存储xss 反射xss
I’m sure you’ve heard of XSS (Cross-Site Scripting) if you’ve ever been within earshot of a security engineer. As part of the OWASP Top 10, it tends to pop up a lot in security discussions. Unfortunately, the standard explanation (“code injected into a webpage to make it do stuff”) doesn’t really help red or blue teams execute or protect against it.
如果您曾经在安全工程师的视野范围内,我敢肯定您听说过XSS(跨站点脚本)。 作为OWASP Top 10的一部分,它经常在安全性讨论中弹出很多。 不幸的是,标准的解释(“将代码注入到网页中以使其完成工作”)并不能真正帮助红色或蓝色的团队执行或防御它。
更好的解释 (A Better Explanation)
Basically, XSS can occur when a user is allowed to provide input that will be used by the application in some way to alter a view in the interface, without properly sanitizing the user-supplied input. For instance, when you search for a product in an online store and see the search term appear at the top of the results, or in the page title. You provided the term that the application is now using, so what’s to stop you from providing something malicious?
基本上,当允许用户提供输入时,如果没有适当地清理用户提供的输入,则允许用户提供输入,这些输入将由应用程序以某种方式使用以更改界面中的视图。 例如,当您在在线商店中搜索产品并看到搜索词出现在结果的顶部或页面标题中。 您提供了应用程序现在正在使用的术语,那么阻止您提供恶意软件的原因是什么?
![Image for post](https://i-blog.csdnimg.cn/blog_migrate/38619d725dd192d017fa8bcf5d21affb.png)
This is the premise of XSS.
这是XSS的前提。
榜样学习 (Learning By Example)
We’re going to use a fake web application, UberImage, to illustrate how XSS can occur in the real world. UberImage is a place to upload, tag, and share images with other users. Users can ‘like’ images, and popular images (by likes and views) appear on the front page. I’m sure nothing bad can come from that.
我们将使用一个伪造的Web应用程序UberImage来说明XSS如何在现实世界中发生。 UberImage是一个与其他用户上传,标记和共享图像的地方。 用户可以“点赞”图像,流行的图像(按点赞和查看)显示在首页上。 我敢肯定,没有什么不好的。
![Image for post](https://i-blog.csdnimg.cn/blog_migrate/65bc343ff1331cb7b868525f2a36c30c.png)
Surprise, there are multiple XSS vulnerabilities in our imaginary web app. We’ll be looking at both reflected and persistent XSS attacks. The difference is pretty simple. A reflected XSS attack commonly uses a malicious link to trick a user into accidentally supplying the XSS script (typically in the URL params) and executing it in their browser, while a stored/persistent attack uses the application itself to store the XSS script.
令人惊讶的是,我们虚构的Web应用程序中存在多个XSS漏洞。 我们将研究反射