XSS vulnerability search and detection

XSS vulnerability search and detection

1. Black box testing

Black box testing refers to testing the system without knowing the code and running status of the system. In the detection of XSS vulnerabilities, we can simulate hacker attack methods and try to inject some XSS at all possible data input interfaces. Observe the page that references the data after the injection to check whether the data is injected, and check whether the XSS vulnerability exists. For example, we can use the following scripts to try XSS injection:

> <Script> alert (document. cookie) </script> = '> <script> alert (document. cookie) </script> <script> alert (document. cookie) </script> <script> alert (vulnerable) </script> <script> alert ('xsss ') </script>  <divstyle = "height: expression_r (alert ('xss'), 1) "/> (this is only valid for IE)

If information is displayed in the pop-up dialog box when you open the pages that reference the input data, you can determine that the data input may cause XSS injection, the location of the XSS ***** is determined.

 

 

2. Static Analysis

The XSS ****** static analysis method is a white-box testing method. It analyzes the Web application code to discover possible problems. Generally, the static analysis technology only performs some simple ****** on the code, finds out the possible cause of XSS injection, and reports it to us.

For example, Some APIs for reading data may exist in the Web application code, such as Request. queryString (), $ _ GET, etc. If these APIS exist, it indicates that XSS injection may be introduced. Through static analysis tools, we can easily find all the APIs that read data, and check whether XSS injection is filtered for each data input point in detail. As you can see, static analysis only helps us locate XSS

Possible locations of *****, because it is difficult for static analysis tools to determine whether XSS is used to filter input data, we still need to manually check, ensure that XSS does not exist ******.

 

 

3. Data Stream Analysis

The root cause of XSS ***** is that insecure data streams allow users to directly embed their input data into some pages. For example, the echo statement in PHP can directly add some data as part of the HTML page. If the data is user-injected XSS script data, XSS attacks will occur. Therefore, the main idea of data stream analysis is to use some models or tools to analyze the data transmission in Web application code, so as to discover the problems. For example, we can mark variables stored in user input data with a stain. By analyzing data streams and variable types, we can gradually mark all the intermediate variables that reference the stain variables, finally, we can determine whether the XSS vulnerability may be caused by observing whether the variable data output to the page has any stains.