当前位置:网站首页>[XSS bypass - protection strategy] understand the protection strategy and better bypass
[XSS bypass - protection strategy] understand the protection strategy and better bypass
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
3.2、 Common event properties :
3.3、 Label of non event attribute
Four 、 Sensitive keywords ( character ) Filter
6、 ... and 、 Content security policy (CSP)
One 、 sketch
Now? Web The application layer has many strategies to deal with XSS harm
eg:
Specific tag filtering 、 Event filtering 、 Sensitive keyword filtering ……
Browsers will also be right XSS Limit the exploitation of vulnerabilities (XSS Auditor、CSP etc. )
Two 、 Specific tag filtering
2.1、 shortcoming :
Filter out danger labels ( Such as script、iframe etc. ) It will result in the inability to execute the script
2.2、 present situation :
Any kind of label , Whether legal or not , Can be constructed XSS Code
< label οnclick="alert(/xss/)"> Come on, me </ label >
2.3、 utilize :
Property value : The output point is HTML The attribute of the tag or in Javascript In the code , Simply close 、 Splice properties or Javascript The code can execute XSS Code
HTML:<video><source οnerrοr="alert(/xss/)">
3、 ... and 、 Event filtering
3.1、 brief introduction :
Generally, many will be filtered out HTML Tag's event properties , You need to traverse all available event attributes , Test for omissions ( test :Burp Or write a script Fuzz)
3.2、 Common event properties :
onafterprint、oninput、onscroll、onbeforeprint 、oninvalid 、onabort、onbeforeunload 、onreset 、oncanplay、onerror、 onselect 、oncanplaythrough、onhaschange、 onsubmit、 ondurationchange、onload 、onkeydown 、onemptied、onmessage 、onkeypress、 onended、onoffline、 onkeyup、 onerror、ononline 、onclick、 onloadeddata、onpagehide、 ondblclick、 onloadedmetadata、onpageshow 、ondrag、 onloadstart、onpopstate、 ondragend、 onpause、onredo、 ondragenter、 onplay、onresize 、ondragleave 、onplaying、onstorage 、ondragover 、onprogress、onundo、 ondragstart 、onratechange、onunload、 ondrop、 onreadystatechange、onblur 、onmousedown、 onseeked、onchange 、onmousemove 、onseeking、oncontextmenu 、onmouseout、 onstalled、onfocus、 onmouseover 、onsuspend、onformchange 、onmouseup 、ontimeupdate、onforminput、onmousewheel、 onvolumechange
3.3、 Label of non event attribute
effect : Can be used to execute JavaScript Code
eg:JavaScript Fake protocol
<a href="javascript:alert(/xss/)"> Come on, me </a>
Four 、 Sensitive keywords ( character ) Filter
(1) Filter “.”
(2) Filter “()”
(3) Filter space
……
5、 ... and 、XSS Auditor
5.1、 summary :
Responsible for scanning the source code of the website , Looking for something like cross site scripting (XSS) Attack mode , This attack may attempt to run malicious code in the user's browser . By checking the input , Determine whether the content appears in the output . If meet XSS Auditor The filter conditions of , Will directly prevent script execution . Make reflective XSS The role of loopholes is gradually weakened .
6、 ... and 、 Content security policy (CSP)
6.1、 summary :
Content security policy (CSP) It is the most important Web One of the security protection mechanisms , Content security policy (CSP) It's an extra layer of security , Used to detect and weaken certain types of attacks , Including cross site scripts (XSS) And data injection attacks .
To alleviate potential cross site scripting problems , The browser's extender system introduces a content security policy (CSP), Will make the extender more secure by default , Developers can create and enforce rules , Manage the content that the website allows to load . Developers can use this tool to lock their applications in a variety of ways , Reduce content injection vulnerabilities ( Such as cross site scripting ) The risk of , And reduce the permission of its application execution
The content security policy uses the whitelist mechanism to manage the resources to be loaded or executed by the website . In the web page , Such a strategy is through HTTP Header information or meta Label to define .
Although this strategy can prevent attackers from loading malicious code across domains from external websites , however CSP It does not prevent data leakage . At present, many security researchers have proposed a variety of technologies to bypass content security policies , And use this technology to extract the required data from the target website .
7、 ... and 、 recommend
【XSS Cross Station collection 】 reflective 、 Storage type 、DOM class XSS principle ; Output in HTML、CSS、Javascript In the code 
https://blog.csdn.net/qq_53079406/article/details/123694180?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165672818516782248534754%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165672818516782248534754&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-4-123694180-null-null.185^v2^control&utm_term=xss&spm=1018.2226.3001.4450【xss Tools bypass 】xss And burpsuite、 front end 、 Dictionaries ……https://blog.csdn.net/qq_53079406/article/details/123901334?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165672818516782248534754%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165672818516782248534754&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-1-123901334-null-null.185^v2^control&utm_term=xss&spm=1018.2226.3001.4450
边栏推荐
- Reptile exercise 02
- C language series - Section 3 - functions
- Day 51 - tree problem
- UiPath实战(08) - 选取器(Selector)
- Leetcode simple question: check whether two string arrays are equal
- 金仓数据库KingbaseES 插件kdb_database_link
- Leetcode simple question: check whether the string is an array prefix
- Number of uniform strings of leetcode simple problem
- Joint set search: merge intervals and ask whether two numbers are in the same set
- Writing skills of multi plate rotation strategy -- strategy writing learning materials
猜你喜欢
STM32 reverse entry
Some information about the developer environment in Chengdu
Arthas watch grabs a field / attribute of the input parameter
《牛客刷verilog》Part II Verilog进阶挑战
Design and implementation of JSP logistics center storage information management system
使用BENCHMARKSQL工具对KingbaseES执行测试时报错funcs sh file not found
FuncS sh file not found when using the benchmarksql tool to test kingbases
会员积分商城系统的功能介绍
I've been in software testing for 8 years and worked as a test leader for 3 years. I can also be a programmer if I'm not a professional
Joint set search: merge intervals and ask whether two numbers are in the same set
随机推荐
Joint search set: the number of points in connected blocks (the number of points in a set)
Games101 Lesson 9 shading 3 Notes
Network security textual research recommendation
MC Layer Target
[set theory] binary relation (example of binary relation on a | binary relation on a)
2022 registration of G2 utility boiler stoker examination and G2 utility boiler stoker reexamination examination
MySQL winter vacation self-study 2022 12 (3)
Leetcode simple question: check whether the array is sorted and rotated
Youdao cloud notes
Kubernetes源码分析(一)
关于开学的准备与专业认知
Basic use of continuous integration server Jenkins
Smart contract security audit company selection analysis and audit report resources download - domestic article
How to choose cross-border e-commerce multi merchant system
Asp access teaching management system design finished product
I've seen a piece of code in the past. I don't know what I'm doing. I can review it when I have time
金仓数据库KingbaseES 插件kdb_exists_expand
Factor stock selection scoring model
Design and implementation of JSP logistics center storage information management system
Truncated sentences of leetcode simple questions