XSS Research 2-External XSS attacks

Introduction:

In the above example, we have studied XSS attacks from the inside, by conveying a piece of harmful js Code to the victim's machine, let it run this harmful JS code on the victim's domain for intrusion purposes. Now let's take a look at external XSS attacks.

Practice:

In the following example, I will explain what XSS attacks come from outside in plain text.

Assume that I am an attacker and A is A victim. I know that A has A habit of logging on to A luxury consumption website and buying many things with his points each time. I have no money, I want to log on to the same website using the account and password of account A, and then use his points to buy something for myself. Apparently, because A knows that I am A victim, I directly ask A to ask for the account and password, and he will definitely report an alarm. What should I do?

At this time, I know that A often logs on to the same machine, and the Cookie information will be stored locally on the same machine. Therefore, I want to implant A malicious script on A luxury website, because every time A logs on, its information will be stored in the Cookie, then, my malicious script reads information from his Cookie every time and sends it to my own server, then I set up a piece of code on my own server. The Cookie information is stored in a private local text file, so that every time he logs on, then I can know the Cookie information of A in my local text file. Of course, to trigger that malicious script, I must ensure that A will click on the link where I want A malicious script. I will pretend to be, for example, the most commonly used beauty image.

Let's start with an example:

First, I will create a text file in my own disk directory, such as D: \ privateLocation \ stealCookieFile.txt.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131229/121P22492-0.png "title =" 25.png" alt = "172318549.png"/>

This file is used to store the Cookie information I have stolen from.

Then, I began to forge a page with malicious scripts:

<% @ Page language = "java" contentType = "text/html; charset = UTF-8" pageEncoding = "UTF-8" %> <! DOCTYPE html PUBLIC "-// W3C // dtd html 4.01 Transitional // EN" "http://www.w3.org/TR/html4/loose.dtd"> 
650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131229/121P24016-3.png "title =" 28.png" alt = "173256367.png"/>


Summary:
The so-called external XSS attack is actually by letting the user execute a malicious script, and then the script will secretly steal sensitive information and put it into what the attacker wants, these sensitive information can be cookies, user-agent, or other information that javascript can obtain. If attackers are malicious, he can get the information to do something illegal. For example,For example, I am an intruder) Who wants to steal war-time confidential information such as Cookie information from victims in a certain country), but because their national defense measures are too good for same-origin policy), I cannot directly obtain them, so I bought a person from their country, such as a link to a pornographic image) and agreed that every time the country publishes intelligence, that is, when the victim visits a website, the Intelligence corresponds to the Cookie) to a specific intelligence exchange location, I set up another server), then I get this intelligence from that location to get Cookie information from the request object), and then parse it to read the Cookie ), and stored in my own intelligence library in my local private files ).




I will discuss the prevention and solution of internal XSS and external XSS in a later article.
This article from "parallel line cohesion" blog, please be sure to keep this source http://supercharles888.blog.51cto.com/609344/1339921