This article will explain how to use cross-site scripting (XSS) and how to use it. This article will give a brief introduction to JavaScript and XSS vulnerabilities.
XSS is short for Cross-Site Scripting, but you may ask why it is not replaced by CSS. This is because CSS has been used in Cascading Style Sheets, so using XSS will prevent confusion.
Basic JavaScript knowledge
JavaScript is a scripting language used for a more dynamic user interface in Web applications. Most importantly, the XSS vulnerability allows users to execute JavaScript code on the webpage results. If a website has an XSS vulnerability, sometimes the simplest code can have enough tests, such:
<Script>
</Span> </p>
<P style = "text-align: center;"> <span> alert ("Hacked or maybe not ");
</Span> </p>
<P style = "text-align: center;"> <span> </script> </span>
<Span>
This code will pop up a window, and you can also use the following code:
<Script>
</Span> </p>
<P style = "text-align: center;"> <span> document. write ("Maybe next time ");
</Span> </p>
<P style = "text-align: center;"> <span> </script> </span>
<Span>
This code will rewrite the content of the currently opened webpage. "Maybe next time" will be written to the webpage and executed successfully.
<Script>
</Span> </p>
<P style = "text-align: center;"> <span> document. getElementById ("header"). innerHTML = "Ho ho ";
</Span> </p>
<P style = "text-align: center;"> <span> </script> </span> </p>
<P style = "text-align: center;"> <span> <p id = "header"> The professional blog </p> </span>
<Span>
From the code above, you can see that we have a paragraph mark and JavaScript code. The function of JavaScript code is to find the element ID "hearder". If such an element is found, it will change its content.
<Script>
</Span> </p>
<P style = "text-align: center;"> <span> document. write (location. href );
</Span> </p>
<P style = "text-align: center;"> <span> </script> </span>
<Span>
The preceding code example has a task that writes the current page location. It may seem simple. It may also be dangerous if used with other code or vulnerabilities.
<SCRIPT>
</SPAN> </P>
<P style = "text-align: center;"> <SPAN> document. write (location. pathname );
</SPAN> </P>
<P style = "text-align: center;"> <SPAN> </script> </SPAN>
<SPAN>
The preceding code example returns the path of the current URL. For example, if http: // localhost/js/code. js is available, "JS/code. js" is returned ".
<Script>
</Span> </p>
<P style = "text-align: center;"> <span> alert (document. cookie );
</Span> </p>
<P style = "text-align: center;"> <span> </script> </span>
<Span>
When using document. cookie, you can print the cookie content on the current page. In the alert window, information contained in cookies, such as name, content, and host will be created. To this end, we recommend that you use the tool to obtain the cookie information on the current page. In this article, I will use Cookie Manager + v1.5.1.1 To Tell You That cookies will contain internal data information.
1. xss Encoding
To bypass some protection, you can encode your XSS script. For this purpose, you can use XSS calculator to avoid being filtered, XSS calculator address: http://ha.ckers.org/xsscalc.html
Therefore, if you try to encode <SCRIPT> alert ("hacked") </script>, you will get:
HTML format:
<script>aler
t('hacked')<
/script>
Decimal HTML format:
& #60 & #115 & #99 & #114 & #105 & #112 & #116 & #62 & #97 & #108 & #101 & #114 & #116 & #
& #40 & #39 & #104 & #97 & #99 & #107 & #101 & #100 & #39 & #41 & #60 & #47 & #115 & #99 & #114 & #105 & #112 & #116 & #62
Base64 encoded value: PHNjcmlwdD5hbGVydCgnaGFja2VkJyk8L3NjcmlwdD4 =
Use ha.ckers.org xss calculator to encode javascript code
This is done to bypass some security control mechanisms. For example, if you have regular expressions that control certain strings detected in JavaScript, if "<SCRIPT>" is encoded, it will not be detected.
2. Types of XSS vulnerabilities
Reflected xss (Reflected XSS)
A reflected xss is an XSS that is triggered by deceiving users to click a link. For example, the XSS at the forum posting area is a persistent XSS. Non-persistent XSS (Reflected xss) is what we call the Reflected XSS. It can be used to attack the number of undefined users of non-fixed targets. For example:
Http://www.nxadmin.com/about_JPL/maps.php? Departure = <script> alert ("xss") </script>
Persistent/stored xss (Persistent/stored XSS)
The main difference between reflective XSS and stored XSS is that stored XSS can be kept in a Web application. This makes it less deterministic for victims, because of which it is more dangerous. It can be stored in blog articles, Forum posts, etc., or any part, involving the server that stores data.
For example, the bgs cms v2.2.1 XSS vulnerability is a storage-type xss vulnerability.
DOM-based XSS
The difference between the persistent, reflective XSS and DOM-based XSS is that the previous two vulnerabilities appeared on the server side code, while the DOM-based XSS appeared on the client (browser ).
DOM-based XSS-related details: http://www.bkjia.com/Article/201212/178323.html
Let's look at an example:
Document. referrer attributes
<Html>
Link: http://resources.infosecinstitute.com/cross-site-scripting-with-chef-guide