xss攻击的修改方法(xss攻击的几种方式)

今日出生 2022年05月29日
本文导读目录:

XSS攻击的定义,类型以及防御方法?

XXS攻击全称跨站脚本攻击,是一种在Web应用中的计算机安全漏洞,它允许恶意Web用户将代码植入到提供给其他使用的页面中。

XSS攻击有哪几种类型?下面就由锐速云的小编为大家介绍一下

经常见到XSS攻击有三种:反射XSS攻击、DOM-based型XSS攻击以及储存型XSS攻击。

[if !supportLists]1、[endif]反射型XSS攻击

反射性XSS一般是攻击者通过特定手法(如电子邮件),诱使用户去访问一个包含恶意代码的URL,当受害者点击这些专门设计链接的时候,恶意代码会直接在受害主机上的浏览器上执行,反射型XSS通常出现在网站搜索栏,用户登入口等地方,常用来窃取客户端或进行钓鱼欺骗。

[if !supportLists]2、[endif]存储型XSS攻击

存储型XSS攻击也叫持久型XSS,主要将XSS代码提交储存在服务器端(数据库,内存,文件系统等)下次请求目标页面时不用在提交XSS代码。当目标用户访问该页面获取数据时,XSS代码会从服务器解析之后加载出来,返回到浏览器做正常的HTML和JS解析执行,XSS攻击就发生了。储存型XSS一般出现在网站留言,评论,博客日志等交互处,恶意脚本储存到客户端或者服务端的数据库中。

[if !supportLists]3、[endif]DOM-based型XSS攻击

DOM-based型XSS攻击它是基于DOM的XSS攻击是指通过恶意脚本修改页面的DOM结构,是纯粹发生在客户端的攻击。DOM型XSS攻击中,取出和执行恶意代码由浏览器端完成,属于前端JavaScript自身的安全漏洞。

如何防御XSS攻击?

[if !supportLists]1、[endif]对输入内容的特定字符进行编码,列如表示html标记等符号。

[if !supportLists]2、[endif]对重要的cookie设置httpOnly,防止客户端通过document。cookie读取cookie,此HTTP开头由服务端设置。

[if !supportLists]3、[endif]将不可信的输出URT参数之前,进行URLEncode操作,而对于从URL参数中获取值一定要进行格式检查

[if !supportLists]4、[endif]不要使用Eval来解析并运行不确定的数据或代码,对于JSON解析请使用JSON。Parse()方法

[if !supportLists]5、[endif]后端接口也应该要做到关键字符过滤的问题。

xss攻击类型包括那些?

从攻击代码的工作方式可以分为三个类型:

(1)持久型跨站:最直接的危害类型,跨站代码存储在服务器(数据库)。

(2)非持久型跨站:反射型跨站脚本漏洞,最普遍的类型。用户访问服务器-跨站链接-返回跨站代码。

(3)DOM跨站(DOM XSS):DOM(document object model文档对象模型),客户端脚本处理逻辑导致的安全问题。

基于DOM的XSS漏洞是指受害者端的网页脚本在修改本地页面DOM环境时未进行合理的处置,而使得攻击脚本被执行。在整个攻击过程中,服务器响应的页面并没有发生变化,引起客户端脚本执行结果差异的原因是对本地DOM的恶意篡改利用。

常用的XSS攻击手段和目的有:

1、盗用cookie,获取敏感信息。

2、利用植入Flash,通过crossdomain权限设置进一步获取更高权限;或者利用Java等得到类似的操作。

3、利用iframe、frame、XMLHttpRequest或上述Flash等方式,以用户的身份执行一些管理动作,或执行一些一般的如发微博、加好友、发私信等操作。

4、利用可被攻击的域受到其他域信任的特点,以受信任来源的身份请求一些平时不允许的操作,如进行不当的投票活动。

5、在访问量极大的一些页面上的XSS可以攻击一些小型网站,实现DDos攻击的效果。

网站受到了XSS攻击,有什么办法?

