xss利用中的一些小坑(XSS利用)

今日明天 2022年05月29日
本文导读目录:

xss漏洞如何防御?

1、基于特征的防御。XSS漏洞和著名的SQL注入漏洞一样,都是利用了Web页面的编写不完善,所以每一个漏洞所利用和针对的弱点都不尽相同,这就是给XSS漏洞防御带来的困难,不可能以单一特征来概括所有XSS攻击。

传统的XSS防御在进行攻击鉴别时多采用特征匹配方式,主要是针对JavaScript这个关键词进行检索,但是这种鉴别不够灵活,凡是提交的信息中各有JavaScript时,就被硬性的判定为XSS攻击。

2、基于代码修改的防御。Web页面开发者在编写程序时往往会出现一些失误或漏洞,XSS攻击正是利用了失误和漏洞,因此一种比较理想的方法就是通过优化Web应用开发来减少漏洞,避免被攻击:

①用户向服务器上提交的信息要对URL和附带的HTTP头、POST数据等进行查询,对不是规定格式、长度的内容进行过滤。

②实现Session标记、CAPTCHA系统或者HTTP引用头检查,以防功能被第三方网站所执行。

③确认接收的内容被妥善的规范化,仅包含最小的、安全的Tag,去掉任何对远程内容的引用,使用HTTP only的cookie。

3、客户端分层防御策略。客户端跨站脚本攻击的分层防御策略是基于独立分配线程和分层防御策略的安全模型。它建立在客户端,这是它与其他模型最大的区别。之所以客户端安全性如此重要,客户端在接受服务器信息,选择性的执行相关内容。这样就可以使防御XSS攻击变得容易,该模型主要由三大部分组成:

①对每一个网页分配独立线程且分析资源消耗的网页线程分析模块;

②包含分层防御策略四个规则的用户输入分析模块;

③保存互联网上有关XSS恶意网站信息的XSS信息数据库。

ASP网站的XSS跨站漏洞出现原因及解决办法?

Xss漏洞主要利用的是把输出的内容信息转化成脚本信息,这就需要把输出信息做过滤,这方面的过滤API可以考虑OWASP的ESAPI。这个API有面向ASP的版本,去OWASP官网去找吧。

恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意用户的特殊目的。

ASP

漏洞代码示例:

%

Dim param

Set param=Request.QueryString(“dd”)

response.write param

%

修复范例:

%

Dim param

Set param=Request.QueryString(“dd”)

response.write Server.HTMLEnCode(param)

%

PHP

漏洞代码示例:

?php

$aa=$_GET['dd'];

echo $aa.”123″;

?

修复范例:

?php

$aa=$_GET['dd'];

echo htmlspecialchars($aa).”123″;

?

利用最近热门的Xss漏洞能做什么?

1、针对性挂马 所以这类网站一定是游戏网站,银行网站或者是关于qq、taobao或者影响力相当大的网站等,它们必须有我们平常需要盗取的帐号密码;当然也或许是这个站点的浏览量相当高,我们能将更多的马挂出去。 而如果仅仅是平平常常的一个小站点的XSS漏洞,如果我们要挂马,那么莫不如就直接把木马页面地址贴出去。 2、用户权限下操作 这类网站则必须有会员了,而且这些会员有很多有意义的操作或者有我们需要的内部个人资料,所以我们可以通过XSS对已登录访问者进行有权限操作。我认为cookies的盗取应该算作这一项,因为其目的也是获取用户操作权限(盗密码包括在内),从而获取用户某些信息或者进行权限下的相关操作。 3、Dos攻击或傀儡机 这同样需要一个访问量非常大的站点,利用小站点莫不如我们自己攻击或获取信息。我们可以通过此页的访问用户不间断地攻击其他站点,或者进行局域网扫描等等。这类js工具早已经产生,js端口扫描、jikto、xssshell等等。 4、提权 一般这主要发生在论坛或信息管理系统,总之一定要有管理员了。这需要攻击者对目标系统相当熟悉(一般这样的系统需要开源代码),从而知道怎样构造语句进行提权。 5、实现特殊效果 譬如Monyer在百度空间的插入视频,插入版块;譬如一些人在新浪博客或者校内网实现的特殊效果等等。 结论: 从而你应该了解到这些网站应该具有的性质: 极高的访问量,有会员,有管理员,有具有价值的帐号密码,或者有意义进行特殊效果的实现。 如果你读过《Ajax Hacking with XSS》,你应该知道XSS至少包含input XSS和textarea XSS等七种方式。 其中url XSS属于input XSS,这些漏洞大部分属于保留式的XSS,而textarea XSS等一般属于不保留XSS。 这意味着正常访问一个页面是不会触发保留式的XSS的,尽管这是大部分网站具有的漏洞,其中搜索部分又称搜索式XSS漏洞。 所以当你获取了一个input XSS,你仅仅alert出一个小框框。你跟别人大吹大擂,你发现了一个漏洞,并且你可以alert一个框框给他看,但是事实上你什么都做不了。即使你能挂些小木马,那也是很没意义的事情——因为你莫不如直接在自己的虚拟主机里做XSS页面发给别人。 这个跟sql注入不同,XSS毕竟是客户端的东西。sql注入的目的往往是为了得到目标系统的权限,并且sql语句本身执行的就是服务端的指令;但 XSS一般却是为了获得客户端的东西,执行的也是客户端的指令。所以他们可以“'”一下“出错了”而大喊,你却不能因为“alert”出了“xss窗口” 而乱叫。

