What can I do with the latest popular Xss vulnerabilities?

Source: Internet
Author: User

Www.2cto.com: Although xss is getting hotter recently, it is indeed an article published several years ago for your reference.

You may often see that some experts test XSS vulnerabilities in the alert window. We thought that XSS was like this. When alert came out of the window, we said we had discovered the vulnerability.
 
In fact, it is far from that simple. What you find is just a small bug for programmers, far from XSS. Their relationships are similar to those between system vulnerabilities and exploits. Does your system show that the memory cannot be read "? Do you know it is a manifestation of an overflow vulnerability? However, it is far from that simple to do the exploit operation. Can you say that you have discovered an exploit vulnerability?
 
The XSS experts of the XSS can all take out and do something like this to count as a vulnerability.
 
So what can we do with xss? Monyer thinks there are several points:
 
1. Targeted Trojan
 
Therefore, such websites must be game websites, banking websites, qq, taobao, or influential websites. They must have the account and password we usually need to steal; of course, it may be that the site has a relatively high page views, so we can put more Trojans out.
 
If we only have a common XSS vulnerability on a small site, and we want to mount a Trojan, simply paste the trojan page address.
 
2. Operations with User Permissions
 
This type of website must have members, and these members have a lot of meaningful operations or internal personal data that we need. Therefore, we can use XSS to operate on logged-on visitors. In my opinion, Cookie Theft should be counted as this, because the purpose is to obtain user operation permissions (including password theft), so as to obtain user information or perform related operations under permissions.
 
3. Dos attacks or bots
 
This also requires a site with a very large access volume. Using a small site does not attack or obtain information as we do. We can use this page to allow users to continuously attack other sites or perform LAN scans. These js tools have already been generated, such as js port scanning, jikto, and xssshell.
 
4. Elevation of Privilege
 
Generally, this occurs in forums or information management systems. In short, there must be an administrator. This requires attackers to be quite familiar with the target system (generally such systems need to open source code), so as to know how to construct statements for Elevation of Privilege.
 
5. Special Effects
 
For example, Monyer inserts videos and sections in Baidu space. For example, some people have special effects on Sina Blog or intranet.
 
Conclusion:
 
So you should understand the nature of these websites:
 
Extremely high traffic, membership, Administrator, valuable account and password, or meaningful implementation of special effects.
 
If you have read Ajax Hacking with XSS, you should know that XSS contains at least seven methods, including input XSS and textarea XSS.
 
Among them, url XSS belongs to the input XSS, most of these vulnerabilities belong to the reserved XSS, while textarea XSS and so on generally do not belong to the reserved XSS.
 
This means that normal access to a page will not trigger retained XSS, although this is a vulnerability in most websites, the search part is also called the search XSS vulnerability.
 
So when you get an input XSS, you only need alert to create a small box. You have discovered a vulnerability with others, and you can show it to alert in a box, but in fact you can't do anything. Even if you can mount a Trojan, it is meaningless-because you do not directly issue XSS pages to others on your VM.
 
Unlike SQL injection, XSS is a client. The purpose of SQL injection is to obtain the permissions of the target system, and the SQL statement itself executes server-side commands. However, XSS is generally used to obtain client-side commands, the command is executed by the client. So they can yell "'" and "error", but you cannot scream because "alert" is out of the "xss window.
 
Otherwise, it will only make others laugh!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.