Reflective XSS for code-audit learning

0X01 Basics Introduction

XSS Vulnerability classification: generally divided into three kinds

Reflection Type XSS

Save-as XSS

Dom-based XSS

Learn reflective XSStoday: It sends a URL with malicious script code parametersto others, and when the URL address is opened, the unique malicious Code parameter is parsed and executed by HTML. Its features are non-persistent and must be clicked by a user with a link to a specific parameter.

Cause and utilization of 0x02

In general, many of the causes of vulnerabilities are due to the user's input too trust caused by the lack of rigorous filtering, usually in the process of code audit, audit to obtain user input functions or operations such as storage and so on

First, the direct output of the variable

For example:

<?php
echo$_get[' XSS '];
?>

Two: $_server variable parameter
$_server[' Php_self ']

Test code:

<?php
echo $_server[' php_self '];
?>

Pop-up window:

$_server[' Http_user_agent ']

This function is to get browser information

<?php
echo $_server[' http_user_agent '];
?>

Operation Result:

mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) gecko/20100101 firefox/42.0

You can change the contents of user-agent via Firefox plugin modify headers:

$_server[' Http_referer ']

This one's going to change referer.

$_server[' Request_uri ']

This function obtains the contents of the URL and encodes the special characters, which must be used in PHP to achieve the effect of UrlDecode XSS.

With the UrlDecode () after:

<?php
echo urldecode ($_server[' Request_uri ');
?>

0X03 Summary

Knowledge of the incomplete, are some of the more basic things, know the principle, the back will slowly go deep!

Reflective XSS for code-audit learning