Principle Analysis and anatomy of XSS (1)

Principle Analysis and anatomy of XSS (1)

0 × 01 preface:

At the beginning, there was not much information about xss attack techniques on the Internet (they were all ready-made code and did not start from the basics ), it was not until the Thorn's white hat WEB security and cn4rry's XSS cross-site scripting attack analysis and defense began to improve.

Here I will not talk about the history of xss. xss is a popular and less-valued Web attack method. Why is this happening? for the following reasons:

1. time consumption 2. A certain probability of failure 3. No software for automated attacks 4. Basic html and js skills required in the Early Stage, in the future, solid knowledge of html, js, actionscript2/3.0 and other languages is required. 5. It is a passive attack method. 6. There are http-only and crossdomian attacks on websites. xml is useless

However, these vulnerabilities do not affect hackers' preferences on this vulnerability. There are no more reasons, but only one.

Almost every website exists in Xss, and google, baidu, 360, and so on.

0 × 02 principle:

First, we will build a local PHP environment (which can be installed using the phpstudy installation package), and then write the following code in the index. PHP file:

 
 

  
  
<Html>
  
  
<Head>
  
  
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8"/>
  
  
<Title> reproduction of XSS principles </title>
  
  
</Head>
  
  
<Body>
  
  
<Form action = "" method = "get">
  
  
<Input type = "text" name = "xss_input">
  
  
<Input type = "submit">
  
  
</Form>
  
  
<Hr>
  
  
<? Php
  
  
$ Xss = $ _ GET ['xss _ input'];
  
  
Echo 'the character you entered is <br> '. $ xss;
  
  
?>
  
  
</Body>
  
  
</Html>
  
  
 
 
 

Then, you will see such a page on the page

Enter abcd123 and the result is

Let's look at the source code.

The input string is unblocked and output. Here we propose a hypothesis. Suppose we enter the following code in the search box?

 
 

  
  
<script>alert('xss')</script> 
 
 

In the preceding example, there should be a gap between the [br] and [/boby]> of the 12th rows, Which is changed:

 
 

  
  
<br><script>alert('xss')</script></boby> 
 
 

Then, a dialog box is displayed.

Since the assumption is proposed, we can't make it true.

We enter

 
 

  
  
<script>alert('xss')</script> 
 
 

The page is

The window pops up successfully. At this time, you can basically identify the xss vulnerability.

Let's look at the source code.

It seems that our assumption is successful. This section describes the principle of XSS. The following sections describe the construction and utilization of xss.