求采纳

如何正确防御xss攻击?

1、基于特征的防御。XSS漏洞和著名的SQL注入漏洞一样,都是利用了Web页面的编写不完善,所以每一个漏洞所利用和针对的弱点都不尽相同,这就是给XSS漏洞防御带来的困难,不可能以单一特征来概括所有XSS攻击。

传统的XSS防御在进行攻击鉴别时多采用特征匹配方式,主要是针对JavaScript这个关键词进行检索,但是这种鉴别不够灵活,凡是提交的信息中各有JavaScript时,就被硬性的判定为XSS攻击。

2、基于代码修改的防御。Web页面开发者在编写程序时往往会出现一些失误或漏洞,XSS攻击正是利用了失误和漏洞,因此一种比较理想的方法就是通过优化Web应用开发来减少漏洞,避免被攻击:

①用户向服务器上提交的信息要对URL和附带的HTTP头、POST数据等进行查询,对不是规定格式、长度的内容进行过滤。

②实现Session标记、CAPTCHA系统或者HTTP引用头检查,以防功能被第三方网站所执行。

③确认接收的内容被妥善的规范化,仅包含最小的、安全的Tag,去掉任何对远程内容的引用,使用HTTP only的cookie。

3、客户端分层防御策略。客户端跨站脚本攻击的分层防御策略是基于独立分配线程和分层防御策略的安全模型。它建立在客户端,这是它与其他模型最大的区别。之所以客户端安全性如此重要,客户端在接受服务器信息,选择性的执行相关内容。这样就可以使防御XSS攻击变得容易,该模型主要由三大部分组成:

①对每一个网页分配独立线程且分析资源消耗的网页线程分析模块;

②包含分层防御策略四个规则的用户输入分析模块;

③保存互联网上有关XSS恶意网站信息的XSS信息数据库。

xss攻击的危害有哪些?

跨站脚本 ( Cross-Site Scriptin ) 简称xss,是由于Web应用程序对用户的输入过滤不足而产生的.攻击者利用网站漏洞把恶意的脚本代码(通常包括HTML代码和客户端 Javascript脚本)注入到网页之中,当其他用户浏览这些网页时,就会执行其中的恶意代码,对受害用户可能采取 Cookie资料窃取、会话劫持、钓鱼欺骗等各种攻击。

其危害有:

1、网络钓鱼,包括盗取各类用户账号;

2、窃取用户cookies资料,从而获取用户隐私信息,或利用用户身份进一步对网站执行操作;

3、劫持用户(浏览器)会话,从而执行任意操作,例如进行非法转账、强制发表日志、发送电子邮件等;

4、强制弹出广告页面、刷流量等;

5、网页挂马,进行恶意操作,例如任意篡改页面信息、删除文章等;

6、进行大量的客户端攻击,如DDoS攻击;

