Common website vulnerabilities-

 

 

Cross-Site attack, that is, Cross Site Script Execution (usually abbreviated as XSS). Because CSS has the same name as the stacked style sheet, it is changed to XSS. This means that attackers cannot filter user input using website programs, enter the HTML code that may affect other users on the page to steal user information, use user identity for certain actions, or conduct virus attacks on visitors. Many people mostly use XSS in the box, and some vendors disagree with XSS. They all think that the security level is very low or even negligible.
Common steps for Cross-Site attacks: 1. after the attacker determines the target, the attacker can write the attack code to the target site where the database can be written. 2. website administrators leak information when Browsing attack code. 3. malicious Code returns the obtained information to attackers. 4. attackers can intrude into the target based on the obtained information.

 

 

650) this. width = 650; "style =" float: none "title =" image 1.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GG952-0.png "/>

 

 

 

650) this. width = 650; "style =" float: none "title =" image 2.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GH208-1.png "/>

 

 

 

 

XSS vulnerability Exploitation
1. Cookie Theft is the most commonly used method for Cross-Site attacks, after obtaining the cookie, you can directly use the "" tool or other browsers that can modify the cookie, such as Firefox with the cookie Edit plug-in installed) to change the cookie to the obtained cookie, so that you can obtain the website management permission.

650) this. width = 650; "style =" float: none "title =" image 3.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GJ1S-2.png "/>

 

 

650) this. width = 650; "style =" float: none "title =" image 4.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GKE7-3.png "/>

 

 

650) this. width = 650; "style =" float: none "title =" image 5.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GIG2-4.png "/>

 

 

2. penetration router for users in the Intranet, we can use XSS to change the vro password. We can use the default password to log on to the router, such as URL: http: // admin: admin@192.168.1.1, in fact, many routers use the default password, I here this is also the case, directly use admin as the user name and password

 

650) this. width = 650; "style =" float: none "title =" image 6.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GH318-5.png "/>

 

 

650) this. width = 650; "style =" float: none "title =" image 7.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GH518-6.png "/>

 

 

 

 

3. Reading local files has different restrictions on reading local files in different browsers. XEYE team had statistics before, as shown below:

650) this. width = 650; "style =" float: none "title =" image 8.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GMK0-7.png "/>

 

 

4. Hacking HomePage I believe that many beginners of Hack will have a special liking for that piece of black pages. In particular, during the current China-US Hacking war, the Chinese will be hanging on the White House website's black pages, this makes people remember it all the time! This section mainly uses XSS to blacklist others' blog homepages. However, there is a big difference between the black pages and the intrusion server to modify the homepages, the use of XSS for Black Pages does not actually modify the pages on the server. It only modifies pages through JavaScript, CSS, and other WEB technologies. This is mainly because JavaScript code is injected and then executed in the background to steal cookies or hijack browsers. These codes are usually HTML or JavaScript code (usually InnerHTML or document. write command to dynamically create text, images, and other data information ).
The "Custom header" column under is used as an example. Write the following statement to it: <script src = "http: // localhost/1.js"> </script> write 1. js Code: document. write ("<center>  

 

650) this. width = 650; "style =" float: none "title =" image 9.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GK633-9.png "/>

 

 

 

5. Cross-site "overflow attack" I believe that friends familiar with buffer overflow attacks know the principle of this attack: overwrite the return address by filling too many bytes into the stack, then control the execution process of the program. The XSS attack method I want to talk about here has similar characteristics with overflow, but as mentioned above, the result is a bunch of vulnerabilities, it seems that many technical staff put their blogs in Baidu space, at least it is much safer than these blog websites.
 
6. With the advent of the web era, XSS Worm is a landmark technology of Web. AJAX is "Asynchronous JavaScript and XML" Asynchronous JavaScript and XML). AJAX is not a acronym, but a term created by Jesse James Gaiiett. It is a Web page development technology that creates interactive web applications. The emergence of Ajax has greatly facilitated the development of XSS worms, and thus accelerated the spread of xss worm technology. The previous Twitte worm is used as an example to analyze the Cross-Site vulnerability. The cross-site vulnerability mainly appears in the "Name" text field and "More info URL" text field under the "Settings" menu, it was written by a 17-year-old guy from New York, USA. It took him two hours to get it done. If there were too many code, he wouldn't talk about it. If you are interested, you can access Baidu.
 
VII. DDOS attacks

Types of XSS attacks

650) this. width = 650; "style =" float: none "title =" image 10.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GGH1-10.png "/>

 

 

Xss Mining

 

650) this. width = 650; "style =" float: none "title =" image 11.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GJ526-11.png "/>

 

 

650) this. width = 650; "style =" float: none "title =" image 12.png "src =" http://www.bkjia.com/uploads/allimg/131227/063GH006-12.png "/>

 

 

 

 

XSS attack prevention website)

1. defense against code modification: Use the htmlspecialchars function to convert special characters to the HTML encoding function prototype string htmlspecialchars (string, int quote_style, string charset) string is the string to be encoded quote_style (optional, the value can be ENT_COMPAT, ENT_QUOTES, and ENT_NOQUOTES. The default value is ENT_COMPAT, indicating that only double quotation marks are converted without single quotation marks. ENT_QUOTES, which indicates that both double quotation marks and single quotation marks must be converted. ENT_NOQUOTES indicates that double quotation marks and single quotation marks are not converted to charset (Optional). It indicates that the character set function used will convert the following special characters into html encoding: & --> & "-->" '-->' <--> <> -->
$ _ SERVER ["PHP_SELF"] Variable Cross-Site
In a form, if you submit a parameter to yourself, the statement <form action = "<? Php echo $ _ SERVER ["PHP_SELF"];?> "Method =" POST ">
......
</Form> $ _ SERVER ["PHP_SELF"] The variable value is the name of the current page. Example:
The form above in http://www.sectop.com/get.php get. php is then submitted
Http://www.sectop.com/get.php/ "> <script> alert (document. cookie); </script>
Then the form becomes
<Form action = "get. php/"> <script> alert (document. cookie); </script> "method =" POST ">
The Cross-Site Script is inserted into the defense method, or the output variables are filtered using htmlspecialchars, or the form submitted to the file is used.
<Form action = "" method = "post"> This prevents the $ _ SERVER ["PHP_SELF"] variable from being cross-site

2. XSS defense using Intrusion Detection Products
3. Filter keywords. Some keywords are transcoded by URLs or other types during use. Therefore, the filter type should also be considered. 4. You can use unified encoding, such as UTF8.
 
Conclusion: As a developer, you must have a certain degree of security awareness. When writing a piece of code, you must consider the program security from the attacking point of view. As a security personnel, we should consider the logic of the developers from the perspective of the developers, find and exploit the defects.

 

 

This article is from the "no trace" blog, please be sure to keep this source http://hucwuhen.blog.51cto.com/6253667/1281705