Technical Analysis of XSS cross-site scripting and SQL Injection Vulnerabilities

~ Introduction
In this article, I will explain all the knowledge about XSS and more. through this document, I hope you can understand what XSS is, Why XSS is used, and how to use XSS. once you learn, you will need to make full use of your creativity, because most people have fixed simple XSS vulnerabilities. but what they forget is to fix more vulnerabilities than a string of XSS, and the special security mechanisms in php are used to defend against XSS, replacing their own methods. at the same time, I will not only elaborate on XSS, but on all web security.

XXXXXXXXXXXXXXXXXXXXX
X Table OF Contents X
XXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXX
X Cookie Editing X
X XSS X
X SQL Injection X
XXXXXXXXXXXXXXXXXXXX

~ What is cookie?

Cookie is a piece of data. once you browse a site and register an account, a cookie is set to record your information. the cookie only saves your login information so that the site can check whether you have logged on before. If not, it will check whether your user name and password are correct and then log on. for example, if you buy a ticket in a nightclub, they will give you a card. therefore, you can enter and exit without buying tickets every time. cookies are much more complex than you can see. A nightclub can only remember you for one night, but cookies can remember you for a lifetime.

~ Warning & Spoofing

Now you know what cookies are... What do you think of them? In fact, cookie editing (modification) is one of the simplest methods. as long as you have a browser, you can view and edit cookies, and only need some basic javascript knowledge. open your browser and log on to a website... enter javascript: alert (document. cookie ). now you can see a user name and password. however, most websites use sessions instead of cookies. unfortunately, sessions cannot be modified (the server can). Unlike cookies, once you modify a cookie, you can cheat yourself. now let's start spoofing... suppose you see a warning box and see something like this:

Strusername = cnsst; strpassword = cnsst

Assume that you know that bitch is an administrator, but you do not know the password. Due to the fragile security mechanism, you do not need the password: javascript: void (document. cookie = "strusername = bitch ")
Now input: javascript: alert (document. cookie). That's almost very close to cookie modification...

~ What is XSS?

XSS or CSS, no matter what you prefer to call it, XSS (CSS) represents cross-site scripting. basically, you can inject scripts in any way to make them complete what you want. you can also intercept input information, such as the user name, password, and cookies through XSS. this will be discussed, so there will be a lot of examples. This article should help you develop your creativity on XSS.

~ Why XSS

Obviously, you can execute any types of scripts on the client and server through XSS. however, XSS is not limited to executing scripts, but also intercepting input. input: <input name = "name" type = "name">
You intercept input through XSS, and then send the intercepted information to your site through a secret file. this is not all the functions that XSS can achieve. XSS can also intercept cookies. cookies store valuable information, such as user names and passwords.