截规则
$cookiefilter = "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);

/**
 *   关闭用户错误提示
 */
function webscan_error() {
  if (ini_get('display_errors')) {
    ini_set('display_errors', '0');
  }
}

/**
 *  参数拆分
 */
function webscan_arr_foreach($arr) {
  static $str;
  static $keystr;
  if (!is_array($arr)) {
    return $arr;
  }
  foreach ($arr as $key => $val ) {
    $keystr=$keystr.$key;
    if (is_array($val)) {

      webscan_arr_foreach($val);
    } else {

      $str[] = $val.$keystr;
    }
  }
  return implode($str);
}


/**
 *  防护提示页
 */
function webscan_pape(){
$pape1=<<<HTML
<!DOCTYPE html>
<html lang="zh-cn">
<script src="https://cdn.bootcss.com/jquery/2.0.2/jquery.min.js" type="text/javascript"></script>
<script src="https://static.runoob.com/assets/jquery/jquery.growl/javascripts/jquery.growl.js" type="text/javascript"></script>
<link href="https://static.runoob.com/assets/jquery/jquery.growl/stylesheets/jquery.growl.css" rel="stylesheet" type="text/css"/>
<head>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,minimum-scale=1.0,user-scalable=no">
  <meta name="data-spm" content="a3c0e" />
  <title>405</title>
<!-- aHR0cHM6Ly9ibG9nLm1vNjAuY24vaW5kZXgucGhwL2FyY2hpdmVzL1R5cGVjaG8tYWRkLXdhZi5odG1s -->
  <style>
    html, body, div, a, h2, p { margin: 0; padding: 0;  }
    a { text-decoration: none; color: #3b6ea3;  }
    .container { width: 1000px; margin: auto; color: #696969; }
    .header { padding: 50px 0; }
    .header .message { height: 36px; padding-left: 120px; background: url(https://errors.aliyun.com/images/TB1TpamHpXXXXaJXXXXeB7nYVXX-104-162.png) no-repeat 0 -128px; line-height: 36px; }
    .main { padding: 50px 0; background: #f4f5f7; }
    .main img { position: relative; left: 120px; }
    .footer { margin-top: 30px; text-align: right; }
    .footer a { padding: 8px 30px; border-radius: 10px; border: 1px solid #4babec; }
    .footer a:hover { opacity: .8; }
    .alert-shadow { display: none; position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: #999; opacity: .5; }
    .alert { display: none; position: absolute; top: 200px; left: 50%; width: 600px; margin-left: -300px; padding-bottom: 25px; border: 1px solid #ddd; box-shadow: 0 2px 2px 1px rgba(0, 0, 0, .1); background: #fff; font-size: 14px; color: #696969; }
    .alert h2 {  margin: 0 2px; padding: 10px 15px 5px 15px; font-size: 14px; font-weight: normal; border-bottom: 1px solid #ddd; }
    .alert a { display: block; position: absolute; right: 10px; top: 8px; width: 30px; height: 20px; text-align: center; }
    .alert p {  padding: 20px 15px; }
  </style>
</head>

