Understand XSS attack principles
After reading the HTML security list written by cool shell
I suddenly wanted to write a quick tutorial on XSS.
Let more people know what XSS security vulnerabilities are
Before understanding XSS, you must know the principle of "session ".
Simply put, after a member successfully logs in, the website will give the browser a "token 』
After this token is taken to the website, it will be considered as logged on
Next is the simplest process of XSS.
Simply put, hackers steal your "token" through JavaScript code.
Using this token, he can also log on to the website as your identity.
Then steal your related data (Personal Data & transaction data)
And then sell the data to fraud groups.
Related reference data:
Cross-Site Scripting-Wikipedia
Cross-site scripting (XSS)-OWASP
XSS (Cross Site Scripting) attacks will cause you to lose the information in the cookie.
XSS attack-Network Attack and Defense
HTML5 Security cheatsheet