POST请求在我的Web应用程序中添加恶意软件脚本

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了POST请求在我的Web应用程序中添加恶意软件脚本相关的知识,希望对你有一定的参考价值。

当我点击提交时,我有一个使用post方法的表单,它正在加载一些外部脚本并显示空白页面。当我查看空白页源代码时,它显示如下

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<meta name="revisit-after" content="10">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" language="JavaScript" src="http://cdn.dsultra.com/js/registrar.js"></script>
<script type="text/javascript" language="JavaScript"> registrar_frameset({a_id: 48873, drid: 'as-drid-2540437855034467'}); </script>
</head>
</html>

我在这里发现同样的错误但是这里没有发布解决方案https://forum.joomla.org/viewtopic.php?t=684752

这些脚本是阻止我们的页面请求的恶意软件,如浏览器控制台检查中所示 - 请检查这一点

registrar.js:38 A parser-blocking, cross site (i.e. different eTLD+1) script, http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
registrar_frameset @ registrar.js:38
2show_afd_ads.js:9 A parser-blocking, cross site (i.e. different eTLD+1) script, https://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?callback=_google_json_callback&output=js&client=ca-dp-oversee_ncd&st=create&drid=as-drid-2540437855034467&dt=1520026564356&u_tz=180&u_his=13&u_h=768&u_w=1366&frm=0, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
D @ show_afd_ads.js:9
Receivable.php:1 Refused to execute script from 'https://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?callback=_google_json_callback&output=js&client=ca-dp-oversee_ncd&st=create&drid=as-drid-2540437855034467&dt=1520026564356&u_tz=180&u_his=13&u_h=768&u_w=1366&frm=0' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
 Receivable.php Failed to load resource: the server responded with a status of 501 (Method Not Implemented)

请帮忙删除它

我的PHP表单

<?php include('header.php'); ?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<table class="filters">
<tr>
<td>From:<input type="text" name="fromDate" id="fromDate" style="width:100px"></td>
<td>To:<input type="text" name="toDate" id="toDate" style="width:100px"></td>
<td><div class="ui-widget"><input id="customers" name="Cno" placeholder="Customer Name"></div></td>
<?php /*<td><input type="text" oninput="showCustomers(this.value)" placeholder="Search here" name="CustomerNo" /> <select name="Cno">
                    <?php
                    $sql2 = 'SELECT Customer_Name as Cname,No from customers order by Customer_Name';
                    $result2 = mysqli_query($connection, $sql2);

                    if (mysqli_num_rows($result2) > 0) {
                        ?><option value="">Customer Name</option><?php
                        // output data of each row
                        while($row2 = mysqli_fetch_assoc($result2)) { ?>
                    <option value="<?php 
                                echo $row2['No']; ?>"><?php echo $row2["Cname"]; ?></option>
                    <?php } ?>
                </select>   
                <?php } ?></td>*/?>
<td>
    <select name="alldata">
    <option value="">All</option>
    <option value="Yes">I want all Data</option>
    </select>
    <select name="Gno">

    <?php $sql = 'SELECT customergroup.gdesc as Gname,Gno from customergroup';
    $result = mysqli_query($connection, $sql);

    if (mysqli_num_rows($result) > 0) {
        ?><option value="">Customer Group</option><?php
            // output data of each row
            while($row = mysqli_fetch_assoc($result)) {
        ?>

<option value="<?php 
                    echo $row['Gno']; ?>"><?php echo $row["Gname"]; ?></option>
                    <?php } ?>
                </select>
                <?php } ?>
</td>
<td><select name="Ano">

    <?php $sql = 'SELECT accountant.Name as Aname,No from accountant';
    $result = mysqli_query($connection, $sql);

    if (mysqli_num_rows($result) > 0) {
        ?><option value="">FollowUp By</option><?php
            // output data of each row
            while($row = mysqli_fetch_assoc($result)) {
        ?>

<option value="<?php 
                    echo $row['No']; ?>"><?php echo $row["Aname"]; ?></option>
                    <?php } ?>
                </select>   
                <?php } ?><select name="Sno">

    <?php 
    $sql = 'SELECT Name as Sname,No from salesman';
    $result = mysqli_query($connection, $sql);

    if (mysqli_num_rows($result) > 0) {
        ?><option value="">Salesman Name</option><?php
            // output data of each row
            while($row = mysqli_fetch_assoc($result)) {
        ?>

<option value="<?php 


        echo $row['No']; ?>"><?php echo $row["Sname"]; ?></option>
                    <?php } ?>
                </select>   
                <?php } ?></td>
<td><select name="statNo">
                    <?php
                    $sql2 = 'SELECT * from status';
                    $result2 = mysqli_query($connection, $sql2);

                    if (mysqli_num_rows($result2) > 0) {
                        ?><option value="">Status</option><?php
                        // output data of each row
                        while($row2 = mysqli_fetch_assoc($result2)) { ?>
                    <option value="<?php 
                                echo $row2['Sno']; ?>"><?php echo $row2["desc"]; ?></option>
                    <?php } ?>
                </select>   
                <?php } ?></td>
<td>Contacted on:<input type="text" name="lastDate" id="lastDate" style="width:100px"><br />Changed on<input type="text" name="changedOn" id="changedOn" style="width:100px"></td>
<td><select name="UserName">