<body data-spm="7663354">
  <div data-spm="1998410538">
    <div class="header">
      <div class="container">
        <div class="message">
          很抱歉，由于您访问的URL有可能对网站造成安全威胁，您的访问被阻断。
          <div>您的请求ID是: <strong id="reqid">
</strong></div>
        </div>
      </div>
    </div>
    <div class="main">
      <div class="container">
        <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAApQAAAB1CAMAAADHloEAAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAwBQTFRF4u32aX2EVZvJ6fPt5ObooqiqkZiZzfPR19rcjpaXnqWm6Orsq7GygcXy7O7wmaChfcHv0vTVqK6wr9S5yc3P0+7YTKnoneOl5Ojtq9bzrbO09f325efqZoGO3uHjlZ2eYIuktNS+sba4gYqLipKT7O7y3N/hVdVhtNnzhI2OjuKXTajlvezCWdZly87QtOi70tXXuNvzg4uM4uTmUtVf1Ov72t3gcHp7fIWG2tzeUa7t6u3xpauswcXHvsPE4eTnvMHDc3x9z9LUV7DtxcnLWZW75+ruW5O2ms7xpqytdH1+tbq8uL2/xPHIub7A8/n+gd6LxsrM3uDistv3X4yorrO1zNDSU67tcr7wnKKkwcbHnrTBY7bvcXt85fLpgMPvn6anu8DCs7i60tbab3h5tLm7dn+Aho+Qt7y94+Xn0NTZaWlpTNNZ4+fss7S1////vL2+4eLkz9DRfHx8eoOEjo6PoaGieYKD8vT2hYWF2Nnbbnd4cnJy6+zu7vDy1dja3eDipKqrxsbIl5iYqqqrb3l6eIGC+/3/8/T2zOf66PD2d4CBn9L18vT37vDzbXh5a3p/8fP19PX3Tafk1tnb8vP20ub1T63sk8rxe8Hx7/Dy6ezw8vX1foeI8vP1e4SF6vH27/Hzj5eY6OvvZYOTl8zx8PL0sLW35unub7zw1NfZf4iJuem/6+3v8fL0v8TFsLa3t9331fXYztHTjJSVz+n6lcvx8PTz09bY6uzulJucl+KgkeSZ7/H0hMbyqrCxUNRdhIyN5OfsVa/tsre5p62vYoif6+7xf92J8PL18fL1yMvN2NvdiJCRc6rOiMjycYuZsNfz3vHjb4qYnqqv7PPww+P57vf9stjz8PH0a7rvleKe8PHzsOe34ePlk830udTC6uzvl56fkuGbq7GzluWdZ7jvveD4w8jJedyEk5qb5+/21NjdqOaw8/X35/T87fDz7e/y7O3v4vHm5entddt/5+nr7O3wv+/D7e/x2Nvg3+Lk4OPlS6vsbXd49PX3fsTrRwAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAABLnSURBVHja7J0NfBTlnccjL5EklLQ2INIonMQgtVCkNKTylgBKTTTotUiDUKBggEycnRd2yA67KLubdM8oEgQpIFKwBQVfi20V9agWaltKr3ft9a7XXu9quTtOvRfuvJzIZeeeZ95n9pmdmd2dTZh5/p+PYXf2mXXnt9/5P////3nZEsHS9h4/VV5aWn7f/F4BG7YiWonVC8Ou2pSWrX5cBRYqu6VSvz/f8LVVZe/Obm6YuvfJQGpwpKlnU+7W03TKFsrmmWmdNTVg7rJYb98LpW2aWhMrXwniXXxVOj87aQflO+YzyjF6lva5021mudZV/Q5D6dJG2kD5cuYpJzB80DqfH/XcwU79kYvnD6AkfvcLGMqCQlmJOmcrJlKoOLqwpbL0yMKpG7aobrLcQuOm5ucwlIWDciH6pPlBR/Li8UNdStg4sk869spka5VbN2AoCwVlqhF90saAMznsdJdOjZppMMeuqs8mc2l18KBsa5291Z3Nbm2zh3KulcZnAs3kpRqjGm0NgnCmJ/vNX1kROCjfvLR3izvbe+lNeyjftJK4LMhMVh/KCBrnjphu0yOtvf3JwEHpPmbZYA9ltaXEmy8Gl8m9qzL16J64wi5O6lkYNCin17o+sXa6LZRV1hIfDS6Uy1bkFr3XXBc0KB9EvJR6Xr25Ea8+aA9li7XCywLL5LyaHFPKzVtTgYfyTHnpofI5h0En/OL4svEn63KA8nprhVuC6yjX5lro2HhPwKFMnROzwaYTG+pehmPXXfXr3UPZbC1wYEfAK8bnXn5rfS7YUC6RA5/N+5XyWdN611DOsdZ36gBc6ujRowde7531uUMZGFeJhnIaQrqJO91CudNa388V9yqHfuauSR3QJt317NCBlLtz7oo8Riq2bgkylFsRgc/MkW6h7G20UvdAcZG8ekaHZj94bQCxfLJlZh5QTv5ZgKEcVboZkf2NH+USSmGV/YS3ItizUzqMNunvB85TNuTjKRvnBhbKJ7f0HUJCWdHrEspLVur2Fe8Cn3itI9P++P0BS77zgTK9alQwoUzRDafLN6LqZPWrWuoOu4ISPXMtnZ5dRCbv6kDZvxafyudeWX3fHfeMywvK0r5AQtl5piZLIW168yhXUF5ERlA9ncW7vtc60Pbpoqr8aktrWc2xppmN9Zs25wOlKdkMCpRTbUoW47a4gVI4inqP2uJd3rMdVlbEuDI1p6YpXRBb8UIQodxgNwjWOMcVlIjx765pxbu6v55iCeWkouXgIyp70gWytatTAYSy2bZ3OVTtCkph535TWaOIflK4usPaflukz/DCsXTBbO2yAHrKindtdWmqcgelcPicru/qPlXUAuUkhcB/ulMqVU6683W1XvnVotSAljSlC2iTW6oDB+WDDqawtLiEEqDeMl7cjuDAOw3FLWl8VmUyFPoEpHLGd0Ihlcp/szn70o4CfIQX16YLak3HZg8LGJS1Z+1laXANJbC9f/rAA9c9X+yL+7HC350hkUrIZOgzysH/sTm7vW5X3p/gnu50oa3r2MJgQTmszFaT+qO5QDkwpqY5Mz4BqZwC/16pDjnOeMIGyvaP8r2N/q8s7YG13ZdXTW1ee9FsXiGg7DxlP3/qonsoq0ccP3N+4Zn5PytuQDRUy2pEKj9lYLKj46/soGx//0JeH+DgVWlvbOvBPD7VmuJBuaYg2betqzxw3F1JqPrukScmqnFV18Tx46oKsC7P2c3+jx0mKo1MdnzSgap/yOdjzl/hEZTpq3qD4ykF4ZU3sxaFZp5KuYCyYvW7iCGdxvFz8813nN3sf6KvAE2BfvJThrrlJ528SR7O/dVWr5hMN1YFqE4pCHUn1zV2WVhT6TJ1GaI9lF8YblkN6Zlde3l4yvY1eYw2z097Z2XzggSl0DnvzJFzSxB27oi+57WDstbGTQz/fVFjyu/kFFO2f5RH8LZ3q4dQpps7gwSlQ8sOZec5+9LG9cXLvidBJq+ccmVIrlc6zL7b5+VTqhy20Uso91/CULqD8oGJTnRdV1fMOiXwkTMglR86rlO+/795/d/vTntqPh4Gl6Cc7H6UYNhkayjvcCqsx5Ne1BGd1+V+G0aWjkd0avPcKOWUt1Cuq/A5lMfu3vmAO9t59zFLKF3EUie9DSrVse/XP5R67Rkfflod+/5vj6Ut9xbKmTt9DmVX94GN7uxAd5cVlJVupB3u6dVlmyX0R6+lne4tlOn1PoeykPtTVrp7A0+pHND5lN0eQzkSQ+kUytNu38HTJHwgZ557DWUZhtIhlMvcv4Wnu2UM4Bodr6Gsx1DaZioilMNymU79qofXN4CrGQ94DOUm30I5PE9lZhuhXGfZ8Nprr7VcOOrlBQ7cuu9SV0Jm0cfCun0L5fEj12eze++9N9vLLx6Zb4ASXS/e/qMhN/VDu2nIj7ajGni7lGygdsgY6ZQuoM+YrPoErfsWOq3svZtXLhWl+uHKm9+zbCUYoEQt29u+SFJcsjGLELLv9/YSh179A/1eQr8t0jrGFodI2uuDtnf8imTf+lXDkb/+8Kuf79ZJtfvnv0K2Gr7qjgodlHMR0k14rN9oj03IbOT1RKyhz8q7rs348We/Wixtd3Y5QevLNznQB2lLfMpk6msrNiMNIRW64YrmlAZl5mLSR2/tz7RbHzU3O1uMix09evQTxRR3lINVeA71QZpfl9tW9eQtlbqTZwliP8pHh/SjbEjGW/lxk/lUgz2TTvVBzUn16TShupoCSFVTq0A5O+M1HdwL9izQAW5ueMSP8l6y3Ybg1n603eoAyvKDvmSyorUgUpVXyFBmDPZOUIl8aXEoFFr80nLlwIQgjE6kmm24mtBvZQ7iSn/+wGXvfTMLItWK9eIcr5K+jLxSyXEWLA5JtvgZJUQ15ZhdOS2F2fXg4FZ43svZ8+7HLJV+zDYHb33Vl1BO7SmQVJvEFY4lU83HFynnvRQKPfxM//KHQ6HvKocWmdrmssf8qPfbB7nE57Puj7Go39oW2e2U4U9HWbuuYFKdhXlKibkut12pvy0ATIoPAJVKBz7GxPdq159/x4b29sEOZW+2UdztY7IoPcbGVY7r9SOTo1oLKFX5KADlSXMFTjlrTygkJTnLQ6E9ysEv51l0O/hR++CHUqg4lKVCiRD4K39noY+5cO7PaefNXQWUauYdAErzTOshOiilB8/ooBxibHy72297zWBfUS8XOCx/yTeNqHF87Otq1D0kG5PTR/iSyWk9BZWq+6hQYv4trTFaNUhG8dehxZrTNflal5+/etDvPSLbdZZ7joxBCB0KfQmtj8GOTfMlk9WTCyzV2b4S0yDjFRlv9A9KbCnaFYbWrn+s8Q9rLgtPCXz6SXSfdAVS6D+7Ba2PYVZVrS+ZtP6Fm5yl2lpimpt5rfmNQJrzku6pYabWKveXcPH9yyCmhHZ4PrIypOrzz19aihC632om28Zmv/5EY5vltL4cpUp3lwjCiNt1e0l/K5PJh/XPv6XN8j1xJpdr+N2IywNKQfivuesyf3xN0Wf534Q+f0um0Dp99BOi207P8+3WGJa7/OQklVg4k5ZD1J1fUlmzv21thqdcbmJSxLux/mzl9VW57iG1q+4ygVJIPV87Z/WLJ+p7ujX7pZJFAoWB1Gah+38pttqkWs/+yubVVX0+3q3l5U0WS2d/YSPVLyzO6y4zb3BVYnaU/2E8UIBNVndcznMSSvTx0ef/wix0f4mALW+pMl5ZamDw16FrDM+XBl7qpXqpQ2ahsT6FkCoDyo8bIPyuqff+eOCV1vT5869nCI31KYhUGVBe05/Nrgm80jp9gNQmobE+BZEqA8qHdmdhcvdDgVf6PZ0+H/uXW7A+HkiVGW1+MUv3/UWstFEfk2F9CiJVJpQPLbCEcgF2BCZ9jIb1KYxUiLz8Rv0Y48N7dM9uxDoD+1tLpbE+hZEKVSz6nsUbfQ+rLNo3sD7eSoWC8pGVyDda+QgWWbTOPVgfT6VCltUfQQH+Daw51qc4UlmM9dxoDlEX4HhJb3/5Q6yPd1JZDUB+89v6utIt3/4mVtekz26sj1dSWY+KP6RslbV05c241IH1KaJUNrNaHn/8cawp1qfIUuGpVtgGnWEosWEosWHDUGLDUGLD5g8o+QhvfM4yyHZUOKZvJQiRKP4KMZSFMiaqx47kjK+SrP5JRHlEs7xAiAZP5qO8EE7irxBDWQhjCc0ogdM9oxnxHy5MooilTf4zzsbCFP4KMZQFsliU1j2jo7pemaAFRgFWxy/0jJRgdIwkH46LdOLvEUOZvyUN/TV0jBFOgzKSAKBFEH07pYs9Sc3B4j4cQ5m/xdm4FhtKQaPaERN0MgLYIxOZUNIsrXAoH4tCSDkSf48YyryzHEIkkAyLfThHkEYogSNNCglwkCIM0SfNsnIOrvX7NK07FRuGMlcjiSilskVHiAgZVoNICUoQZIo+UGB0npKKcmYoSY4E7SIM/h4xlPkZFWXCYcX/kfEwz5k8JU8KHCuFlFxCgjIOUyGGMUEZA+k4E6UNSVOOtmMHZiHgMWWY0rNlgBLkLwlOiBNx9SUIpYSjGcokjDv5GBHL8+P03vDUW289dcNPMQ4YSgSUJMGJLxERlreFkmJFGpm8RnV2/ee+sffLNnbfhV0YCQylSJ5ajZTSaCoCHgA8AXJchOMi4L+EHkpSOpEjeDGsjCRy/RipN2Z9cL/JPpi1LYWxCCKULAniQUKp5HDGOiPDJmjxH0AuKbeJs+pfkmAlpyqnQhyXc+99v4Xh+DKIUA4SG4tmcqyuCc86yKKYrKlWXC4OJHmMWw5QxiKaz4qjv4044aNKtdZ33zZLiywNUAqsLjjgNX1oLqxvZJ5QoleJUZI2lg44bIpmcZsxOAnKcCQmi6nphtaQkVqQvigN3qbEkfDX6XbsU6B82njBmoOj9cX8MBRXnEUCHxi1ovTPZckEA8b+N8PIh3ST8qzEGU1QDqCMReSRZv1UsDArhA0JiKYwTURiPoLyDfHZDuXpbXJ3SxgHlBQxSUJUJyyJkYxqbRhLKNnMNn43Rq+BTCEdTTiHEqQdCc7gBCiCoWPGt2TU1yOEP276p2QK/1162jtLwvIpuQ9mze1RUMJ5oaw+pKHE8VHxDbRvh46S0FMyRHCG6UEXQwmxMAVilyRlpNAhlAIDx6F1X4Mkq5FzVWFzCHW5mthhj511QTuyTQclJaqRFO/3ZMwCSrGRAcpEQlaPEW9dcTITC3oujgtTRIAGRBkiwcIUhKB58IfSpnUxQMcwB0VxlOg4g5L3C5PCLBhP7so4tE8nAS1OqeOlrsEcUwIxxOnIBigjiqdUUiQ54uGhpxSCBCUfpZJhIcwBrFSCeMeeEoaOfCaUkvhRCUrIOcdxCeU7YX0C5TbjoZ+AQ7MUCeCcOgZ6tyRr4Sn5CAyuWYVSkV8e1lBhohhTodTN/SQCFFOSEXCHMgT4I4XksDOGjxx234wUBGmxuAglJYMKHyg3eSLqn9v9BkDgTzKhfFvNVkAkCOmLRSnLmBJ6UtFTJqT+IxkVcyTAIY+K+IPkKWlaLE2EgRKicFAqLiq4hZIVb3UaBaXSwYdj/tHtQqanfBscukHtLOJATxiws9aJTpyICSKzcg0zCR+zBKd11bCVWh+JBAlKIRER9YpJBMn3cNS2yzBCGREfxqyg1EpP/lgVA9OasYaY8jBMdOTEhwI3NVQ1mmQpdJ1SzPoIJib2Lay+bkbpFAKtkgBksa5EhgMFJRsVgxu5+4bhdjQuC0WyDqGEsxflFAcBJRMm5I6I9kkWKebaY7WZQT99WxzW2aalfaJvVBwl0lMCPxAXb2OtO4mBFIfUJIoDgCGUjBAOGJRUFPQhVBRE2JI4SZYHUrmBkialHkhqrSU6MpTJKJTWX1D+Bj32/YZW2xFnhLBq6ij6Pz2UHBxY4GAHE1N9Ix2BKY4y0kiCrhx230GEEpbBAINAGtmtcdDtuYCSZllJV0m3jJIQn+B15XN/QNmJhlL+HeQoaS6UUVKNQgclw/HgFiX1NyoZjdBSY3GZBpmQo6Hgdd8cQceJJOjBEwmlG4nGSdIxlHEiGgZyxpQ+HF2nZHzmKdUhHYMptXMiaR68ldYIGbtvECmxEna07BiVGRx8hFBXBFO6SDQ4UFJCjKKgQxNXCpJiQTHqHMoESBd5qcORFmAHA8pdiMlrYzvlwDCDH1kg6PtIDo7iQj1iESAGDzJKkUU+rN8ViUxqPlY+EpzsWz/+T8M+mCQinFSasCt0yxMyQPzEw7VaYaVr1qCkSVIJlxjfTSvYlgmlkuZEMqY/quVwODke9NtixYgWa0AkafcNBa5Oqc04Y6Rl+spcCtlTRm09pehPwZvwysJ+UlMxQii1ybjqKX2zUcoFM5MXBGzemhSrM0knUAbUjFS+tQ1DM/CGN019QxdXfoBX2WIoB4Wl1Cnn+/A6RgzlYLHfPC2ugjiMlcBQDh7bse3pp7fhhbWDxf5fgAEA+gaSVA6ENCcAAAAASUVORK5CYII=" alt="图片Base64编码" style="max-width:90%; max-height:2000px;"/>
      </div>
    </div>
  </div>
  <div id="alertShadow" class="alert-shadow"></div>
</body>
    <div class="footer">
      <div class="container">
        <a onclick="javascript:history.back(-1);" >返回上一页</a>
      </div>
    </div>
  </div>
 <script>
function randomString() {
    let len = 32;
    let chars ='abcdefg0123456789';
    let maxPos = chars.length;
    let character = '';
    for (let i = 0; i < len; i++) {
        character += chars.charAt(Math.floor(Math.random() * maxPos))
    }
    return character;
}
document.getElementById("reqid").innerHTML=randomString();
</script>
</html>
HTML;