一.跨站脚本攻击(XSS)

  跨站脚本攻击(XSS,Cross-site scripting)是最常见和基本的攻击WEB网站的方法。攻击者在网页上发布包含攻击性代码的数据。当浏览者看到此网页时,特定的脚本就会以浏览者用 户的身份和权限来执行。通过XSS可以比较容易地修改用户数据、窃取用户信息,以及造成其它类型的攻击,例如CSRF攻击

   常见解决办法:确保输出到HTML页面的数据以HTML的方式被转义

    出错的页面的漏洞也可能造成XSS攻击.比如页面/gift/giftList.htm?page=2找不到,出错页面直接把该url原样输出,如果攻击者在url后面加上攻击代码发给受害者,就有可能出现XSS攻击

二. 跨站请求伪造攻击(CSRF)

   跨站请求伪造(CSRF,Cross-site request forgery)是另一种常见的攻击。攻击者通过各种方法伪造一个请求,模仿用户提交表单的行为,从而达到修改用户的数据,或者执行特定任务的目的。为了 假冒用户的身份,CSRF攻击常常和XSS攻击配合起来做,但也可以通过其它手段,例如诱使用户点击一个包含攻击的链接

  解决的思路有:

    1.采用POST请求,增加攻击的难度.用户点击一个链接就可以发起GET类型的请求。而POST请求相对比较难,攻击者往往需要借助javascript才能实现

    2.对请求进行认证,确保该请求确实是用户本人填写表单并提交的,而不是第三者伪造的.具体可以在会话中增加token,确保看到信息和提交信息的是同一个人

三.Http Heads攻击

 凡是用浏览器查看任何WEB网站,无论你的WEB网站采用何种技术和框架,都用到了HTTP协议.HTTP协议在Response header和content之间,有一个空行,即两组CRLF(0x0D 0A)字符。这个空行标志着headers的结束和content的开始。“聪明”的攻击者可以利用这一点。只要攻击者有办法将任意字符“注入”到 headers中,这种攻击就可以发生

 以登陆为例:有这样一个url:

http://www.lyyha.com/login?page=http%3A%2F%2Flocalhost%2Findex

当登录成功以后,需要重定向回page参数所指定的页面。下面是重定向发生时的response headers.

HTTP/1.1 302 Moved Temporarily

Date: Tue, 17 Aug 2010 20:00:29 GMT

Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

Location: http://www.lyyha.com/index

假如把URL修改一下,变成这个样子:

http://www.lyyha.com/login?page=http%3A%2F%2Flocalhost%2Fcheckout%0D%0A%0D%0A%3Cscript%3Ealert%28%27hello%27%29%3C%2Fscript%3E

那么重定向发生时的reponse会变成下面的样子:

HTTP/1.1 302 Moved Temporarily

Date: Tue, 17 Aug 2010 20:00:29 GMT

Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

Location: http://www.lyyha.com/checkoutCRLF

CRLF

scriptalert('hello')/script

    这个页面可能会意外地执行隐藏在URL中的javascript。类似的情况不仅发生在重定向(Location header)上,也有可能发生在其它headers中,如Set-Cookie header。这种攻击如果成功的话,可以做很多事,例如:执行脚本、设置额外的cookie(CRLFSet-Cookie: evil=value)等。

   避免这种攻击的方法,就是过滤所有的response headers,除去header中出现的非法字符,尤其是CRLF。

    服务器一般会限制request headers的大小。例如Apache server默认限制request header为8K。如果超过8K,Aapche Server将会返回400 Bad Request响应:

    对于大多数情况,8K是足够大的。假设应用程序把用户输入的某内容保存在cookie中,就有可能超过8K.攻击者把超过8k的header链接发给受害 者,就会被服务器拒绝访问.解决办法就是检查cookie的大小,限制新cookie的总大写,减少因header过大而产生的拒绝访问攻击

四.Cookie攻击

    通过Java Script非常容易访问到当前网站的cookie。你可以打开任何网站,然后在浏览器地址栏中输 入:javascript:alert(doucment.cookie),立刻就可以看到当前站点的cookie(如果有的话)。攻击者可以利用这个特 性来取得你的关键信息。例如,和XSS攻击相配合,攻击者在你的浏览器上执行特定的Java Script脚本,取得你的cookie。假设这个网站仅依赖cookie来验证用户身份,那么攻击者就可以假冒你的身份来做一些事情。

    现在多数浏览器都支持在cookie上打上HttpOnly的标记,凡有这个标志的cookie就无法通过Java Script来取得,如果能在关键cookie上打上这个标记,就会大大增强cookie的安全性

五.重定向攻击

  一种常用的攻击手段是“钓鱼”。钓鱼攻击者,通常会发送给受害者一个合法链接,当链接被点击时,用户被导向一个似是而非的非法网站,从而达到骗取用户信 任、窃取用户资料的目的。为防止这种行为,我们必须对所有的重定向操作进行审核,以避免重定向到一个危险的地方.常见解决方案是白名单,将合法的要重定向 的url加到白名单中,非白名单上的域名重定向时拒之,第二种解决方案是重定向token,在合法的url上加上token,重定向时进行验证.

六.上传文件攻击

  1.文件名攻击,上传的文件采用上传之前的文件名,可能造成:客户端和服务端字符码不兼容,导致文件名乱码问题;文件名包含脚本,从而造成攻击.

   2.文件后缀攻击.上传的文件的后缀可能是exe可执行程序,js脚本等文件,这些程序可能被执行于受害者的客户端,甚至可能执行于服务器上.因此我们必须过滤文件名后缀,排除那些不被许可的文件名后缀.

  3.文件内容攻击.IE6有一个很严重的问题 , 它不信任服务器所发送的content type,而是自动根据文件内容来识别文件的类型,并根据所识别的类型来显示或执行文件.如果上传一个gif文件,在文件末尾放一段js攻击脚本,就有可 能被执行.这种攻击,它的文件名和content type看起来都是合法的gif图片,然而其内容却包含脚本,这样的攻击无法用文件名过滤来排除,而是必须扫描其文件内容,才能识别。

xss漏洞如何防御?

1、基于特征的防御。XSS漏洞和著名的SQL注入漏洞一样,都是利用了Web页面的编写不完善,所以每一个漏洞所利用和针对的弱点都不尽相同,这就是给XSS漏洞防御带来的困难,不可能以单一特征来概括所有XSS攻击。

传统的XSS防御在进行攻击鉴别时多采用特征匹配方式,主要是针对JavaScript这个关键词进行检索,但是这种鉴别不够灵活,凡是提交的信息中各有JavaScript时,就被硬性的判定为XSS攻击。

2、基于代码修改的防御。Web页面开发者在编写程序时往往会出现一些失误或漏洞,XSS攻击正是利用了失误和漏洞,因此一种比较理想的方法就是通过优化Web应用开发来减少漏洞,避免被攻击:

①用户向服务器上提交的信息要对URL和附带的HTTP头、POST数据等进行查询,对不是规定格式、长度的内容进行过滤。

②实现Session标记、CAPTCHA系统或者HTTP引用头检查,以防功能被第三方网站所执行。

③确认接收的内容被妥善的规范化,仅包含最小的、安全的Tag,去掉任何对远程内容的引用,使用HTTP only的cookie。

3、客户端分层防御策略。客户端跨站脚本攻击的分层防御策略是基于独立分配线程和分层防御策略的安全模型。它建立在客户端,这是它与其他模型最大的区别。之所以客户端安全性如此重要,客户端在接受服务器信息,选择性的执行相关内容。这样就可以使防御XSS攻击变得容易,该模型主要由三大部分组成:

①对每一个网页分配独立线程且分析资源消耗的网页线程分析模块;

②包含分层防御策略四个规则的用户输入分析模块;

③保存互联网上有关XSS恶意网站信息的XSS信息数据库。

如何正确防御xss攻击?

1、基于特征的防御。XSS漏洞和著名的SQL注入漏洞一样,都是利用了Web页面的编写不完善,所以每一个漏洞所利用和针对的弱点都不尽相同,这就是给XSS漏洞防御带来的困难,不可能以单一特征来概括所有XSS攻击。

传统的XSS防御在进行攻击鉴别时多采用特征匹配方式,主要是针对JavaScript这个关键词进行检索,但是这种鉴别不够灵活,凡是提交的信息中各有JavaScript时,就被硬性的判定为XSS攻击。

2、基于代码修改的防御。Web页面开发者在编写程序时往往会出现一些失误或漏洞,XSS攻击正是利用了失误和漏洞,因此一种比较理想的方法就是通过优化Web应用开发来减少漏洞,避免被攻击:

①用户向服务器上提交的信息要对URL和附带的HTTP头、POST数据等进行查询,对不是规定格式、长度的内容进行过滤。

②实现Session标记、CAPTCHA系统或者HTTP引用头检查,以防功能被第三方网站所执行。

③确认接收的内容被妥善的规范化,仅包含最小的、安全的Tag,去掉任何对远程内容的引用,使用HTTP only的cookie。

3、客户端分层防御策略。客户端跨站脚本攻击的分层防御策略是基于独立分配线程和分层防御策略的安全模型。它建立在客户端,这是它与其他模型最大的区别。之所以客户端安全性如此重要,客户端在接受服务器信息,选择性的执行相关内容。这样就可以使防御XSS攻击变得容易,该模型主要由三大部分组成:

①对每一个网页分配独立线程且分析资源消耗的网页线程分析模块;

