Cross Site Scripting (Cross Site Scripting), in order not to be confused with the abbreviation of Cascading Style Sheets (CSS), it is abbreviated as XSS. Malicious attackers insert malicious Script code into a Web page. When a user browses the page, the Script code embedded in the Web page will be executed, thereby achieving the purpose of maliciously attacking the user.
Reflected XSS (reflection-based XSS attack)
Web attacks are mainly launched by exploiting system feedback behavior loopholes and deceiving users to actively trigger them.
Example 1:
Step 1: Search for products on the website. When the search is not available, the website will prompt "xxx is not on the shelf". As shown below.
Step 2: Search for content in the search box, fill in "", and click Search.
Step 3: The current-end page does not filter the filled data, it is directly displayed on the page, and then the alert string will be displayed.
Step 4: Then you can construct the address of obtaining the user's cookies, and let others click on this address through QQ group or spam:
If the deceived user has just logged in to the website, the user's login cookie information has already been sent to the attacker's server (xss.com). Of course, an attacker would do something more drastic.
Stored XSS (stored XSS attack)
The difference between Stored XSS and Reflected XSS is that the offensive script is saved to the server and can be completely obtained and executed by ordinary users from the service, thereby gaining the ability to spread on the network.
Step 1: Post an article that contains a malicious script
Hello! When you see this text, your information is no longer safe!
<script>alert('xss')</script>
Step 2: The backend does not filter the articles, but directly saves the content of the articles to the database.
Step 3: When other readers read this article, the included malicious script is executed.
Tip: The article saves the entire HTML content, and the front-end display is not filtered. This is very likely to happen, and most of them exist on blog sites.
If our action is not just to pop up a message, but to delete an article, send a reactionary article, or become my fan and repost this article with a malicious script, is it offensive?
DOM-based or local XSS (DOM-based or local XSS attack)
DOM, the full name of Document Object Model, is a platform and language-neutral interface that enables programs and scripts to dynamically access and update the content, structure, and style of a document.
DOM XSS is actually a special type of reflected XSS, which is a vulnerability based on the DOM document object model. The content of the page can be dynamically modified through the DOM, and the data in the DOM can be obtained from the client and executed locally. Based on this feature, JS scripts can be used to exploit XSS vulnerabilities.
例如可能触发DOM型XSS的属性:
document.referer属性
window.name属性
location属性
innerHTML属性
documen.write属性Summary: The essence of an XSS attack is to use all means to execute the attack script in the target user's browser.
Prevention:
All user input, output, and client output content are considered untrustworthy. When data is added to the DOM or the DOM API is executed, we need to perform HtmlEncode or JavaScriptEncode on the content to prevent XSS attacks.