    <?php 
    $sql = 'SELECT user,admin.Number from admin order by user';
    $result = mysqli_query($connection, $sql);

    if (mysqli_num_rows($result) > 0) { ?>

        <option value="">Edited By</option>

        <?php // output data of each row
            while($row = mysqli_fetch_assoc($result)) {
            ?>

<option value="<?php 
                            echo $row['user']; ?>"><?php echo $row["user"]; ?></option>
                    <?php } ?>
                </select>   
                <?php } ?>
    <select name="sortby" onchange="showReceivable(this.value)">
        <option value="">Sort By</option>
        <option value="InvoiceNo">InvoiceNo</option>
        <option value="InvoiceDate">Invoice Date</option>
        <option value="CustomerName">Customer Name</option>
    </select></td>   

<td><button class="btn" type="submit" value="Create Report" name="readFile"><i class="fa fa-search"></i> Search</button></td>
</tr>

</table>

</form>
<?php  
    $fromDate = $_POST["fromDate"] ;
    $toDate = $_POST["toDate"];
    if($Cno){
    $Cname = $_POST["Cno"];
    $sql = "SELECT No from customers where Customer_Name = '$Cname'";
    $result = mysqli_query($connection, $sql);
    if (mysqli_num_rows($result) > 0) {
            $row = mysqli_fetch_assoc($result);
            $Cno = $row["No"];
        }
    }
    $Ano = $_POST["Ano"];
    $Gno = $_POST["Gno"];
    $Sno = $_POST["Sno"];
    $statNo = $_POST["statNo"];
    $alldata = $_POST["alldata"];
    $lastDate = $_POST["lastDate"];
    $UserName = $_POST["UserName"];
?>

<?php   
    $sql = "SELECT detail.First_Contacted,detail.No as Dno,detail.Invoice_no,detail.Invoice_date,detail.Invoice_amount,detail.Cheque_expected,detail.Last_contacted,customers.Customer_Name as Cname,accountant.Name as Aname,salesman.Name as Sname,detail.Comments,status.desc,customers.No,detail.InsertedBy,detail.Groupno,customergroup.Gno,customergroup.gdesc as Gname FROM status,detail,customers,salesman,accountant,customergroup where detail.Customer_No=customers.No and detail.Accountant_No=accountant.No and detail.Salesman_No=salesman.No and detail.StatusNo=status.Sno and detail.Groupno=customergroup.Gno";
    if( $fromDate!="" )
        $sql.=" and Cheque_expected >= '$fromDate'";

    if( $toDate!="" )
        $sql.=" and Cheque_expected <= '$toDate'";

    if( $Sno!="" )
        $sql.=" and detail.Salesman_No='$Sno'";

     if( $Cno!="" )
        $sql.=" and detail.Customer_No='$Cno'";

    if($Ano!="")
        $sql.=" and detail.Accountant_No='$Ano'";

    if($Gno!="")
        $sql.=" and detail.Groupno='$Gno'";

    if($statNo!="")
        $sql.=" and detail.StatusNo='$statNo'";

    if($lastDate!="")
        $sql.=" and detail.Last_contacted='$lastDate'";     

    if($UserName!="")
        $sql.=" and detail.InsertedBy='$UserName'";

    if($changedOn!=""){
        $changedOn=date( 'd M Y', strtotime($changedOn) );
        $sql.=" and ChangeTime like '$changedOn%'";
    }  

    if($alldata!="")
        $sql = "SELECT detail.First_Contacted,detail.Comments,status.desc,customers.No,detail.InsertedBy,detail.No as Dno,detail.Invoice_no,detail.Invoice_date,detail.Invoice_amount,detail.Cheque_expected,detail.Last_contacted,detail.Status,customers.Customer_Name as Cname,accountant.Name as Aname,salesman.Name as Sname FROM status,detail,customers,salesman,accountant where detail.Customer_No=customers.No and detail.Accountant_No=accountant.No and detail.Salesman_No=salesman.No and detail.StatusNo=status.Sno and detail.Groupno=customergroup.Gno";


    if( $Ano!="" || $Gno!="" || $Sno!="" || $Cno!="" || $alldata!="" || isset( $_POST["readFile"]) || $fromDate!="" || $toDate!=""  ){
            $_SESSION["query"] = $sql;
        }

    if( isset($_SESSION["query"]) ){
        $sql = $_SESSION["query"];
    $result = mysqli_query($connection, $sql);
    if (mysqli_num_rows($result) > 0) {