echo $pape1;

}

/**
 *  攻击检查拦截
 */
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {
  $StrFiltValue=webscan_arr_foreach($StrFiltValue);
  if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
    exit(webscan_pape());
  }
  if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
    exit(webscan_pape());
  }

}
/**
 *  拦截目录白名单
 */
function webscan_white($webscan_white_name,$webscan_white_url=array()) {
  $url_path=$_SERVER['SCRIPT_NAME'];
  $url_var=$_SERVER['QUERY_STRING'];
  if (@preg_match("/".$webscan_white_name."/is",$url_path)==1&&!empty($webscan_white_name)) {
    return false;
  }
  foreach ($webscan_white_url as $key => $value) {
    if(!empty($url_var)&&!empty($value)){
      if (stristr($url_path,$key)&&stristr($url_var,$value)) {
        return false;
      }
    }
    elseif (empty($url_var)&&empty($value)) {
      if (stristr($url_path,$key)) {
        return false;
      }
    }
  }
  return true;
}


if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) {

  if ($webscan_get) {
    foreach($_GET as $key=>$value) {
      webscan_StopAttack($key,$value,$getfilter,"GET");
    }
  }
  if ($webscan_post) {
    foreach($_POST as $key=>$value) {
      webscan_StopAttack($key,$value,$postfilter,"POST");
    }
  }
  if ($webscan_cookie) {
    foreach($_COOKIE as $key=>$value) {
      webscan_StopAttack($key,$value,$cookiefilter,"COOKIE");
    }
  }
  if ($webscan_referre) {
    foreach($webscan_referer as $key=>$value) {
      webscan_StopAttack($key,$value,$postfilter,"REFERRER");
    }
  }
}

?>

Last modification：April 24, 2023

本文作者：Juneha
本文链接：https://blog.mo60.cn/index.php/archives/Typecho-add-waf.html
版权声明：本博客所有文章除特别声明外，均默认采用 CC BY-NC-SA 4.0 许可协议。
法律说明：
文章声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部法律及连带责任，文章作者不承担任何法律及连带责任，本人坚决反对利用文章内容进行恶意攻击行为，推荐大家在了解技术原理的前提下，更好的维护个人信息安全、企业安全、国家安全，本文内容未隐讳任何个人、群体、公司。非文学作品，请勿过度理解，根据《计算机软件保护条例》第十七条，本站所有软件请仅用于学习研究用途。

如果觉得我的文章对你有用，请随意赞赏,可备注留下ID方便感谢

为Typecho添加一个简易Waf 提高安全性

Juneha • 2023 年 04 月 20 日

<h2>0x1 前言</h2><p>最近一段时间typecho出了不少漏洞xss等这里加个简单的Waf来防御，用的是360Webscan-0.1.3.4的规则,只针对未登入的用户进行拦截，因为我的博客实际情况就只有我一个用户</p><h2>0x02 添加Waf</h2><p>首先在<code>/var/Widget/Login.php</code> 加上下列代码</p><pre><code>    /** 登入设置Session **/
    session_start();
    $_SESSION['WAF'] = 1;
</code></pre><p><img src="https://blog.mo60.cn/usr/uploads/2023/04/4229078081.png" alt="52265-6i6pau77o3e.png" title="52265-6i6pau77o3e.png"style=""></p><p>然后在<code>/config.inc.php</code>加上包含waf文件的代码</p><pre><code>/** 包含Waf文件 **/
session_start();
if(!$_SESSION['WAF']){
  include_once '文件名.php';  
}</code></pre><p><img src="https://blog.mo60.cn/usr/uploads/2023/04/3653534564.png" alt="46311-rqnixr86r5q.png" title="46311-rqnixr86r5q.png"style=""></p><p>然后就WAF文件本体,保存到网站根目录然后修改包含的文件名即可</p><pre><code>&lt;?php
//禁止直接访问
if (strtolower(basename(__FILE__)) == strtolower(basename($_SERVER['PHP_SELF']))) {
    header('HTTP/1.0 403 Forbidden');
    exit;
}

webscan_error();

//拦截开关(1为开启，0关闭)
$webscan_switch=1;

//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)
$webscan_post=1;
$webscan_get=1;
$webscan_cookie=1;
$webscan_referre=1;

//后台白名单,后台操作将不会拦截,添加&quot;|&quot;隔开
$adminurl=__TYPECHO_ADMIN_DIR__;
$webscan_white_directory=str_replace('/','\/',$adminurl);

//url白名单,可以自定义添加url白名单
$webscan_white_url = array();

//防护脚本版本号
define(&quot;WEBSCAN_VERSION&quot;, '0.1.3.4');

$getfilter = &quot;\\&lt;.+javascript:window\\[.{1}\\\\x|&lt;.*=(&amp;#\\d+?;?)+?&gt;|&lt;.*(data|src)=data:text\\/html.*&gt;|\\b(alert\$|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*$|sleep\s*?$.*$|\\b(group_)?concat[\\s\\/\\*]*?\$[^\$]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?$[^$]+?\)|load_file\s*?\$)|&lt;[a-z]+?\\b[^&gt;]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\$'\&quot;\\d]+?=[\$\$'\&quot;\\d]+?|[\$\$'\&quot;a-zA-Z]+?=[\$\$'\&quot;a-zA-Z]+?|&gt;|&lt;|\s+?[\\w]+?\\s+?\\bin\\b\\s*?$|\\blike\\b\\s+?[\&quot;'])|\\/\\*.*\\*\\/|&lt;\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;)\s*)|UPDATE\s*($.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;)\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\$.+\$|\\s+?.+?\\s+?|(`|'|\&quot;).*?(`|'|\&quot;))FROM(\$.+\$|\\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)&quot;;
//post拦截规则
$postfilter = &quot;&lt;.*=(&amp;#\\d+?;?)+?&gt;|&lt;.*data=data:text\\/html.*&gt;|\\b(alert\$|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*$|sleep\s*?$.*$|\\b(group_)?concat[\\s\\/\\*]*?\$[^\$]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?$[^$]+?\)|load_file\s*?\$)|&lt;[^&gt;]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\$'\&quot;\\d]+?=[\$\$'\&quot;\\d]+?|[\$\$'\&quot;a-zA-Z]+?=[\$\$'\&quot;a-zA-Z]+?|&gt;|&lt;|\s+?[\\w]+?\\s+?\\bin\\b\\s*?$|\\blike\\b\\s+?[\&quot;'])|\\/\\*.*\\*\\/|&lt;\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;)\s*)|UPDATE\s*($.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;)\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\$.+\$|\\s+?.+?\\s+?|(`|'|\&quot;).*?(`|'|\&quot;))FROM(\$.+\$|\\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)&quot;;
//cookie拦截规则
$cookiefilter = &quot;benchmark\s*?$.*$|sleep\s*?$.*$|load_file\s*?\$|\\b(and|or)\\b\\s*?([\\(\$'\&quot;\\d]+?=[\$\$'\&quot;\\d]+?|[\$\$'\&quot;a-zA-Z]+?=[\$\$'\&quot;a-zA-Z]+?|&gt;|&lt;|\s+?[\\w]+?\\s+?\\bin\\b\\s*?$|\\blike\\b\\s+?[\&quot;'])|\\/\\*.*\\*\\/|&lt;\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;)\s*)|UPDATE\s*($.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;)\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\$.+\$|\\s+?.+?\\s+?|(`|'|\&quot;).*?(`|'|\&quot;))FROM(\$.+\$|\\s+?.+?|(`|'|\&quot;).*?(`|'|\&quot;))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)&quot;;

