Cross-site scripting (xss) parsing (2) saved xss Vulnerability

Previous: http://www.bkjia.com/Article/201209/153264.html
The stored xss vulnerability means that the data submitted by user A is stored in A web program (usually in A database) and then displayed directly to other users. In this way, if the data contains malicious code, it will be executed directly in the user's browser.
 
Such vulnerabilities may exist on the Q & A platform or personal information settings. The attacker raised a question in the web program. The question contains js statements. If the web server does not filter the Code, any user who views the question, and execute the attacker's js statement in its browser.
 
Generally, the stored xss vulnerability takes two steps:

① The attacker uploads specially designed data (including malicious code), submits it to the website, and saves it. ② When other users view pages containing malicious code, the malicious code will be executed in the browser. Therefore, the stored xss vulnerability is also known as second-order cross-site scripting.
 
Unlike the reflected xss vulnerability, the reflected xss vulnerability requires a URL to trick users into clicking. The saved xss vulnerability is not required. After uploading special code, you only need to wait for other users to click. For reflected xss, the user must be logged on, while for saved xss, the user is logged on.
 
Specific steps:

1. Attackers submit data containing malicious js to the server and save the data on the server.
2. log on to the system.
3. the user browses pages containing malicious code.
4. The server responds to the attacker's js statements.
5. malicious code is executed in the user's browser.
6. users' browsers send cookies to attackers.
7. Attackers use cookies to log on to the system.
 
Upload files and save the xss. If the application allows users to upload and download viewing files, the stored xss vulnerability may exist. Upload an html file. When other users view the file, the code in the file will be executed. Many WEB programs prohibit the upload of html files, but we can disguise html files as jpg or other files.
 
Many email servers have such vulnerabilities. attackers can send images containing malicious code via emails to trick users into clicking and launching attacks.