        $totalAmount=0;
            // output data of each row ?>
<div id="Sortlisting">
<table border="1" class="report">
<thead>
    <th>Invoice Date</th>
    <th>Invoice Number</th>
    <th>Customer Name</th>
    <th>Invoice Amount</th>
    <th>Customer Group</th>
    <th>Salesman</th>
    <th>Follow Up by</th>
    <th>Next Follow-up Date</th>
    <th>Last Contacted</th>
    <th>Follow-up Days</th>
    <th>Status</th>
    <th>Comments</th>
    <th>Edit</th>
    <th>Copy</th>
    <th>Edit All</th>
    <!--<th>Delete</th>-->
    <!--<th>Inserted By</th>-->
</thead>
<tbody>
<?php               while($row = mysqli_fetch_assoc($result)) { 

                    if( ( $row["desc"]==("Received"||"Cancelled")&&isset($UserName)&&!empty($UserName) )||($row["desc"]!=="Received"&&$row["desc"]!=="Cancelled")||( $row["desc"]==("Received"||"Cancelled") &&isset($statNo)&&!empty($statNo) ) ){ ?>

                <tr>
                <td><?php echo date( 'd/m/y', strtotime($row["Invoice_date"])); ?></td>
                <td><?php echo $row["Invoice_no"]; ?></td>
                <td><?php echo $row["Cname"]; ?></td>
                <td><?php echo $row["Invoice_amount"]; 
                        $totalAmount += $row["Invoice_amount"];
                ?></td>
                <td><?php echo $row["Gname"]; ?></td>
                <td><?php echo $row["Sname"]; ?></td>
                <td><?php echo $row["Aname"]; ?></td>
                <td><?php
                        if((date( 'd/m/y', strtotime($row["Cheque_expected"]))=='01/01/70')||(date( 'd/m/y', strtotime($row["Cheque_expected"]))=='31/12/69'))
                            echo '-';
                        else
                            echo date( 'd/m/y', strtotime($row["Cheque_expected"])); ?></td>     
                <td><?php 
                        if((date( 'd/m/y', strtotime($row["Last_contacted"]))=='01/01/70')||(date( 'd/m/y', strtotime($row["Last_contacted"]))=='31/12/69'))
                            echo '-';
                        else
                            echo date( 'd/m/y', strtotime($row["Last_contacted"])); ?></td>
                <td><?php 
                        if((date( 'd/m/y', strtotime($row["First_Contacted"]))=='01/01/70')||(date( 'd/m/y', strtotime($row["First_Contacted"]))=='31/12/69')||(date( 'd/m/y', strtotime($row["First_Contacted"]))=='00/00/00'))
                            echo '-';
                        else {
                            $diff =  time() - strtotime($row["First_Contacted"]); 
                            echo floor($diff / (60 * 60 * 24));
                        } ?></td>
                <td><?php echo $row["desc"]; ?></td>
                <td><?php echo $row["Comments"]; ?></td>    
                <td><a href="/edit.php?id=<?php echo $row['Dno']; ?>"><i class="fa fa-edit"></i></a></td>
                <td><a href="/copy.php?id=<?php echo $row['Dno']; ?>"><i class="fa fa-copy"></i></a></td>
                <td><a href="/editAll.php?id=<?php echo $row['Dno']; ?>"><i class="fa fa-fax"></i></a></td>
                <?php /*$no=$row["Dno"]; $sqlquery="delete.php?id=$no"; ?>
                <td><button type="button" onclick='confirmDelete("<?php echo $sqlquery; ?>")'><i class="fa fa-trash"></i></button></td><?php */ ?>
                <!--<td><?php// echo $row["InsertedBy"]; ?></td>-->
                </tr>                                            
<?php 
}
}
?>
<?php if($totalAmount){ ?>
        <tr style="background-color: #70a793;">
                <td>Total Amount</td>
                <?php for($cnt=0;$cnt<2;$cnt++) { ?>
                    <td>&nbsp;</td>
                <?php } ?>
                <td><?php echo $totalAmount; ?></td>
                <?php for($cnt=0;$cnt<11;$cnt++) { ?>
                    <td>&nbsp;</td>
                <?php } ?>
        </tr>
        <?php } else { ?>
<tr>
<td colspan="14"><?php echo "No Data Found!";?></td>
</tr>
<?php } ?>

<?php    } else {
                echo "0 results";
    }
?>


</tbody>
</table>
</div>
答案

您获得的POST响应看起来像域名停放页面。确保您提交表单的域拼写正确,并且其域注册尚未过期。

以上是关于POST请求在我的Web应用程序中添加恶意软件脚本的主要内容,如果未能解决你的问题,请参考以下文章

当我在我的 Web 应用程序中发送 Ajax 请求时,控制器端会在 laravel 的请求参数中为我提供脚本

iphone - 在我的应用程序中创建网络服务器;需要处理 POST 请求以上传文件

常见的几种Web安全问题测试简介

来自 Flutter Web 的 HTTP Post 请求

PHP POST 请求中缺少授权标头

如何在coldfusion cfc中接收JSON POST请求