What is XSS attack?

What is XSS attack?
XSS, also known as CSS (Cross Site Script), is a cross-site scripting attack. It refers to malicious attackers inserting malicious HTML into web pages.CodeWhen a user browses this page, the HTML code embedded in the Web is executed to achieve the Special Purpose of malicious users. XSS is a passive attack, because it is passive and not easy to use, so many people often call it harmful. This article mainly describes how to use XSS to obtain the shell of the target server. Although the technology is old, its ideas hope to help everyone.

How to find XSS vulnerabilities
XSS attacks are divided into two categories. One is internal attacks, which mainly refer to the useProgramVulnerabilities in the client, and cross-site statements, such as the cross-site vulnerability in showerror. asp of dvbbs. The other type is from external attacks. It mainly refers to constructing XSS Cross-Site vulnerability webpages or searching for webpages with cross-site vulnerabilities other than the target machines. For example, when we want to penetrate a website, we construct a webpage with cross-site vulnerabilities, and then construct cross-site statements. By combining other technologies, such as social engineering, cheat the administrator of the target server to open it, and then use the following technology to get a shell.

 

XSS attack methods

External attacks:

In traditional cross-site exploitation methods, attackers usually construct a cross-site webpage, and then put a cookie-collecting page in another space, next, we use other technologies to enable users to open cross-site pages to steal users' cookies for further attacks. At present, this method is lagging behind after all, so we generally know that once you collect cookies, it may not be able to penetrate into, because the passwords in cookie transmission are generally encrypted. In addition, most external attacks are implemented by uploading shell scripts. Therefore, you need to be cautious about the security test of the upload function.

Internal attacks:

generally, check whether the code has a length and a pair of ","> ","; "for the places and variables entered by the user "〈","〉",";", whether to filter characters such. Note that tags are closed. For example, when you test cross-site vulnerabilities in a QQ group, you can enter SCRIPT> alert ('test') in the title 〉, the code is not executed, because in the Source Code , other labels are not closed, such as missing a 〉, at this time, you only need to close a and the code will be executed. For example, you enter to bring up a test box.