Objective
The previous article on the WEB security aspects of the actual combat, mainly to solve the SQL blind security vulnerabilities. This article was supposed to write an article on how to prevent XSS attacks, but to think about it, or decide to first understand the XSS in theory. Next article, then deeply study how to prevent the problem.
Concept
What exactly is an XSS attack? XSS attack, the full name of "Cross Site Scripting Attack" (Scripting), is abbreviated as XSS, mainly for "Cascading Style Sheets"(cascading Style Sheets,css) distinguish between, lest confusion.
XSS is a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".
XSS is an attack on the customer's privacy of a particular Web site that can cause a complete security threat when customer details are stolen or controlled. Most site attacks involve only two groups: hackers and Web sites, or hackers and client victims. Unlike those attacks, XSS attacks involve three of groups: hackers, clients, and Web sites. The purpose of an XSS attack is to steal client-side cookies or any other sensitive information that can be used to identify a customer on a Web site. With the tag of a legitimate user at hand, hackers can continue to act as users interacting with the site to impersonate the user.
For example, in a survey of a large company, it is possible to use XSS attacks to peek at a user's credit card number and private information. This is achieved by running malicious JavaScript code on the victim (client) browser by taking advantage of the access privileges of the Web site. These are very limited JavaScript privileges that, in addition to site-related information, generally do not allow scripts to access any other content. It is important to emphasize that, although there are security vulnerabilities on the Web site, the Web site has never been directly harmed. But that's enough for the script to collect cookies and send them to hackers.
Analysis
Cross-site scripting attacks occur if a malicious person (an attacker) can force an unsuspecting user (the victim) to run a client-side script that the attacker chooses. The word "cross-site scripting" should be a misnomer, because it's not just about scripting, it's not even cross-site. So, it is a name that has been used since the discovery of such an attack. From now on, we will use its common abbreviated name "XSS".
the process of XSS attacks involves the following three people:
- Attackers
- Victims
- A compromised web site (an attacker could use it to take action against the victim)
Of the three parties, only the victim actually runs the attacker's code. Web sites are only a vehicle for launching attacks and are not generally affected. XSS attacks can be initiated in a variety of ways. For example, an attacker could send a maliciously crafted malicious URL to a victim via e-mail, IM, or other means. When the victim opens the URL in a Web browser, the Web site displays a page and executes the script on the victim's computer.
So, what is the XSS vulnerability?
As a web developer or tester, you know that the technical underpinnings of Web applications are made up of HTTP and HTML. The HTTP protocol is the transport mechanism for HTML, and you can use code to design Web page layouts and build pages.
If the WEB application accepts input from a user through an HTTP request, such as GET or POST, and then uses the output HTML code to display the information in some places, there may be an XSS vulnerability. Here is one of the simplest examples:
1. The WEB request looks like this:
GET Http://www.somesite.com/page.asp?pageid=10&lang=en&title=Section%20Title 2. After the request is made, the HTML content returned by the server includes:
as you can see, user input passed to the "title" query string parameter may be saved in a string variable and inserted into the
3. Now, if the site does not filter user input on the server side (because the client control can always be bypassed), a malicious user can use many means to abuse the vulnerability:
attackers can inject code by getting rid of the
<scrīpt>alert (' xss%20attack ') </scrīpt ">http://www.somesite.com/page.asp?pageid=10&lang=en &title=section%20title
The HTML output for this request will be:
even in this simplest case, an attacker could use this connection to do countless things.
Concluding remarks
after reading this article, I believe you have learned what is an XSS attack, and such attacks in our lives have not encountered, do not know you found no, occasionally in our mailbox there will be some unknown URLs, and these URLs are likely to be disguised attack script, of course, We should have a sense of self-protection, do not easily click on these links and other things. However, the most important thing is to know the principle of their attack, understand the principle, to prevent these loopholes is not far away.
Web security Combat (ii) take you to know XSS attacks
