XSS injection

XSS A brief introduction

Cross-site scripting attacks (Cross Site Scripting), For not cascading style sheets (Cascading Style Sheets,CSS) Confusion of abbreviations , Therefore, the cross-site scripting attack is abbreviated as XSS. Malicious attacker to Web Malicious insert in the page Script Code , When users browse the page , Embedded in Web Inside Script Code will be executed , So as to achieve the purpose of malicious attack on users .
XSS harm ：

Traffic hijacking
Get users cookie Information , Stealing account number
Tampering 、 Delete page information （ go fishing ）
coordination CSRF attack , Carry out further attacks

XSS classification

reflective XSS： reflective XSS Also known as non persistence XSS, When a user accesses a with XSS Code HTML When asked , The server receives data and processes it , Then put the belt with XSS Send your data to the browser , The browser parses this section with XSS Code data after , To create XSS Loophole , This process is like a reflection , So it's called reflective XSS.
Storage type XSS： Storage type XSS Also known as persistence XSS, Storage type XSS Is one of the most dangerous cross site scripting vulnerabilities , When an attacker submits a paragraph XSS After code , Received and stored by the server , When an attacker or user visits a page again , This paragraph XSS The code is read by the program and responded to the browser , cause XSS Cross Station attack , This is a storage type XSS.
DOM type ： Without going through the back end ,DOM—based XSS The vulnerability is based on the document object model Document Objeet Model,DOM) A loophole in ,dom-xss It's through url Pass in parameters to control the trigger .

Whether the test management interface exists XSS：
Enter ">( closed input label )

result , Interface pop-up , Prove that the system exists XSS Inject

From the previous verification , The page exists XSS Loophole . Next, modify the link attribute to jump to the phishing interface

stay username= Followed by "><a（ Change forgotten password a Labeled href, Make it point to phishing sites ）

Click forget password , Go to the phishing site
Storage type xss
cms The message board of the article management system exists xss Loophole , Now we inject by constructing code

Simulate the administrator to log in to the background of the article management system to browse and review the user's comments , Discovery triggers xss Popup , Looking at the source code, we find that the information entered by the user is embedded in html It is parsed and executed by the browser .

After the administrator approves , Anyone who browses the content of this message will also parse and execute our injected payload Of .

XSS Loophole prevention

XSS The power of depends mainly on JavaScript The extent to which it can be achieved ,XSS The reason for the formation of cross site scripts is that there is no strict filtering of input and output , Results in execution of... On the page JavaScript Wait for client code , So just filter sensitive characters , You can fix XSS Cross site loopholes .
Repair and prevention methods ：
Three types of XSS Vulnerabilities can be fixed by filtering or coding .
reflective XSS And storage XSS You can filter and encode the contents of user input and output at the server , Filter keywords , Key symbols are encoded , If all on event script Wait for keywords to filter , Will all <,>,”,’,= And other special symbols url Coding can be repaired .

DOM type XSS If so, interact with the server , You can also refer to the above method for repair , If there is no interaction with the server , It can be used on the client JavaScript And other client scripting languages for coding and filtering .