7、获取客户端信息,例如用户的浏览历史、真实IP、开放端口等;

8、控制受害者机器向其他网站发起攻击;

9、结合其他漏洞,如CSRF漏洞,进一步入侵和破坏系统;

10、提升用户权限,包括进一步渗透网站;

11、传播跨站脚本蠕虫等;

xss注入漏洞产生的原因?xss注入过程步骤是什么?防范xss注入的方法有哪些

对于的用户输入中出现XSS漏洞的问题,主要是由于开发人员对XSS了解不足,安全的意识不够造成的。现在让我们来普及一下XSS的一些常识,以后在开发的时候,每当有用户输入的内容时,都要加倍小心。请记住两条原则:过滤输入和转义输出。

一、什么是XSS

XSS又叫CSS (Cross Site Script) ,跨站脚本攻击。它指的是恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意的特殊目的。XSS属于被动式的攻击,因为其被动且不好利用,所以许多人常呼略其危害性。

在WEB2.0时代,强调的是互动,使得用户输入信息的机会大增,在这个情况下,我们作为开发者,在开发的时候,要提高警惕。

二、XSS攻击的主要途径

XSS攻击方法只是利用HTML的属性,作各种的尝试,找出注入的方法。现在对三种主要方式进行分析。

第一种:对普通的用户输入,页面原样内容输出。

打开http://go.ent.163.com/goproducttest/test.jsp(限公司IP),输 入:scriptalert(‘xss’)/script, JS脚本顺利执行。当攻击者找到这种方法后,就可以传播这种链接格式的链接 (http://go.ent.163.com/goproducttest/test.jsp?key=JSCODE)如:http: //go.ent.163.com/goproducttest/test.jsp?key=scriptalert(‘xss’) lt;/script,并对JSCODE做适当伪装,如:

http://go.ent.163.com/goproducttest/test.jsp?key=%3c%73%63%72%69%70 %74%3e%61%6c%65%72%74%28%27%78%73%73%27%29%3c%2f%73%63%72%69%70%74%3e,当其 它用户当点此链接的时候,JS就运行了,造成的后果会很严重,如跳去一个有木马的页面、取得登陆用户的COOKIE等。

第二种:在代码区里有用户输入的内容

原则就是,代码区中,绝对不应含有用户输入的东西。

第三种:允许用户输入HTML标签的页面。

用户可以提交一些自定义的HTML代码,这种情况是最危险的。因为,IE浏览器默认采用的是UNICODE编码,HTML编码可以用ASCII方式来写,又可以使用”/”连接16进制字符串来写,使得过滤变得异常复杂,如下面的四个例子,都可以在IE中运行。

1,直接使用JS脚本。

img src=”javascript:alert(‘xss’)” /

2,对JS脚本进行转码。

img src=”javascript:alert(‘xss’)” /

3,利用标签的触发条件插入代码并进行转码。

img onerror=”alert(‘xss’)” /

4,使用16进制来写(可以在傲游中运行)

img STYLE=”background-image: /75/72/6c/28/6a/61/76/61/73/63/72/69/70/74/3a/61/6c/65/72/74/28/27/58/53/53/27/29/29″

以上写法等于img STYLE=”background-image: url(javascript:alert(‘XSS’))”

三、XSS攻击解决办法

请记住两条原则:过滤输入和转义输出。

具体执行的方式有以下几点:

第一、在输入方面对所有用户提交内容进行可靠的输入验证,提交内容包括URL、查询关键字、http头、post数据等

第二、在输出方面,在用户输内容中使用XMP标签。标签内的内容不会解释,直接显示。

第三、严格执行字符输入字数控制。

四、在脚本执行区中,应绝无用户输入。

我来说两句
黑客技术 3年前 (2022-05-29) | 回复
的.攻击者利用网站漏洞把恶意的脚本代码(通常包括HTML代码和客户端 Javascript脚本)注入到网页之中,当其他用户浏览这些网页时,就会执行其中的恶意代码,对受害用户可能采取 Cookie资料窃取、会话劫持、钓鱼欺骗等各种攻击。其危害有:1、网络钓鱼,包括盗取各类用户账号;2、窃取
黑客技术 3年前 (2022-05-29) | 回复
种鉴别不够灵活,凡是提交的信息中各有JavaScript时,就被硬性的判定为XSS攻击。2、基于代码修改的防御。Web页面开发者在编写程序时往往会出现一些失误或漏洞,XSS攻击正是利用了失误和漏洞,因此一种比较理想的方法就是通过优化Web应用开发来减少漏洞,避免被攻击:①用户向服务器上提交的信息要对
黑客技术 3年前 (2022-05-29) | 回复
行权限下的相关操作。 3、Dos攻击或傀儡机 这同样需要一个访问量非常大的站点,利用小站点莫不如我们自己攻击或获取信息。我们可以通过此页的访问用户不间断地攻击其他站点,或者进行局域网扫描等等。这类js工具早已经产生,js端口扫描、jikto、x
offwhiteoutlet 1年前 (2023-11-22) | 回复
I'm just writing to make you be aware of of the amazing experience my cousin's daughter developed browsing your web site. She learned a wide variety of details, most notably what it's like to possess an excellent coaching character to let the mediocre ones very easily fully grasp specific complex issues. You undoubtedly exceeded her desires. Thanks for providing such powerful, healthy, educational as well as easy tips about that topic to Kate.
yeezyboost350v2 1年前 (2023-12-08) | 回复
I wanted to send you the bit of remark to help give many thanks once again regarding the breathtaking things you have featured here. It was certainly tremendously open-handed with you to present unreservedly what exactly some people could possibly have distributed as an electronic book to make some cash for their own end, and in particular considering the fact that you could have tried it in case you considered necessary. Those advice additionally acted like the good way to be certain that the rest have the same interest like my own to understand more and more when considering this matter. I know there are millions of more pleasurable occasions ahead for folks who view your website.
abathingape 1年前 (2023-12-27) | 回复
I must express some appreciation to this writer just for bailing me out of such a trouble. Because of checking through the internet and seeing opinions which are not powerful, I was thinking my entire life was done. Existing minus the strategies to the difficulties you've fixed by means of your good post is a crucial case, as well as the kind that might have negatively affected my entire career if I had not noticed your web site. That talents and kindness in handling the whole thing was valuable. I am not sure what I would've done if I hadn't encountered such a subject like this. It's possible to at this point relish my future. Thanks a lot so much for the reliable and sensible help. I won't be reluctant to endorse your blog post to any individual who needs to have guidelines about this topic.
bape 12个月前 (12-29) | 回复
Thank you a lot for giving everyone remarkably marvellous chance to read critical reviews from this site. It is usually so fantastic and full of a great time for me and my office co-workers to visit the blog particularly 3 times in one week to learn the fresh issues you will have. And lastly, we're usually impressed with all the remarkable solutions you give. Selected 2 facts in this post are in truth the finest I've had.
airjordan 12个月前 (12-30) | 回复
Thanks for all your valuable labor on this web site. Debby take interest in carrying out investigations and it's obvious why. We all hear all of the dynamic medium you convey both interesting and useful strategies by means of your website and as well as strongly encourage response from the others on this subject then our favorite princess has been studying a whole lot. Have fun with the remaining portion of the new year. You are carrying out a pretty cool job.
off-white 12个月前 (01-01) | 回复
I have to express my appreciation to you just for bailing me out of such a scenario. Right after checking through the online world and coming across tips which are not powerful, I assumed my entire life was over. Being alive devoid of the answers to the issues you have solved by way of your entire article is a crucial case, and those that might have in a negative way damaged my entire career if I hadn't discovered your blog. Your actual training and kindness in touching a lot of things was vital. I don't know what I would have done if I had not come across such a step like this. I can now look ahead to my future. Thanks very much for the high quality and amazing guide. I will not hesitate to suggest the blog to any individual who would need recommendations about this subject matter.
kyrieshoes 12个月前 (01-03) | 回复
My spouse and i felt absolutely contented that Michael could complete his basic research with the ideas he had when using the weblog. It is now and again perplexing just to happen to be offering concepts people might have been making money from. So we figure out we have the blog owner to thank for this. These illustrations you made, the easy blog navigation, the relationships you can make it easier to instill - it is everything incredible, and it is leading our son and the family understand the subject is enjoyable, which is really mandatory. Thanks for everything!
supremenewyork 12个月前 (01-04) | 回复
