Home > Others

Client Script attack

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

What is a client script implant attack

The so-called client script implantation attack is the insertion of scripts that can be executed into objects such as forms, pictures, animations, or hyperlinked text. When the user opens these objects, the script implanted by the hacker is executed and the attack is started.

HTML tags that can be used as script-embedding attacks include the following 5 areas:

(1) Page scripting programs such as JavaScript and VBScript tagged with the script tag. You can specify JavaScript program code within the script tag, or you can specify the URL path of the JavaScript file within the SRC attribute.
(2) An object tagged with an object tag. These objects are typically Java applets, multimedia files, and Active X controls. The URL path of the object is typically specified within the Data property.
(3) An object marked with a embed tag. These objects are typically multimedia files, such as Flash. The URL path of the object is typically specified within the SRC attribute.
(4) An object marked with an applet tag. These objects are Java applets. The URL path of the object is typically specified within the CODEBASE property.
(5) A form marked with a form tag. Typically, within the Action property, you specify the path of the Web application to process the form data.

For a simple example, there are many PHP sites that offer visitors a message. The messages that are entered are usually stored in the MySQL database of the site. Web site administrators can browse these messages and may open them to other visitors.

Normal message content should not be a script such as the existence of HTML tags, and not careful of the site will directly display the content of the message. At this time malicious hackers can use this vulnerability, in the message to enter the JavaScript program code.

If the site is not filtered to directly display the content of the message, this time the implant message Javasrcipt program code will be executed. When the webmaster or other user of the site browses the messages, they are attacked by the implant script.

Client Script attack

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More