XSS-- cross-site scripting attacks

Others 2019-12-08 21:36:31 views: null

Cross-site scripting attacks: by injecting malicious script on the page, the browser is executed successfully, to achieve the purpose of the attack.


A, XSS attack types and principles
1. reflective XSS attack
non-persistent attacks by hackers using interactive techniques sociability induce users to click on a link to access the target server, but the link embedded in the malicious code, malicious code as it is the target server will return , the user's browser executing malicious code, so as to achieve the purpose of attack.
2. The storage-type XSS attack
persistent attacks, malicious hackers will submit scripts to the target server, the target server in the database when the user access to the data, the target server will return to their malicious script as it is stored, the user's browser to execute malicious script , so as to achieve the purpose of attack. Any user accessing the data content will be attacked, which is far greater than the dangers of reflective XSS attack.
3. DOM XSS attack type
non-persistent attacks, without the back-end, is based on a loophole document object model, it is passed through the url parameter to control the trigger, in fact, belong to the reflective XSS attack.


Two, XSS attacks harm
through XSS attack, the attacker can steal the user's cookie information, as well as some private data.


Three, XSS attacks the defense
1. All user-submitted content filtering, all parameters in the url filter, to escape special characters, filtering out any content will lead to script execution.
2. The output of dynamic content on a user's browser pages html coding, so that the script can not be executed in the browser.
3. Set the session cookie http only attribute, so that the client can not access the cookie through the script.
In PHP, you can use the following function to filter the data to prevent XSS attacks:
strip_tags (): Delete HTML tags, retained some of the original data.
htmlentities (): use some characters that are equivalent substitute some common HTML tags. (&, ", ', <,>)
Htmlspecialchars (): for each possible escape HTML tags.

Guess you like

Origin www.cnblogs.com/wujuntian/p/12007222.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com