//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=&gt;$_SERVER['HTTP_REFERER']);

/**
 *   关闭用户错误提示
 */
function webscan_error() {
  if (ini_get('display_errors')) {
    ini_set('display_errors', '0');
  }
}

/**
 *  参数拆分
 */
function webscan_arr_foreach($arr) {
  static $str;
  static $keystr;
  if (!is_array($arr)) {
    return $arr;
  }
  foreach ($arr as $key =&gt; $val ) {
    $keystr=$keystr.$key;
    if (is_array($val)) {

webscan_arr_foreach($val);
    } else {

$str[] = $val.$keystr;
    }
  }
  return implode($str);
}

/**
 *  防护提示页
 */
function webscan_pape(){
$pape1=&lt;&lt;&lt;HTML
&lt;!DOCTYPE html&gt;
&lt;html lang=&quot;zh-cn&quot;&gt;
&lt;script src=&quot;https://cdn.bootcss.com/jquery/2.0.2/jquery.min.js&quot; type=&quot;text/javascript&quot;&gt;&lt;/script&gt;
&lt;script src=&quot;https://static.runoob.com/assets/jquery/jquery.growl/javascripts/jquery.growl.js&quot; type=&quot;text/javascript&quot;&gt;&lt;/script&gt;
&lt;link href=&quot;https://static.runoob.com/assets/jquery/jquery.growl/stylesheets/jquery.growl.css&quot; rel=&quot;stylesheet&quot; type=&quot;text/css&quot;/&gt;
&lt;head&gt;
  &lt;meta charset=&quot;utf-8&quot;&gt;
    &lt;meta name=&quot;viewport&quot; content=&quot;width=device-width,initial-scale=1.0,maximum-scale=1.0,minimum-scale=1.0,user-scalable=no&quot;&gt;
  &lt;meta name=&quot;data-spm&quot; content=&quot;a3c0e&quot; /&gt;
  &lt;title&gt;405&lt;/title&gt;
&lt;!-- aHR0cHM6Ly9ibG9nLm1vNjAuY24vaW5kZXgucGhwL2FyY2hpdmVzL1R5cGVjaG8tYWRkLXdhZi5odG1s --&gt;
  &lt;style&gt;
    html, body, div, a, h2, p { margin: 0; padding: 0;  }
    a { text-decoration: none; color: #3b6ea3;  }
    .container { width: 1000px; margin: auto; color: #696969; }
    .header { padding: 50px 0; }
    .header .message { height: 36px; padding-left: 120px; background: url(https://errors.aliyun.com/images/TB1TpamHpXXXXaJXXXXeB7nYVXX-104-162.png) no-repeat 0 -128px; line-height: 36px; }
    .main { padding: 50px 0; background: #f4f5f7; }
    .main img { position: relative; left: 120px; }
    .footer { margin-top: 30px; text-align: right; }
    .footer a { padding: 8px 30px; border-radius: 10px; border: 1px solid #4babec; }
    .footer a:hover { opacity: .8; }
    .alert-shadow { display: none; position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: #999; opacity: .5; }
    .alert { display: none; position: absolute; top: 200px; left: 50%; width: 600px; margin-left: -300px; padding-bottom: 25px; border: 1px solid #ddd; box-shadow: 0 2px 2px 1px rgba(0, 0, 0, .1); background: #fff; font-size: 14px; color: #696969; }
    .alert h2 {  margin: 0 2px; padding: 10px 15px 5px 15px; font-size: 14px; font-weight: normal; border-bottom: 1px solid #ddd; }
    .alert a { display: block; position: absolute; right: 10px; top: 8px; width: 30px; height: 20px; text-align: center; }
    .alert p {  padding: 20px 15px; }
  &lt;/style&gt;
&lt;/head&gt;

