Detailed XSS

Others 2020-03-24 18:28:58 views: null

About XSS:
XSS (Cross Site Scripting), and in order not to Cascading Style Sheets abbreviation (Cascading Style Sheets) confusion, the cross-site scripting attacks abbreviated changed to XSS. XSS is a security exploit technology for web applications, code injection is a malicious attacker to insert malicious script in the web page code when a user visits the page, the embedded script code will be executed, so the purpose of malicious users. After the successful attack, a malicious user could get a higher authority, a variety of content privacy page content, session and cookie so on.

XSS attacks Category:
1. reflective XSS
reflective XSS type, also known as non-persistent XSS, such attacks often have disposable.

Attack: An attacker will send contain XSS code via e-mail, etc. malicious link to the target user. When the user accesses the link, the target server receives a user request and processed, then the server sends the data to the target code XSS with the user's browser, this browser parses malicious script code with XSS, it It will trigger XSS vulnerabilities.
2. The storage type XSS
storage type, also known as persistent XSS type XSS, attacks script will be permanently stored in a database or file of the target server with high covert.

Attack: This attack is more common in forums, blog and message boards. In the process of posting the attacker, the malicious script injected together along with the normal information content of the post, as the post is stored in the server down, the malicious script can also be permanently stored in the back-end storage server. When users browse the other was injected with a malicious script posts, malicious script will be executed in their browser.
3. DOM-type XSS
DOM stands for Document Object Model, DOM XSS type is actually a special type of reflective XSS, it is based on a model of vulnerability DOM document, using the DOM allows programs and scripts to dynamically access and update documents content, structure and style.

Attack: After a user requests a url specially designed, it is submitted by an attacker, and it contains XSS code response from the server does not contain the attacker's script in any form. When a user's browser handles the response, DOM XSS code for the object will be processed, resulting in the presence of XSS vulnerabilities.

hangY0.0
Published 25 original articles · won praise 3 · Views 590
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_45254208/article/details/105075879
xss
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com