List of articles

• XSS attack
  • #1 What is? XSS attack
  • #2 reflective XSS
  • #3 Storage type XSS
  • #4 DOM Based XSS
  • #5 defense XSS Several strategies for
  • #5 XSS And CSRF difference

XSS attack

#1 What is? XSS attack

XSS（Cross Site Scripting） The full name of attack is cross site scripting attack , To avoid cascading style sheets CSS(Cascading Style Sheets) confusion , Therefore, the cross-site scripting attack is abbreviated as XSS.

XSS An attack is when a hacker passes through HTML Inject Tampering with the web , Insert malicious script , So when users browse the web , An attack that controls the browser

XSS Attacks are divided into the following categories :

• reflective XSS
• Storage type XSS
• DOM Based XSS

#2 reflective XSS

reflective XSS principle : reflective XSS Generally speaking, an attacker entices the victim to access a malicious code in a specific way URL. This URL The first half is a normal visit to a site ( Such as : Microblogging ) The server address of , and URL There is malicious code in the parameter of , When the user clicks this URL after , You will normally visit the microblog server , If this interface of the server happens to be URL The parameter of is returned to the user , At this point, the malicious code will run on the user's browser , If the content of malicious code is to get the site Cookie, And send it to the attacker's server , Then the attacker can get the user's Cookie.

reflective XSS About the steps :

1. The attacker is in normal URL( Microblog interface ) Add malicious attack code to the following parameters ( The content of the code is to get the microblog on the user's browser Cookie)
2. When the user opens the URL When , Microblog server will malicious code from URL Remove from , Spliced in html And return to the browser .
3. The user's browser performs parsing after receiving the response , The malicious code will also be executed to .
4. The attacker steals user data and sends it to the attacker's website through malicious code . The attacker will get, for example cookie Etc , And then use that information to impersonate the behavior of legitimate users , Call the target website interface to perform attacks and other operations .

#3 Storage type XSS

Storage type XSS principle : An attacker injects malicious code into the database of a site ( Such as : Inject malicious code into the comment area of Weibo ), When a user visits a comment , The microblog server will return the malicious code to the user , At this point, the malicious code will be executed on the user's browser , And steal user information

Storage type XSS About the steps :

1. The attacker submits the malicious code to the target website database ( You can go through the comment area / Message board Injection ).
2. When the user opens the target website , The website server takes the malicious code out of the database , Then splice it to html Back to browser .
3. After receiving the response, the user's browser parses and executes , Then the malicious code will be executed .
4. So after the malicious code is executed , You can get user data , Like the one above cookie Etc , Then put the cookie Send to the attacker's website , So the attacker gets it cookie Then it will impersonate the user's behavior , Call the target website interface and other illegal operations .

How to prevent :

• The backend needs to filter the submitted data .
• The front end can also do something about it , For example, yes. script label , Replace special characters with HTML Code these, etc .

#4 DOM Based XSS

DOM Based XSS principle : Client's js Can be on the page dom Nodes operate dynamically , For example, insert 、 Modify the content of the page . For example, the client is from URL To extract data and execute it locally 、 If the data entered by the user on the client contains malicious js Script words , But these scripts don't do any filtering , Then our application is likely to get DOM-based XSS The attack of .

DOM Based XSS About the steps :

1. The client of a certain site just has a function , obtain URL Parameters in , Also on DOM Nodes operate dynamically
2. After receiving the response, the user's browser parses and executes . Front end use js Take out url And execute .
3. Execution time , Malicious code steals user data and sends it to the attacker's website , Then the attacker's website gets the data to act as a user's behavior operation . Call the target web interface Perform some of the attacker's actions .

obtain URl Parameters of , The client inserts the parameters into the tag , If the parameter is malicious code , The following will happen :

<script>
    ...
    document.body.innerHTML = "<a href='"+url+"'>"+url+"</a>";
    ...
</script>

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-69WgyJkX-1584915853871)(https://raw.githubusercontent.com/Coxhuang/yosoro/master/20200323061021.png)]

#5 defense XSS Several strategies for

• The browser takes the initiative XSS distinguish ,Chrome The browser will automatically recognize XSS Attack code
• The server filters the user's input

How to deal with the server :

• Will be important cookie Marked as http only, In this case Javascript Medium document.cookie Statement cannot get cookie 了
• On data html encode Handle , Filter or remove special Html label
• Filter JavaScript Label of event . for example “οnclick=”, “onfocus” wait

#5 XSS And CSRF difference

• CSRF The attack is when a user has logged in to a site , And in Cookie Before the expiration date , Induce users to click on malicious Links , In this way, you can access some interfaces on the server side of the site as a user ( Such as : bank transfer )
• XSS The attack is through malicious links or injection of malicious code into the server , To get users cookie Etc