|
这项规则,控制用户的能力,上传到网站.
以下是代码片段:
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">###Section - Site Upload Rules # This rule is needed to allow upload to the sites SecFilterSelective HTTP_Content-Type "multipart/form-data" "allow"</span>###名科工地上传#规则,这条规则必须允许上传到网站secfilterselectivehttp_content型"multipart/form-data","允许" </span> | 这些规则过滤掉企图注入未经许可SQL语句变成请求参数
以下是代码片段:
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">###Section - SQL Injection # Classic injection protection SecFilter "'" SecFilter "\"" # Very crude filters to prevent SQL injection attacks #SecFilter "delete[[:space:]]+from" #SecFilter "insert[[:space:]]+into" #SecFilter "update[[:space:]]+set" #SecFilter "select.+from" # MS SQL specific SQL injection attacks SecFilter xp_enumdsn SecFilter xp_filelist SecFilter xp_availablemedia SecFilter xp_cmdshell SecFilter xp_regread SecFilter xp_regwrite SecFilter xp_regdeletekey</span>###名科SQL注入#经典注射保护secfilter"'"secfilter"\""#粗略的过滤器,以防止SQL注入袭击#secfilter"删除[:space:]+"#secfilter"插入[:space:]+"#secfilter"更新[:space:]+集"#secfilter"责.+"#mssql特定SQL注入攻击secfilterxp_enumdsnsecfilterxp_filelistsecfiltersecfilterxp_availablemediaxp_cmdshellsecfiltersecfilterxp_regreadxp_regwritesecfilterxp_regdeletekey </span> |
这些规则过滤掉企图擅自投入到剧本的请求参数.
以下是代码片段:
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">###Section - Cross Site Scripting # XSS attacks SecFilter "<[[:space:]]*script" # Weaker XSS protection ( allows common HTML tags ) SecFilter "<[[:space:]]*script"</span>###科--跨站点脚本#xss攻击secfilter"<[[:空间:]*剧本"#较弱xss保护(allowscommonHTML标记)secfilter"<[[:空间:]*剧本" </span> |
这些过滤掉企图非法穿越主机系统.
以下是代码片段:
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">###Section - Path Traversal SecFilter "\.\./" SecFilterSelective "THE_REQUEST" "%25%"</span>###名科路径secfilter"\.\./"secfilterselective"the_request""25%" </span> |
这些过滤掉试图建立一个连接,通过非标准的用户代理.
|
以下是代码片段:
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">###Section - Request Validation # Here we just want to be sure that the post is from a browser.</span>###节-请求验证# |
[1] [2] 下一页 |
