experiment
1. xss cross-site scripting experiment
XSS (cross site scripting) is the most common vulnerability in web programs. It means that the attacker embeds client-side script such as javascript in the web page. When the user browses the web page, the script will be executed on the user's browser, so as to achieve the attacker's purpose. For example, obtaining cookies, navigating to malicious websites, etc., the main reason is that the data entered on the page becomes an attack caused by code.
This experiment uses a simple program written by javaweb to test the code as follows:
java page:
package servlet;
import java.io.IOException;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class XSSServlet extends HttpServlet {
private static final long serialVersionUID = -8953308985918560500L;
@Override
protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Map<String, String[]> map = request.getParameterMap();
Set<String> keySet = map.keySet();
// Pass the received parameters to the page one by one
for(String key : keySet){
Object obj = map.get(key);
if(obj instanceof String[]){
String[] strs = (String[])obj;
if(strs.length >= 1){
request.setAttribute(key, strs[0]);
}
}
}
request.getRequestDispatcher("/xss.jsp").forward(request, response);
}
}
Jsp page:
<%@ page pageEncoding="UTF-8"%>
<%String path = request.getContextPath(); String basePath = request.getScheme()+"://"
+request.getServerName()+":"+request.getServerPort()+path+"/";%>
<!DOCTYPE HTML><html> <head> <base href="<%=basePath%>">
<title>XSS cross-site scripting test</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
</head>
<body style="${bodyStyle }">
<form action="<%=path %>/xss.do" method="post">
背景颜色:<input name="bodyStyle" type="input" value="${bodyStyle }" />
<br />
<input type="submit" value="改变" />
</form>
</body>
</html>
Web.xml:
</welcome-file-list>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>servlet.XSSServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/xss.do</url-pattern>
</servlet-mapping>
The test is as follows:
Access address: http://localhost:8080/class/xss.do Fill in the parameters: background:red
Effect: After clicking the button, the page background will turn red
As shown in the figure:
Access address: http://127.0.0.1:8080/class/xss.do?bodyStyle=background:blue
Effect: The page turns blue directly, no need to click the button
As shown in the figure:
Attack test: Enter in the text box: " onload='alert(/hello/)' "
Effect: The page pops up a dialog box
测试输入:" onload="window.location.href='http://www.baidu.com' " "
Effect: Jump directly to Baidu homepage
Scanning results using the scanner are as follows: