XSS基础学习介绍
一、XSS介绍
跨站脚本攻击 cross site scripting 层叠样式表css
Xss 恶意攻击者 web页面中插入恶意的script代码用户浏览页面时该script被执行,达到攻击目的
为方便调试,我们在火狐中安装firebug和firepath插件
安装方法:https://www.cnblogs.com/xiaowenshu/p/10774252.html
完成后如下所示:
反射型 》前端-后段代码-前端 非持久性
存储型》前端-后端-数据库-前端 持久性 危害性更大
Dom型==》前端
二、反射型xss代码调试
xss.php
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>xss</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<script>
function setCookie(name,value){
var Days = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString();
}
setCookie("xssCookie","xssValue");
</script>
</head>
<body>
<h1>反射型xss:</h1>
<form action="#" method="get">
<input type="text" name="xss1"/>
<input type="submit" value="test"/>
</form>
</body>
</html>
<?php
error_reporting(0);
$xss = $_GET['xss1'];
if ($xss!==null) {
echo $xss;
}
// <h1>aa</h1> <style> h1 {color:red; test-align:center;} </style>
?>
http://127.0.0.1/7-27/xss.php?xss1=<h1>aa</h1> <style> h1 {color:red; test-align:center;} </style>
http://127.0.0.1/7-27/xss.php?xss1=<script>alert("xss");</script>
![在这里插入图片描述](https://img-blog.csdnimg.cn/20200807203820113.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NTY1MDcxMg==,size_16,color_FFFFFF,t_70)
```php
http://127.0.0.1/7-27/xss.php?xss1=<script>alert(123456);</script>
http://127.0.0.1/7-27/xss.php?xss1=<script>alert(document.cookie);</script>
也可以连接kali中的beef
三、短链接:
四、存储型xss代码分析
http://127.0.0.1/xss/xss1.asp?name=kitty
http://127.0.0.1/xss/xss2.asp
http://127.0.0.1/xsszhuanxiang/fanshe/fanshe.html
五、反射型xss实战:
http://192.168.1.105/xss/index2.asp
六、存储型xss
七、储存型xss实战获取cookie
https://xss8.cc/xss.php?do=login
http://127.0.0.1:800/DedeCmsV5.6-GBK-Final/uploads/index.html
竞赛要求:(下集预告)
1.爆破管理员和会员的用户名密码
2.会员身份插入xss执行
3.管理员触发
4.得到phpsession替换达到登录admin账号
存储型xss实战获取session
后续操作请持续关注哦!!!
了解更多请关注下列公众号:
😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗😗😗😗😗😗😗😗😗
😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗😗😗😗😗😗😗😗😗