Security verification issues that you have to pay attention to in web development #2-xss

Objective

The XSS is also called the CSS (cross site script), which is an attack by the site.

Malicious attackers insert malicious HTML code into a Web page. When the user browses to the page, the embedded HTML code inside the Web will be run to achieve the special purpose of malicious attack users.

Environment preparation
As in previous times, use PHP as a demonstration. Since the generation of XSS is accompanied by the input and output, so I casually wrote a message board small application.

May not write very well. It's just for testing. Message Board code (interested in the ability to test) index.html

<! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">

Submit to receive page add.php

Show the show.php of the message
<?php $conn =mysql_connect (' localhost ', ' root ', ' wzw123 ') or Die ("database connection Failed") mysql_query ("Set names gb2312"); mysql_ select_db ("MyTest"); $sql = "SELECT * from message ORDER by id DESC"; $result =mysql_query ($sql), while ($all =mysql_fetch_ Array ($result)) {echo $all [' ID ']. " ==> ". $all [' name ']." ==> ". $all [' content '];echo ' 
>


Because it is a test, so the code is a bit unreasonable. Forgive me, do look.
This is the output of the message content. Did not do no matter what beautification. Alas. Don't mind the details. Hey
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvawjletbuza==/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">
Then we come to the place of the message, we enter the normal message content must be no problem. So what if we had the wretched input of JavaScript code?

The effect is very obvious, for example
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvawjletbuza==/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">

What about the other JavaScript code we're typing? For example, to obtain a client's cookie, etc... are capable of.

Suppose you think these are too chicken, that assumes the direct input of an embedded JS outside the chain? Suppose there is some code in the outer chain that gets all sorts of information? Wouldn't it be easy to get information?

If the administrator is in the background to review the message, someone else gets a cookie or other information. In the combination of CSRF the consequences are also very serious.

Just do a demo. Not for the convenience of people who are not practical. Please do not use for illegal purposes


PS: This article is only to improve the security awareness of programmers. Safety precautions, please do not use for illegal use! Because of the limited level, this article only to make a reference, reproduced please indicate the source, thank you.

 
Security verification issues that you have to pay attention to in web development #2-xss