What is XSS
XSS also known as CSS (Cross site Scripting) cross-site scripting tool, one of the common WEB loopholes, then the year 2013 ranked third in the OWASP TOP 10
XSS refers *** from further client-side script embedded in web pages, usually JS malicious code, by embedding malicious code page, then the user's browser when the user will use a browser to access
the implementation of the device.
XSS what harm
phishing to steal user Cookise, shells advertising brush flow, have changed the page information, delete articles, access to client information, dissemination of worms
XSS three types of
reflection type, storage type, Dom type
Reflective
, also known as non-persistent type XSS, the most prone to an XSS vulnerability
Mainly used for malicious scripts appended to the URL parameter, only when victims click on these links will trigger malicious JS script, and there is only a single user
is triggered when hit, but performed only once.
Storage-type XSS
on the site's message boards or comment at the store XSS malicious code when users click on the message board or comment on, the trigger can be fed back to the reflective XSS *** who can get
to the information of the user
Base XSS DOM
Dom type XSS does not need to parse the server response directly involved in triggering XSS rely on the browser DOM parsing
DOM type is JavaScript, the Document Object HTML injection. Direct browsers handle
Common XSS protection methods
plus CDN protection, the code layer filter, filter database layer, to build their own firewall, or you can turn HttpOnly CSP policy to protect the XSS ***
File Upload
What is a file upload
Web applications often have a file upload function, publish pictures, post your resume on job sites DOC format, as long as the web application that allows uploading file upload vulnerability is likely to exist
File upload verification process
upload files, Http POST request (upload), passed to the WEB server,
the server starts to verify the detection, determines whether the file is normal, detecting the suffix, the content of the detection, determination logic
can not be detected by direct pulling blacklist .
Recommend a test upload Web
https://GitHub.com/cOnly1/upload-labs
Client-side validation (in fact not very useful)
MIME verify the
MIME type of abbreviated as (Multipurpose Internet Mail Extensions) on behalf of media type (Internet media type), MIME uses a
simple strings, originally in order to identify the type of e-mail attachments Email in html file can use the content-type attribute indicates that describes the file type of
Internet standards.
MIME main categories:
text: text information showing for normalization, the text message may be more or more character sets and formats;
Multipart: a plurality of connecting sections of the body constitute a message, part of which may be different types of data;
the application: for transmitting application data or binary data;
the message: E-mail for packaging a message;
Image: data for the transmission of still pictures;
audio: used to transmit audio or sound data;
Video: for transmission motion picture data, together with audio editing video data format.
MIME verification
How Protection
-
Strictly control the upload directory permissions, remove execute permissions,
-
Through a number of open-source software to detect file.
- To build a firewall, open the filter
Command execution
What is the command to execute
the command execution vulnerability refers *** could execute arbitrary system commands. Any scripting language is one of high-risk vulnerabilities can call the operating system command
Applications sometimes need to invoke some function to execute system commands, such as in PHP system, exec, shell, popen, proc_popen , etc., when the user can control the function of these
time parameters, you can see the malicious system commands
Spliced to a normal name, resulting command *** This rapid command execution vulnerability