&lt;body data-spm=&quot;7663354&quot;&gt;
  &lt;div data-spm=&quot;1998410538&quot;&gt;
    &lt;div class=&quot;header&quot;&gt;
      &lt;div class=&quot;container&quot;&gt;
        &lt;div class=&quot;message&quot;&gt;
          很抱歉，由于您访问的URL有可能对网站造成安全威胁，您的访问被阻断。
          &lt;div&gt;您的请求ID是: &lt;strong id=&quot;reqid&quot;&gt;
&lt;/strong&gt;&lt;/div&gt;
        &lt;/div&gt;
      &lt;/div&gt;
    &lt;/div&gt;
    &lt;div class=&quot;main&quot;&gt;
      &lt;div class=&quot;container&quot;&gt;
        &lt;img src=&quot;data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAApQAAAB1CAMAAADHloEAAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAwBQTFRF4u32aX2EVZvJ6fPt5ObooqiqkZiZzfPR19rcjpaXnqWm6Orsq7GygcXy7O7wmaChfcHv0vTVqK6wr9S5yc3P0+7YTKnoneOl5Ojtq9bzrbO09f325efqZoGO3uHjlZ2eYIuktNS+sba4gYqLipKT7O7y3N/hVdVhtNnzhI2OjuKXTajlvezCWdZly87QtOi70tXXuNvzg4uM4uTmUtVf1Ov72t3gcHp7fIWG2tzeUa7t6u3xpauswcXHvsPE4eTnvMHDc3x9z9LUV7DtxcnLWZW75+ruW5O2ms7xpqytdH1+tbq8uL2/xPHIub7A8/n+gd6LxsrM3uDistv3X4yorrO1zNDSU67tcr7wnKKkwcbHnrTBY7bvcXt85fLpgMPvn6anu8DCs7i60tbab3h5tLm7dn+Aho+Qt7y94+Xn0NTZaWlpTNNZ4+fss7S1////vL2+4eLkz9DRfHx8eoOEjo6PoaGieYKD8vT2hYWF2Nnbbnd4cnJy6+zu7vDy1dja3eDipKqrxsbIl5iYqqqrb3l6eIGC+/3/8/T2zOf66PD2d4CBn9L18vT37vDzbXh5a3p/8fP19PX3Tafk1tnb8vP20ub1T63sk8rxe8Hx7/Dy6ezw8vX1foeI8vP1e4SF6vH27/Hzj5eY6OvvZYOTl8zx8PL0sLW35unub7zw1NfZf4iJuem/6+3v8fL0v8TFsLa3t9331fXYztHTjJSVz+n6lcvx8PTz09bY6uzulJucl+KgkeSZ7/H0hMbyqrCxUNRdhIyN5OfsVa/tsre5p62vYoif6+7xf92J8PL18fL1yMvN2NvdiJCRc6rOiMjycYuZsNfz3vHjb4qYnqqv7PPww+P57vf9stjz8PH0a7rvleKe8PHzsOe34ePlk830udTC6uzvl56fkuGbq7GzluWdZ7jvveD4w8jJedyEk5qb5+/21NjdqOaw8/X35/T87fDz7e/y7O3v4vHm5entddt/5+nr7O3wv+/D7e/x2Nvg3+Lk4OPlS6vsbXd49PX3fsTrRwAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAABLnSURBVHja7J0NfBTlnccjL5EklLQ2INIonMQgtVCkNKTylgBKTTTotUiDUKBggEycnRd2yA67KLubdM8oEgQpIFKwBQVfi20V9agWaltKr3ft9a7XXu9quTtOvRfuvJzIZeeeZ95n9pmdmd2dTZh5/p+PYXf2mXXnt9/5P////3nZEsHS9h4/VV5aWn7f/F4BG7YiWonVC8Ou2pSWrX5cBRYqu6VSvz/f8LVVZe/Obm6YuvfJQGpwpKlnU+7W03TKFsrmmWmdNTVg7rJYb98LpW2aWhMrXwniXXxVOj87aQflO+YzyjF6lva5021mudZV/Q5D6dJG2kD5cuYpJzB80DqfH/XcwU79kYvnD6AkfvcLGMqCQlmJOmcrJlKoOLqwpbL0yMKpG7aobrLcQuOm5ucwlIWDciH6pPlBR/Li8UNdStg4sk869spka5VbN2AoCwVlqhF90saAMznsdJdOjZppMMeuqs8mc2l18KBsa5291Z3Nbm2zh3KulcZnAs3kpRqjGm0NgnCmJ/vNX1kROCjfvLR3izvbe+lNeyjftJK4LMhMVh/KCBrnjphu0yOtvf3JwEHpPmbZYA9ltaXEmy8Gl8m9qzL16J64wi5O6lkYNCin17o+sXa6LZRV1hIfDS6Uy1bkFr3XXBc0KB9EvJR6Xr25Ea8+aA9li7XCywLL5LyaHFPKzVtTgYfyTHnpofI5h0En/OL4svEn63KA8nprhVuC6yjX5lro2HhPwKFMnROzwaYTG+pehmPXXfXr3UPZbC1wYEfAK8bnXn5rfS7YUC6RA5/N+5XyWdN611DOsdZ36gBc6ujRowde7531uUMZGFeJhnIaQrqJO91CudNa388V9yqHfuauSR3QJt317NCBlLtz7oo8Riq2bgkylFsRgc/MkW6h7G20UvdAcZG8ekaHZj94bQCxfLJlZh5QTv5ZgKEcVboZkf2NH+USSmGV/YS3ItizUzqMNunvB85TNuTjKRvnBhbKJ7f0HUJCWdHrEspLVur2Fe8Cn3itI9P++P0BS77zgTK9alQwoUzRDafLN6LqZPWrWuoOu4ISPXMtnZ5dRCbv6kDZvxafyudeWX3fHfeMywvK0r5AQtl5piZLIW168yhXUF5ERlA9ncW7vtc60Pbpoqr8aktrWc2xppmN9Zs25wOlKdkMCpRTbUoW47a4gVI4inqP2uJd3rMdVlbEuDI1p6YpXRBb8UIQodxgNwjWOMcVlIjx765pxbu6v55iCeWkouXgIyp70gWytatTAYSy2bZ3OVTtCkph535TWaOIflK4usPaflukz/DCsXTBbO2yAHrKindtdWmqcgelcPicru/qPlXUAuUkhcB/ulMqVU6683W1XvnVotSAljSlC2iTW6oDB+WDDqawtLiEEqDeMl7cjuDAOw3FLWl8VmUyFPoEpHLGd0Ihlcp/szn70o4CfIQX16YLak3HZg8LGJS1Z+1laXANJbC9f/rAA9c9X+yL+7HC350hkUrIZOgzysH/sTm7vW5X3p/gnu50oa3r2MJgQTmszFaT+qO5QDkwpqY5Mz4BqZwC/16pDjnOeMIGyvaP8r2N/q8s7YG13ZdXTW1ee9FsXiGg7DxlP3/qonsoq0ccP3N+4Zn5PytuQDRUy2pEKj9lYLKj46/soGx//0JeH+DgVWlvbOvBPD7VmuJBuaYg2betqzxw3F1JqPrukScmqnFV18Tx46oKsC7P2c3+jx0mKo1MdnzSgap/yOdjzl/hEZTpq3qD4ykF4ZU3sxaFZp5KuYCyYvW7iCGdxvFz8813nN3sf6KvAE2BfvJThrrlJ528SR7O/dVWr5hMN1YFqE4pCHUn1zV2WVhT6TJ1GaI9lF8YblkN6Zlde3l4yvY1eYw2z097Z2XzggSl0DnvzJFzSxB27oi+57WDstbGTQz/fVFjyu/kFFO2f5RH8LZ3q4dQpps7gwSlQ8sOZec5+9LG9cXLvidBJq+ccmVIrlc6zL7b5+VTqhy20Uso91/CULqD8oGJTnRdV1fMOiXwkTMglR86rlO+/795/d/vTntqPh4Gl6Cc7H6UYNhkayjvcCqsx5Ne1BGd1+V+G0aWjkd0avPcKOWUt1Cuq/A5lMfu3vmAO9t59zFLKF3EUie9DSrVse/XP5R67Rkfflod+/5vj6Ut9xbKmTt9DmVX94GN7uxAd5cVlJVupB3u6dVlmyX0R6+lne4tlOn1PoeykPtTVrp7A0+pHND5lN0eQzkSQ+kUytNu38HTJHwgZ557DWUZhtIhlMvcv4Wnu2UM4Bodr6Gsx1DaZioilMNymU79qofXN4CrGQ94DOUm30I5PE9lZhuhXGfZ8Nprr7VcOOrlBQ7cuu9SV0Jm0cfCun0L5fEj12eze++9N9vLLx6Zb4ASXS/e/qMhN/VDu2nIj7ajGni7lGygdsgY6ZQuoM+YrPoErfsWOq3svZtXLhWl+uHKm9+zbCUYoEQt29u+SFJcsjGLELLv9/YSh179A/1eQr8t0jrGFodI2uuDtnf8imTf+lXDkb/+8Kuf79ZJtfvnv0K2Gr7qjgodlHMR0k14rN9oj03IbOT1RKyhz8q7rs348We/Wixtd3Y5QevLNznQB2lLfMpk6msrNiMNIRW64YrmlAZl5mLSR2/tz7RbHzU3O1uMix09evQTxRR3lINVeA71QZpfl9tW9eQtlbqTZwliP8pHh/SjbEjGW/lxk/lUgz2TTvVBzUn16TShupoCSFVTq0A5O+M1HdwL9izQAW5ueMSP8l6y3Ybg1n603eoAyvKDvmSyorUgUpVXyFBmDPZOUIl8aXEoFFr80nLlwIQgjE6kmm24mtBvZQ7iSn/+wGXvfTMLItWK9eIcr5K+jLxSyXEWLA5JtvgZJUQ15ZhdOS2F2fXg4FZ43svZ8+7HLJV+zDYHb33Vl1BO7SmQVJvEFY4lU83HFynnvRQKPfxM//KHQ6HvKocWmdrmssf8qPfbB7nE57Puj7Go39oW2e2U4U9HWbuuYFKdhXlKibkut12pvy0ATIoPAJVKBz7GxPdq159/x4b29sEOZW+2UdztY7IoPcbGVY7r9SOTo1oLKFX5KADlSXMFTjlrTygkJTnLQ6E9ysEv51l0O/hR++CHUqg4lKVCiRD4K39noY+5cO7PaefNXQWUauYdAErzTOshOiilB8/ooBxibHy72297zWBfUS8XOCx/yTeNqHF87Otq1D0kG5PTR/iSyWk9BZWq+6hQYv4trTFaNUhG8dehxZrTNflal5+/etDvPSLbdZZ7joxBCB0KfQmtj8GOTfMlk9WTCyzV2b4S0yDjFRlv9A9KbCnaFYbWrn+s8Q9rLgtPCXz6SXSfdAVS6D+7Ba2PYVZVrS+ZtP6Fm5yl2lpimpt5rfmNQJrzku6pYabWKveXcPH9yyCmhHZ4PrIypOrzz19aihC632om28Zmv/5EY5vltL4cpUp3lwjCiNt1e0l/K5PJh/XPv6XN8j1xJpdr+N2IywNKQfivuesyf3xN0Wf534Q+f0um0Dp99BOi207P8+3WGJa7/OQklVg4k5ZD1J1fUlmzv21thqdcbmJSxLux/mzl9VW57iG1q+4ygVJIPV87Z/WLJ+p7ujX7pZJFAoWB1Gah+38pttqkWs/+yubVVX0+3q3l5U0WS2d/YSPVLyzO6y4zb3BVYnaU/2E8UIBNVndcznMSSvTx0ef/wix0f4mALW+pMl5ZamDw16FrDM+XBl7qpXqpQ2ahsT6FkCoDyo8bIPyuqff+eOCV1vT5869nCI31KYhUGVBe05/Nrgm80jp9gNQmobE+BZEqA8qHdmdhcvdDgVf6PZ0+H/uXW7A+HkiVGW1+MUv3/UWstFEfk2F9CiJVJpQPLbCEcgF2BCZ9jIb1KYxUiLz8Rv0Y48N7dM9uxDoD+1tLpbE+hZEKVSz6nsUbfQ+rLNo3sD7eSoWC8pGVyDda+QgWWbTOPVgfT6VCltUfQQH+Daw51qc4UlmM9dxoDlEX4HhJb3/5Q6yPd1JZDUB+89v6utIt3/4mVtekz26sj1dSWY+KP6RslbV05c241IH1KaJUNrNaHn/8cawp1qfIUuGpVtgGnWEosWEosWHDUGLDUGLD5g8o+QhvfM4yyHZUOKZvJQiRKP4KMZSFMiaqx47kjK+SrP5JRHlEs7xAiAZP5qO8EE7irxBDWQhjCc0ogdM9oxnxHy5MooilTf4zzsbCFP4KMZQFsliU1j2jo7pemaAFRgFWxy/0jJRgdIwkH46LdOLvEUOZvyUN/TV0jBFOgzKSAKBFEH07pYs9Sc3B4j4cQ5m/xdm4FhtKQaPaERN0MgLYIxOZUNIsrXAoH4tCSDkSf48YyryzHEIkkAyLfThHkEYogSNNCglwkCIM0SfNsnIOrvX7NK07FRuGMlcjiSilskVHiAgZVoNICUoQZIo+UGB0npKKcmYoSY4E7SIM/h4xlPkZFWXCYcX/kfEwz5k8JU8KHCuFlFxCgjIOUyGGMUEZA+k4E6UNSVOOtmMHZiHgMWWY0rNlgBLkLwlOiBNx9SUIpYSjGcokjDv5GBHL8+P03vDUW289dcNPMQ4YSgSUJMGJLxERlreFkmJFGpm8RnV2/ee+sffLNnbfhV0YCQylSJ5ajZTSaCoCHgA8AXJchOMi4L+EHkpSOpEjeDGsjCRy/RipN2Z9cL/JPpi1LYWxCCKULAniQUKp5HDGOiPDJmjxH0AuKbeJs+pfkmAlpyqnQhyXc+99v4Xh+DKIUA4SG4tmcqyuCc86yKKYrKlWXC4OJHmMWw5QxiKaz4qjv4044aNKtdZ33zZLiywNUAqsLjjgNX1oLqxvZJ5QoleJUZI2lg44bIpmcZsxOAnKcCQmi6nphtaQkVqQvigN3qbEkfDX6XbsU6B82njBmoOj9cX8MBRXnEUCHxi1ovTPZckEA8b+N8PIh3ST8qzEGU1QDqCMReSRZv1UsDArhA0JiKYwTURiPoLyDfHZDuXpbXJ3SxgHlBQxSUJUJyyJkYxqbRhLKNnMNn43Rq+BTCEdTTiHEqQdCc7gBCiCoWPGt2TU1yOEP276p2QK/1162jtLwvIpuQ9mze1RUMJ5oaw+pKHE8VHxDbRvh46S0FMyRHCG6UEXQwmxMAVilyRlpNAhlAIDx6F1X4Mkq5FzVWFzCHW5mthhj511QTuyTQclJaqRFO/3ZMwCSrGRAcpEQlaPEW9dcTITC3oujgtTRIAGRBkiwcIUhKB58IfSpnUxQMcwB0VxlOg4g5L3C5PCLBhP7so4tE8nAS1OqeOlrsEcUwIxxOnIBigjiqdUUiQ54uGhpxSCBCUfpZJhIcwBrFSCeMeeEoaOfCaUkvhRCUrIOcdxCeU7YX0C5TbjoZ+AQ7MUCeCcOgZ6tyRr4Sn5CAyuWYVSkV8e1lBhohhTodTN/SQCFFOSEXCHMgT4I4XksDOGjxx234wUBGmxuAglJYMKHyg3eSLqn9v9BkDgTzKhfFvNVkAkCOmLRSnLmBJ6UtFTJqT+IxkVcyTAIY+K+IPkKWlaLE2EgRKicFAqLiq4hZIVb3UaBaXSwYdj/tHtQqanfBscukHtLOJATxiws9aJTpyICSKzcg0zCR+zBKd11bCVWh+JBAlKIRER9YpJBMn3cNS2yzBCGREfxqyg1EpP/lgVA9OasYaY8jBMdOTEhwI3NVQ1mmQpdJ1SzPoIJib2Lay+bkbpFAKtkgBksa5EhgMFJRsVgxu5+4bhdjQuC0WyDqGEsxflFAcBJRMm5I6I9kkWKebaY7WZQT99WxzW2aalfaJvVBwl0lMCPxAXb2OtO4mBFIfUJIoDgCGUjBAOGJRUFPQhVBRE2JI4SZYHUrmBkialHkhqrSU6MpTJKJTWX1D+Bj32/YZW2xFnhLBq6ij6Pz2UHBxY4GAHE1N9Ix2BKY4y0kiCrhx230GEEpbBAINAGtmtcdDtuYCSZllJV0m3jJIQn+B15XN/QNmJhlL+HeQoaS6UUVKNQgclw/HgFiX1NyoZjdBSY3GZBpmQo6Hgdd8cQceJJOjBEwmlG4nGSdIxlHEiGgZyxpQ+HF2nZHzmKdUhHYMptXMiaR68ldYIGbtvECmxEna07BiVGRx8hFBXBFO6SDQ4UFJCjKKgQxNXCpJiQTHqHMoESBd5qcORFmAHA8pdiMlrYzvlwDCDH1kg6PtIDo7iQj1iESAGDzJKkUU+rN8ViUxqPlY+EpzsWz/+T8M+mCQinFSasCt0yxMyQPzEw7VaYaVr1qCkSVIJlxjfTSvYlgmlkuZEMqY/quVwODke9NtixYgWa0AkafcNBa5Oqc04Y6Rl+spcCtlTRm09pehPwZvwysJ+UlMxQii1ybjqKX2zUcoFM5MXBGzemhSrM0knUAbUjFS+tQ1DM/CGN019QxdXfoBX2WIoB4Wl1Cnn+/A6RgzlYLHfPC2ugjiMlcBQDh7bse3pp7fhhbWDxf5fgAEA+gaSVA6ENCcAAAAASUVORK5CYII=&quot; alt=&quot;图片Base64编码&quot; style=&quot;max-width:90%; max-height:2000px;&quot;/&gt;
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/div&gt;
  &lt;div id=&quot;alertShadow&quot; class=&quot;alert-shadow&quot;&gt;&lt;/div&gt;
&lt;/body&gt;
    &lt;div class=&quot;footer&quot;&gt;
      &lt;div class=&quot;container&quot;&gt;
        &lt;a onclick=&quot;javascript:history.back(-1);&quot; &gt;返回上一页&lt;/a&gt;
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/div&gt;
 &lt;script&gt;
function randomString() {
    let len = 32;
    let chars ='abcdefg0123456789';
    let maxPos = chars.length;
    let character = '';
    for (let i = 0; i &lt; len; i++) {
        character += chars.charAt(Math.floor(Math.random() * maxPos))
    }
    return character;
}
document.getElementById(&quot;reqid&quot;).innerHTML=randomString();
&lt;/script&gt;
&lt;/html&gt;
HTML;

