xss What is it? ？

The following is from the Internet ：
XSS Full name （Cross Site Scripting） Cross-site scripting attacks ,XSS It belongs to client attack , The victim is the end user , But it should be noted that website administrators are also one of the users , That means XSS Can be done “ Server side ” attack , Because administrators have much more permissions than ordinary users , General administrators can manage files on the website , Data management and other operations , The attacker usually acts as an administrator “ The springboard ” Carry out an attack
XSS The ultimate goal of the attack is to embed the malicious script code of the client in the web page , The most common attack code is javascript Language , But other scripting languages are also used

xss Causes of the vulnerability ？

The failure to filter the user's controllable input and the failure to properly handle the output content led to the front end or the output point being directly considered as valid code and executed

xss What vulnerabilities can do ？

Common are ：

• Hijack the user cookie
• Framework for fishing
• Keyboard record
• Website hang horse
  some xss The platform or tool also has other functions, such as screen monitoring 、 Read file contents 、 Send error upgrade prompt, etc

What is cross domain ？

As the agreements 、 host ( The main domain name , subdomain )、 Any one of the ports is not the same , It's called different domains , The operation of requesting data between different domains , Become a cross domain operation

xss The classification of ：

reflective ： Interactive data will not be stored in the database , Just simply reflect the user's input data to the browser , Just one time
Storage type ： Interactive data will be stored in the database , Permanent storage , It has strong stability
DOM type ： No data interaction with background server , Through the front end dom Nodes form XSS Loophole