1. Introduction to
XSS Cross site script
It usually refers to an attack in which hackers modify the page through "HTML injection" and insert malicious scripts to control the user's browser when the user browses the page. At the beginning, the demonstration case of this kind of attack was cross-domain, so it was called "cross-site scripting". But today, due to the powerful functions of Javascript and the complexity of the front-end applications of the website, whether it is cross-domain is no longer important. However, due to historical reasons, this name has survived.
Suppose a page outputs the parameters entered by the user to the page:
<?php
$input=$_GET["param"];
echo "<div>".$input."</div>";
?>
If you submit a piece of HTML code:
http://www.a.com/test.php?param=<script>alert(/xss/)</script>
You will find that alert(/xss/) is executed.
XSS is divided into the following categories:
1) Reflective XSS: It simply reflects the data entered by the user to the browser, and the hacker needs to trick the user into clicking the link. Also called "Non-persistent XSS" (Non-persistent XSS)
2) Storage XSS: "store" the data entered by the user on the server side. This XSS has a strong stability.
A common scenario is that a hacker writes a blog post containing malicious Javascript code. After the article is published, all users who visit the blog post will execute this malicious Javascript code in their browsers. The hacker saves the malicious script on the server side, so the Chinese XSS attack is called "stored XSS". Stored XSS is also called persistent XSS
3) DOM based XSS: Effectively speaking, it is also a reflective XSS. The XSS formed by modifying the DOM nodes of the page is called DOM Based XSS.
Look at the following code:
<script>
function test(){
var str=document.getElementById("text").value;
document.getElementById("t").innerHTML="<a href='"+str+"' >testLink</a>";
}
</script>
<div id="t"></div>
<input type="text" id="text" value="" />
<input type="button" id="s" value="write" onlick="test()" />
The function of this code is to insert a link on the current page after clicking the write button. In the test() function, the DOM node of the page is modified, and a piece of user data is written into the page as HTML through innerHTML, which results in DOM based XSS
Construct the following data:
'onclick=alert(/xss/) //
After entering, the page code becomes
<a href='' onlick=alert(/xss/) //' >testLink </a>
First, use a single quotation mark to close the first single quotation mark of href, then insert an onclick event, and finally use the comment symbol // to comment out the second single quotation mark. Why is onclick needed here, is it triggered by on event?
In fact, there is another way to use it—in addition to constructing a new event, you can also choose to close the <a> tag and insert a new HTML tag. Try the following input:
'><img scr=# onerror=alert(/xss2/) /><'
Page code programming
<a href=``><img scr=# onerror=alert(/xss2/) /><''>testLink</a> Here is the onerror event
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