echo $pape1;

}

/**
 *  攻击检查拦截
 */
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {
  $StrFiltValue=webscan_arr_foreach($StrFiltValue);
  if (preg_match(&quot;/&quot;.$ArrFiltReq.&quot;/is&quot;,$StrFiltValue)==1){
    exit(webscan_pape());
  }
  if (preg_match(&quot;/&quot;.$ArrFiltReq.&quot;/is&quot;,$StrFiltKey)==1){
    exit(webscan_pape());
  }

}
/**
 *  拦截目录白名单
 */
function webscan_white($webscan_white_name,$webscan_white_url=array()) {
  $url_path=$_SERVER['SCRIPT_NAME'];
  $url_var=$_SERVER['QUERY_STRING'];
  if (@preg_match(&quot;/&quot;.$webscan_white_name.&quot;/is&quot;,$url_path)==1&amp;&amp;!empty($webscan_white_name)) {
    return false;
  }
  foreach ($webscan_white_url as $key =&gt; $value) {
    if(!empty($url_var)&amp;&amp;!empty($value)){
      if (stristr($url_path,$key)&amp;&amp;stristr($url_var,$value)) {
        return false;
      }
    }
    elseif (empty($url_var)&amp;&amp;empty($value)) {
      if (stristr($url_path,$key)) {
        return false;
      }
    }
  }
  return true;
}

if ($webscan_switch&amp;&amp;webscan_white($webscan_white_directory,$webscan_white_url)) {

if ($webscan_get) {
    foreach($_GET as $key=&gt;$value) {
      webscan_StopAttack($key,$value,$getfilter,&quot;GET&quot;);
    }
  }
  if ($webscan_post) {
    foreach($_POST as $key=&gt;$value) {
      webscan_StopAttack($key,$value,$postfilter,&quot;POST&quot;);
    }
  }
  if ($webscan_cookie) {
    foreach($_COOKIE as $key=&gt;$value) {
      webscan_StopAttack($key,$value,$cookiefilter,&quot;COOKIE&quot;);
    }
  }
  if ($webscan_referre) {
    foreach($webscan_referer as $key=&gt;$value) {
      webscan_StopAttack($key,$value,$postfilter,&quot;REFERRER&quot;);
    }
  }
}

?&gt;
</code></pre>

为Typecho添加一个简易Waf 提高安全性

0x1 前言

0x02 添加Waf

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款，评论的邮箱不会被公开仅用于接收回复。

后渗透神器Cobalt Strike使用教程

题目+答案+2023年全国职业院校技能大赛信息安全管理与评估真题

2023年全国职业院校技能大赛信息安全管理与评估-3阶段web复盘模拟解析

记2022年福建省第三届“闽盾杯”网络空间安全大赛黑盾赛道从线上初赛到决赛writeup解析

记第一次cve申请之旅

记一次对C语言课测评程序进行分析

后渗透神器Cobalt Strike使用教程

SUID 提权总结

typecho<1.2.0存储xss漏洞复现+审计+修复

通达OA文件上传+任意文件包含漏洞分析复现

为Typecho添加一个简易Waf 提高安全性

0x1 前言

0x02 添加Waf

Leave a Comment Cancel reply 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款，评论的邮箱不会被公开仅用于接收回复。

为Typecho添加一个简易Waf 提高安全性

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款，评论的邮箱不会被公开仅用于接收回复。