②包含分层防御策略四个规则的用户输入分析模块;

③保存互联网上有关XSS恶意网站信息的XSS信息数据库。

我来说两句
黑客技术 3年前 (2022-05-30) | 回复
仿用户提交表单的行为,从而达到修改用户的数据,或者执行特定任务的目的。为了 假冒用户的身份,CSRF攻击常常和XSS攻击配合起来做,但也可以通过其它手段,例如诱使
黑客技术 3年前 (2022-05-29) | 回复
o')/script     这个页面可能会意外地执行隐藏在URL中的javascript。类似的情况不仅发生在重定向(Location header)上,也有可能发生在其它headers中,如Set-Cookie heade
offwhite 1年前 (2023-11-22) | 回复
My wife and i felt so joyous that Emmanuel could conclude his reports while using the precious recommendations he grabbed out of your site. It's not at all simplistic to just choose to be making a gift of secrets and techniques which some people may have been making money from. And we see we need the blog owner to give thanks to for this. The specific illustrations you made, the straightforward website navigation, the relationships you will make it easier to foster - it's got most fabulous, and it's really assisting our son and our family recognize that that concept is entertaining, and that is particularly indispensable. Thank you for everything!
fearofgodhoodie 12个月前 (12-08) | 回复
I needed to post you one tiny remark to finally say thank you as before regarding the incredible tips you have shown above. It is quite strangely open-handed of you to deliver publicly exactly what a number of us would've offered for sale as an ebook to generate some money for their own end, primarily considering that you could possibly have done it if you ever considered necessary. These advice in addition acted as a good way to understand that the rest have the same fervor just as my own to see much more with regard to this issue. I think there are many more enjoyable situations in the future for individuals who read through your site.
goldengoosesliders 11个月前 (12-26) | 回复
I enjoy you because of each of your efforts on this web site. My mum really loves working on research and it's simple to grasp why. All of us learn all relating to the dynamic tactic you render functional things by means of your web blog and as well as invigorate participation from other individuals on that theme then our favorite girl is undoubtedly studying a whole lot. Take pleasure in the rest of the year. You're the one conducting a glorious job.
jordan4 11个月前 (12-28) | 回复
A lot of thanks for all your valuable work on this website. Gloria take interest in conducting internet research and it is obvious why. Most of us notice all regarding the dynamic tactic you convey precious tips and hints via this blog and as well recommend response from website visitors about this point plus our favorite child is without a doubt learning a lot. Have fun with the rest of the year. You're the one performing a great job.
curry9 11个月前 (12-29) | 回复
I as well as my buddies appeared to be following the nice techniques located on your website then suddenly developed a horrible feeling I never expressed respect to the blog owner for those tips. Those ladies became certainly glad to study all of them and have now without a doubt been using those things. Appreciation for truly being quite considerate as well as for obtaining these kinds of marvelous things millions of individuals are really desperate to discover. My sincere regret for not expressing gratitude to you sooner.
goldengoosesneakerssale 11个月前 (12-30) | 回复
I抎 need to check with you here. Which isn't one thing I usually do! I enjoy reading a post that may make individuals think. Additionally, thanks for allowing me to comment!
goldengoose 11个月前 (12-30) | 回复
Needed to write you one little remark to thank you again relating to the amazing concepts you have contributed on this site. It was simply particularly generous with people like you to supply unhampered just what many individuals could have sold as an ebook in making some bucks for their own end, certainly since you might well have done it if you considered necessary. Those solutions additionally served like the fantastic way to comprehend other people have the same zeal really like my own to find out great deal more in terms of this matter. Certainly there are a lot more pleasurable instances ahead for many who take a look at your blog.
hermesbag 11个月前 (01-02) | 回复
I simply desired to appreciate you yet again. I am not sure the things that I would have done without those creative concepts revealed by you regarding such a theme. It previously was a very frustrating case in my position, but being able to view the expert tactic you solved it made me to jump over fulfillment. I'm happy for your help as well as have high hopes you realize what an amazing job you are always undertaking teaching other individuals by way of your web site. I know that you've never met all of us.
goyard 11个月前 (01-04) | 回复
I as well as my buddies were actually digesting the nice pointers on your web blog and then then came up with a terrible feeling I had not expressed respect to the website owner for those strategies. The young men appeared to be consequently glad to learn them and have in effect absolutely been taking pleasure in those things. Thanks for actually being so considerate and for picking certain helpful themes millions of individuals are really eager to be aware of. My very own sincere apologies for not expressing gratitude to you earlier.
supreme 11个月前 (01-07) | 回复
Thank you for every one of your efforts on this web page. Debby takes pleasure in getting into internet research and it is obvious why. Many of us notice all relating to the compelling form you present informative thoughts through your web site and as well as encourage response from some other people about this matter and our own daughter is without a doubt becoming educated a whole lot. Have fun with the rest of the year. You are conducting a very good job.
