Principle of xss attack

Others 2022-04-22 17:22:29 views: 0
xss
  • Cross site scripting attack (cross site scripting): It achieves the purpose of the attack by injecting executable code into the webpage and successfully executed by the browser, forming an effective XSS attack. Once the attack is successful, it can obtain the user's contacts
    List , and then send false and fraudulent information to contacts, delete user logs, etc., and sometimes implement phishing with other attack methods such as SQL injection attacking servers and databases, click hijacking, relative link hijacking, etc. The harm is huge, and it is the number one enemy of web security.
  • Execution condition:
    1. Need to inject malicious code into web pages;
    2. These malicious codes can be successfully executed by the browser.
  • XSS attack method
    • XSS storage attack: Malicious code is stored in the server of the target website. This attack has strong stability and persistence. The more common scenarios are on social networking sites such as blogs and forums.
    • XSS reflection attack: The intentional code is not stored on the target website, and the attack is carried out by luring users to click a malicious link that links to the target website.
  • Example of xss storage attack: a user can upload an article once in html. If the hacker user adds some illegal js code to the html when uploading the article, the browser will execute it by default when other users access the article The js code uploaded by the hacker completes the attack on other users

  • XSS reflection attack method: Sometimes the front-end HTML page needs to display the fields returned by the get method on the page. At this time, if the hacker adds a piece of js code after the passed field, it may also be executed. E.g:

    http://www.xxx.com/?id=" /><script>alert(/xss/)</script><br x="
//最终反射出来的HTML代码:
<div>
<img src="/images/handler.ashx?id=" /><script>alert(/xss/)</script><br x="" />
</div>
  • There are many types of attacks, such as:
    • Steal user account cookies
    • Traffic hijacking (locating to other pages by visiting a segment with window.location.href)
  • Defense method:
    • Escape the data code submitted by the front-end: When submitting a general form, you can use the strip_tags function to remove the html tag. If the rich text editor needs to retain the html tag, you can use htmlspecialchars to filter the submitted data to convert (& < > ' ") these characters; and you can use the htmlentities function to convert all html tags
    • Cookie protection: Set httpOnly for important cookies to prevent clients from reading cookies through document.cookie. The server can set this field.
    • Filter out all executable js code: for example, use the lexer method

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325178603&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com