Thank you a lot for giving everyone an extraordinarily pleasant chance to read articles and blog posts from here. It really is so ideal and jam-packed with a lot of fun for me personally and my office co-workers to search your web site on the least three times in a week to learn the new issues you will have. Not to mention, we are always happy with your terrific thoughts you give. Some 2 ideas on this page are unequivocally the simplest I have ever had.
bape 12个月前 (01-06) | 回复
I have to get across my gratitude for your kind-heartedness giving support to men and women that actually need help on this important concern. Your special commitment to passing the message all through came to be certainly productive and has truly enabled women just like me to arrive at their pursuits. Your amazing useful key points can mean a whole lot to me and even more to my mates. With thanks; from all of us.
kd13 12个月前 (01-07) | 回复
I together with my buddies were actually taking note of the good tactics from the blog while instantly I had a horrible suspicion I never expressed respect to you for those tips. The young men were certainly happy to see them and now have actually been enjoying these things. I appreciate you for getting so helpful and then for obtaining such quality resources millions of individuals are really needing to know about. Our honest regret for not expressing appreciation to you earlier.
goyardbag 12个月前 (01-08) | 回复
I want to express my appreciation to the writer just for bailing me out of such a trouble. After researching throughout the online world and obtaining recommendations which were not productive, I figured my entire life was well over. Existing devoid of the strategies to the difficulties you've fixed all through your main blog post is a critical case, and the kind which might have badly damaged my entire career if I had not noticed your web page. Your personal knowledge and kindness in playing with every item was very helpful. I am not sure what I would've done if I had not encountered such a step like this. I am able to at this point look forward to my future. Thanks for your time so much for your impressive and amazing guide. I won't think twice to recommend your web sites to anybody who would need direction about this issue.
goldengoosehistar 12个月前 (01-10) | 回复
You made some respectable points there. I appeared on the internet for the problem and located most people will go together with along with your website.
palmangels 12个月前 (01-11) | 回复
I am also commenting to let you understand of the superb encounter my daughter enjoyed going through your web page. She came to find plenty of things, which include what it is like to possess an amazing coaching heart to make most people effortlessly know precisely a variety of tricky issues. You undoubtedly surpassed our own expected results. Thanks for supplying those warm and friendly, trustworthy, educational and also easy guidance on the topic to Mary.
kyrieirvingshoes 11个月前 (01-12) | 回复
I want to point out my respect for your generosity supporting men and women that really need help with your area of interest. Your special commitment to passing the solution up and down was unbelievably interesting and has regularly empowered those much like me to attain their desired goals. Your personal interesting key points entails so much a person like me and additionally to my peers. Warm regards; from everyone of us.
palmangels 11个月前 (01-13) | 回复
I enjoy you because of your whole work on this web site. Debby enjoys doing investigations and it's easy to see why. Most people hear all of the powerful means you deliver useful information by means of your web site and therefore improve participation from the others about this idea while my daughter is really discovering a lot. Have fun with the rest of the year. You have been performing a pretty cool job.
bape 11个月前 (01-15) | 回复
I must show appreciation to the writer for rescuing me from this type of predicament. Because of exploring through the search engines and seeing principles which were not helpful, I believed my life was done. Existing devoid of the answers to the issues you have solved through your good website is a critical case, as well as the ones that might have adversely damaged my career if I had not come across your web page. Your good knowledge and kindness in maneuvering almost everything was very helpful. I am not sure what I would've done if I had not come across such a thing like this. I'm able to at this moment look ahead to my future. Thank you so much for the skilled and result oriented guide. I won't think twice to refer the sites to anyone who ought to have direction on this issue.
kd12shoes 11个月前 (01-16) | 回复
I wanted to post you one very small observation to finally thank you very much yet again for these remarkable principles you've featured in this article. It's really incredibly generous of you to provide unreservedly just what many of us could have offered as an e book to help make some money on their own, notably given that you could have done it in case you considered necessary. The points in addition served as a good way to comprehend other people online have a similar interest just as mine to learn very much more on the topic of this issue. I believe there are thousands of more enjoyable sessions up front for people who discover your website.
