The website is harmed by XSS hanging horse

You may also encounter some situations , For example, some corporate websites or websites with large traffic volume will appear illegal advertisements for spinach . This form of web page hanging horse , For example, it can generate JS Code , Then I'll hang one for you XSS Cross site attack such a code , When you are an older browser , This vulnerability of the browser can be used to directly attack your operating system , So as to obtain higher system permissions .

  Do you like IE This is the case with browsers , We can check it through a web page , After you check it, you can penetrate into its computer through the web page , So as to obtain the system permission in advance , Then do what you want to do here , This is absolutely OK . So this is what we call , So it usually plays this kind of edge ball , What is a sideball ？ For example, some websites with illegal content , This thing itself is illegal , So he was hacked , He can only admit that he is dumb , He won't go to the police and say that my illegal website has been hacked .

Then you don't mean to throw yourself into the net, do you ？ It is not easy to do this in Chinese Mainland . The second is where this often happens ？ Movie download . So what is the third occurrence ？ What appears is the website you created with open source code , This movie website often does something ？ Collection of user information , For example, when you register , It will let you enter your email , Right ？ And some of your contact information , At this time, he is actually doing some information collection for you , Then when you download , It allows you to input, for example, what thunderbolt is, right ？ Let you enter your username and password , At this time, you are in the process of input , Its background can do keyboard recording , So sometimes I often find that you take Xunlei to a pirated website to download the movie. After that , Maybe you can't get your Xunlei account , I found that the password is incorrect , At this time, it may be recorded by keyboard , So your user name , Your email , Your email will send some addresses , For example, the email password you registered is exactly your correct password, right ？ So there will be some personal information collected in the mailbox , What's the information ？ Is there any card bill ？

  Now it's all electronic bills , Right ？ In the early years, there were paper bills , The bank will send you a bill every fixed day , Now it's all electronic bills , Do you have your contact information on the electronic bill ？ Do you have your card information ？ For example, card number , The security codes behind the card number , Do you have a work address ？ What is your last name, right ？ If you don't have a full name, you can call a gentleman , When you see a lady, you call her a lady, right ？ So these are a way for us to divulge information , Including some game passwords and so on .

Then there are also some private servers , How to hang a horse when the web page hangs a horse , It is directly through script sentence , adopt script The label of , Right ？ Can directly generate a code for you , Of course, if you don't kill the virus , Maybe you're particularly vulnerable , When you have some awesome anti-virus , If he can't detect it , You might get caught . So there will be some hacking here 、 dig 、XSS And so on .