我的网站上有一个表单,所有的验证都是在jQuery和PHP上完成的,并且由PHP完成了用户信息的清理工作。我想到了一个简单的问题。
攻击者(黑客)能否在JavaScript切换后绕过Ajax表单?
这是HTML
<form action="" method="post" id="form-contact-us" enctype="multipart/form-data">
<input type="hidden" id="action" name="action" value="contact">
<input type="text" class="hide" value="" name="challenge" id="challenge">
<div class="col-md-6 mt-10">
<label>Your Full Name <span class="required">*</span></label>
<input type="text" class="form-control" id="name" name="name" placeholder="Your Full Name">
</div>
<div class="col-md-6 mt-10">
<label>Your Email Address <span class="required">*</span></label>
<input type="text" class="form-control" id="email" name="email" placeholder="Your Email Address">
</div>
<div class="col-md-6 mt-10">
<label>Phone Contact</label>
<input type="text" class="form-control" id="phone" name="phone" placeholder="Phone Contact">
</div>
<div class="col-md-6 mt-10"> </div>
<div class="col-md-6 band mt-10">
<label for="firstname">Your Message <span class="required">*</span></label>
<textarea class="form-control" rows="3" id="message" name="message"></textarea>
</div>
<div class="btn-group band">
<span id="loader"></span>
<button type="submit" class="btn btn-primary pull-right" style="margin-right: 14px; border-radius: 0px;">SEND <span class="glyphicon glyphicon-chevron-right"></span></button>
</div>
</form>
的JavaScript
$("form#form-contact-us").on("submit", function (){
var form, challenge, name, email, phone, message;
form = $("form#form-contact-us").serialize();
challenge = $("#challenge").val();
name = $("form#form-contact-us #name").val();
email = $("form#form-contact-us #email").val();
phone = $("form#form-contact-us #phone").val();
message = $("form#form-contact-us #message").val();
challenge = $.trim(challenge);
name = $.trim(name);
email = $.trim(email);
phone = $.trim(phone);
message = $.trim(message);
$("div#msg").removeClass("alert alert-danger alert-success").html("");
if( challenge.length > 0 ){
return false;
} else if( !name || !email || !message ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("All the fields marked with * is required.");
} else if( !mask2.test(name) ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("Your full name format is invalid.");
} else if( !mask5.test(email) ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("Your email address format is invalid.");
} else if( name.length < 3 ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("Your full name cannot be less then 3 letters.");
} else if( email.length < 5 ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("Your email address cannot be less then 5 letters.");
} else if( phone != "" && !mask4.test(phone) || phone.length < 7 || phone.length > 11 ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("Please enter your phone number.");
} else if( message.length < 5 ){
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html("Your message cannot be less then 5 letters.");
} else {
$("#form-contact-us .btn-primary ").text("Please Wait...").prop('disabled', true);
$("#form-contact-us .btn-primary").addClass("disabled");
jQuery.ajax({
type:"POST",
url: "/wp-admin/admin-ajax.php",
data: form,
success:function(data){
var data = data.split("|");
var code = $.trim(data[0]);
var msg = $.trim(data[1]);
if( code == 1 ){
$("div#msg").fadeIn("fast").addClass("alert alert-success").html(msg);
$("#form-contact-us").fadeOut("fast");
} else {
$("div#msg").fadeIn("fast").addClass("alert alert-danger").html(msg);
$("#form-contact-us .btn-primary ").text("SEND <span class=\"glyphicon glyphicon-chevron-right\"></span>").attr('disabled', true);
}
$("#form-contact-us #loader").html("");
$("#form-contact-us .btn-primary").removeClass("disabled");
}
});
}
return false;
});
PHP
function contact(){
if($_SERVER["REQUEST_METHOD"] == "POST"){
if(isset($_POST["challenge"]) && trim($_POST["challenge"]) == ""){
$name = $_POST["name"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$message = $_POST["message"];
$name = trim($name);
$email = trim($email);
$phone = trim($phone);
$message = trim($message);
if( empty($name) or empty($email) or empty($email) or empty($phone) or empty($message)){
die("0 | All the fields marked with * is required.");
} else if ( !preg_match('/^[a-zA-Z ]+$/', $name)){
die("0 | Your full name format is invalid.");
} else if ( strlen($name) < 3 ){
die("0 | Your full name cannot be less then 3 letters.");
} else if ( !is_email($email) ){
die("0 | Your email address format is invalid.");
} else if ( strlen($email) < 5 ){
die("0 | Your email address cannot be less then 5 letters.");
} else if ( !empty($phone) and strlen($phone) < 7 or strlen($phone) > 11 ){
die("0 | Please enter your phone number.");
} else if ( strlen($message) < 5 ){
die("0 | Your message cannot be less then 5 letters.");
} else if ( check_for_spam($name) > 0 ){
die("0 | Please remove any links from your full name.");
} else if ( check_for_spam($phone) > 0 ){
die("0 | Please remove any links from What would you like to know phones.");
} else if ( check_for_spam($message) > 0 ){
die("0 | Please remove any links from your message.");
} else {
$name = sanitize_text_field($name);
$email = sanitize_text_field($email);
$phone = sanitize_text_field($phone);
$message = sanitize_text_field($message);
$name = remove_html($name);
$email = remove_html($email);
$phone = remove_html($phone);
$message = remove_html($message);
$name = esc_html($name);
$email = esc_html($email);
$phone = esc_html($phone);
$message = esc_html($message);
/* All Good */
}
}
}
}
答案 0 :(得分:1)
攻击者可以在不使用您提供的HTML的情况下发送表单。 在您的情况下,您的表单使用POST方法。
POST /code.php
action => contact
challenge =>
name => a_name
email => an_email
phone => a_phone
message => a_message
如果挑战是安全令牌或由Javascript函数生成的内容,攻击者当然可以模拟此功能并获得 挑战 并提交表单。