curry8 11个月前 (01-17) | 回复
I needed to create you this very small note so as to say thanks over again regarding the nice information you've shown in this case. This has been really wonderfully open-handed with you to offer publicly all that most of us would've offered for sale for an e-book to help make some profit for themselves, chiefly seeing that you could have done it if you wanted. Those smart ideas as well served to become a fantastic way to be sure that some people have the same desire really like my very own to see good deal more on the topic of this matter. I know there are a lot more fun periods ahead for individuals that looked at your blog.
kdshoes 11个月前 (01-18) | 回复
Thank you for every one of your hard work on this blog. Ellie really likes getting into investigations and it's easy to understand why. We notice all of the powerful form you offer precious strategies via this blog and therefore cause response from other ones about this situation and our favorite daughter is always studying a whole lot. Take advantage of the remaining portion of the new year. You are doing a dazzling job.
supremehoodie 11个月前 (01-19) | 回复
I must show my appreciation to you for rescuing me from this particular setting. After scouting throughout the internet and getting notions which are not pleasant, I figured my entire life was over. Existing without the presence of answers to the problems you have solved by means of your entire article content is a crucial case, and those which could have adversely damaged my entire career if I hadn't encountered your website. Your personal knowledge and kindness in dealing with the whole lot was priceless. I'm not sure what I would've done if I had not come across such a thing like this. I can also now look forward to my future. Thanks a lot so much for your reliable and amazing guide. I won't be reluctant to suggest the sites to anyone who needs to have guidance on this issue.
fearofgod 11个月前 (01-20) | 回复
I simply wanted to say thanks all over again. I'm not certain what I would've done in the absence of the techniques shown by you about such area of interest. It was actually the terrifying matter in my opinion, but noticing this well-written way you managed the issue took me to cry for joy. I will be happier for this advice and thus believe you comprehend what a powerful job you have been getting into educating most people via your blog. Most likely you have never encountered all of us.
goldengoosemen 11个月前 (01-21) | 回复
I抎 have to check with you here. Which is not one thing I normally do! I enjoy studying a put up that can make individuals think. Additionally, thanks for permitting me to comment!
bapesta 11个月前 (01-21) | 回复
Thank you for your whole efforts on this site. Kate loves working on internet research and it is obvious why. All of us know all concerning the dynamic form you present important tips and tricks on your web site and as well welcome contribution from some others about this article while our favorite princess is really studying a lot of things. Enjoy the remaining portion of the year. You have been carrying out a fantastic job.
offwhitejordan 11个月前 (01-22) | 回复
Thank you for all of the work on this website. My mom really loves participating in internet research and it's really simple to grasp why. I notice all relating to the compelling medium you make simple steps by means of the website and therefore recommend response from others about this theme then my girl has always been discovering a lot. Take pleasure in the rest of the new year. You are performing a remarkable job.
cheapjordans 11个月前 (01-23) | 回复
Needed to put you that little bit of note to help say thanks yet again for those unique principles you've documented here. This is pretty generous with you to deliver publicly exactly what a lot of people could have supplied as an e-book to end up making some dough for themselves, specifically seeing that you could have done it in case you considered necessary. These tricks as well acted to become good way to realize that other people online have similar interest like mine to grasp whole lot more related to this condition. I think there are several more fun moments ahead for individuals who go through your site.
fearofgodessentialshoodie 11个月前 (01-24) | 回复
I want to voice my appreciation for your kindness for those individuals that actually need guidance on in this situation. Your special commitment to getting the solution around ended up being pretty informative and have continuously helped regular people like me to realize their objectives. Your interesting instruction indicates a lot to me and far more to my office colleagues. Warm regards; from all of us.
Emailirax 1个月前 (11-09) | 回复
34 studied recently admitted critically ill patients with serum creatinine levels within the normal range and found that 25 of these patients had a urinary CrCl below 60 ml min 1 buy priligy 30 mg x 10 pill Levels of neopterin and NT Pro BNP both decreased after 3 months of ivabradine therapy
canibuycytotecpills 3周前 (11-30) | 回复
The exact level high or low is different for every individual where buy cheap cytotec prices PLoS ONE 11, e0147215 2016