Dom-based xss vulnerability Principle

Original: http://www.anying.org/thread-36-1-1.html reprint must indicate the original address

Recently, I have seen many people talking about XSS on the Internet. I used the shadow platform to express my understanding of this part.
In fact, many people know that XSS is used, but many people ignore the causes of the vulnerability. In fact, XSS Based on dom is caused by lax api code auditing, then, let me sort out the APIs that may have dom-based XSS attacks.
Document. location
Document. URL
Document. URLUnencoded
Document. referrer
Window. location
These APIs can be used to control dom data through a specially designed url. Therefore, most of the APIs are used. In fact, this dom XSS pop-up window is not very useful and harmful, most of them are used for phishing, that is, there is no way for users to actively click your URL.
Track the relevant data in the code to determine the operation the application performs on her. If the data is submitted to the following API, the application may be subject to xss. In fact, these APIs are mainly used for form hijacking. When a user inserts an xss code into a form, this produces what we call the storage-type XSS. The vulnerability has a high risk factor, many are used to steal cookies and hijack transaction forms. Many black industries often use this method to hijack orders and make profits for themselves.
Document. write ()
Document. writeln ()
Document. boby. innerHtml
Eval ()
Window.exe cScript ()
Window. setInterval ()
Window. setTimeout ()
Second, dom-based XSS also has some redirection attacks, which can be very harmful, but I personally feel that this XSS method is easy to be ignored in many places, some time ago, I submitted two URL redirection vulnerabilities to Sina, but Sina does not care much about them. I cannot say anything, but it is harmful. I believe anyone with experience will know how big the site is.
Document. location
Document. URL
Document. open ()
Window. location. href
Window. navigate ()
Window. open
The above are some dom-based xss Attack Vulnerability APIs I have compiled. I think these Apis Can Help You With code auditing after they are listed, at least know the common causes of xss vulnerabilities, and provide corresponding security protection measures when calling these Apis.
Then, many people feel that they do not know how to defend against XSS attacks. It is actually very simple, when the user submits data, determine whether the get and post symbols <> '"/exist. If these five symbols are basically blocked, the XSS threat capability is estimated to be much lower.
The article involves a small amount of technical content, mainly some personal experience and some knowledge in the book. After finishing the article, I hope it will be useful to everyone.