Introduction to XSS

1. What is XSS?

XSS attacks: XSS attacks are web application attacks. Attackers attempt to inject malicious script code to a trusted Website for malicious operations. In cross-site scripting attacks, malicious code is executed on the affected user's browser and affects the user.

2. What can XSS do?

Many people think this is fun (just to verify the existence of XSS attacks );

Attackers can steal cookies to impersonate victims without a password;

Forged login prompts to get the password;

Capture buttons for online banking, email, and other websites;

Use a browser to perform port scanning on the LAN;

Secretly reconfigure the home router to invalidate its Firewall;

Lays the foundation for Cross-Site Request Forgery attacks;

New Buffer Overflow tool (JavaScript is the new shellcode );

3. Cause of XSS Vulnerability

A. The main reason for cross-site scripting is that programmers trust users. Developers easily think that users will never try to execute anything out of the box, so they create applications without using any additional code to filter user input to prevent any malicious activity. Another reason is that there are many variants of this attack. It is difficult to create an effective XSS filter.

However, this is only relative. The "encoding" and "filtering" of user input data are very important at any time. We must adopt some targeted measures to defend against it.

B. same-origin policy of the browser: The same-origin policy is a convention. It is the core and basic security function of the browser. If the same-origin policy is missing, the normal functions of the browser may be affected. It can be said that the Web is built on the basis of the same-origin policy, and the browser is only an implementation of the same-origin policy.

The same-source policy of the browser restricts reading or setting certain attributes of the current "document" from different sources. In order not to confuse the browser's page behavior, the browser puts forward the concept of "Origin" (source), and objects from different origins cannot interfere with each other.

Because of the same origin policy, our XSS payload (XSS attack code) must be triggered in the same domain we want to attack. For example, if attackers want to steal cookies from www.a.com, they must be in the domain www.a.com (which can be different pages, but must be the same domain) XSS code can be stored, reflected, or DOM baesd code on a page.

4. XSS Classification

Storage Type:

Reflected type:

Dom type:

Shape: Also known as second-order, higher-order, or type III

 

5. Summary

These are some of the concepts above. Because there are many implementations on the internet, I will not be able to make an axe!

 

Introduction to XSS