offwhitehoodie 11个月前 (01-08) | 回复
I am glad for writing to let you understand of the notable discovery my child experienced reading your blog. She mastered so many things, which include how it is like to have an amazing giving nature to make the others quite simply know just exactly certain tricky subject areas. You really exceeded our own expected results. Thank you for imparting those precious, safe, explanatory and fun tips about this topic to Kate.
jordan 11个月前 (01-09) | 回复
I simply needed to say thanks yet again. I'm not certain the things that I could possibly have worked on without those ideas shared by you relating to this topic. It had been the scary difficulty in my position, however , viewing a new expert approach you treated that took me to cry for gladness. I am happy for this work and then sincerely hope you are aware of an amazing job that you are accomplishing teaching other individuals through your websites. I'm certain you haven't encountered any of us.
goyardhandbags&purses 11个月前 (01-10) | 回复
I must show thanks to you just for bailing me out of such a predicament. As a result of looking out through the internet and finding methods which were not powerful, I thought my life was well over. Living without the solutions to the difficulties you've sorted out by way of your guideline is a serious case, as well as the kind that would have in a wrong way affected my career if I hadn't noticed your web page. Your talents and kindness in maneuvering the whole lot was useful. I am not sure what I would have done if I had not come upon such a point like this. I am able to at this moment look ahead to my future. Thanks for your time very much for your expert and result oriented guide. I won't be reluctant to refer your blog to anybody who requires direction on this subject.
offwhiteclothing 10个月前 (01-12) | 回复
I have to show my respect for your generosity in support of persons that really want assistance with this one idea. Your real commitment to getting the message up and down came to be astonishingly insightful and have consistently empowered workers just like me to reach their desired goals. The important guideline indicates much a person like me and even further to my colleagues. With thanks; from everyone of us.
nikekyrie7 10个月前 (01-13) | 回复
I enjoy you because of all your effort on this web page. My niece really likes making time for investigations and it is easy to understand why. Most people hear all of the dynamic manner you present efficient items on the web blog and even improve response from other people on this matter so our child has been discovering a lot. Have fun with the remaining portion of the new year. You are always doing a great job.
offwhite 10个月前 (01-14) | 回复
I precisely wanted to say thanks once again. I am not sure the things that I might have followed in the absence of the entire creative ideas discussed by you concerning such field. It had become an absolute frightful situation in my view, however , coming across the very professional strategy you resolved it forced me to jump over happiness. I am just thankful for the information and in addition have high hopes you know what a great job you happen to be getting into training some other people by way of your blog. Most likely you have never encountered all of us.
goyardbag 10个月前 (01-15) | 回复
I precisely had to say thanks once more. I am not sure the things that I might have accomplished without those concepts contributed by you directly on that situation. Previously it was a very scary difficulty for me, however , noticing a specialised technique you solved that forced me to jump with fulfillment. I will be happy for this guidance and as well , believe you really know what a great job you are putting in educating men and women using your web site. I am sure you haven't encountered all of us.
bape 10个月前 (01-16) | 回复
Thank you for all your valuable effort on this site. My mom really likes making time for internet research and it's obvious why. My spouse and i notice all regarding the dynamic ways you make reliable items by means of your blog and therefore increase participation from other individuals on that concept so our princess is now studying a lot of things. Enjoy the remaining portion of the new year. You're the one doing a terrific job.
kd15 10个月前 (01-17) | 回复
I and my guys were actually following the nice suggestions on your site and then got a terrible suspicion I never thanked the web site owner for them. The young men happened to be as a result very interested to read through them and have in effect quite simply been using them. I appreciate you for really being simply helpful as well as for settling on this sort of awesome guides millions of individuals are really needing to be aware of. My sincere apologies for not saying thanks to you earlier.
kd12 10个月前 (01-18) | 回复
I just wanted to develop a quick remark so as to appreciate you for these fantastic items you are writing at this website. My long internet look up has now been rewarded with sensible points to share with my best friends. I would claim that many of us visitors actually are undoubtedly lucky to dwell in a perfect website with so many special professionals with interesting opinions. I feel extremely fortunate to have used your web page and look forward to tons of more entertaining moments reading here. Thank you again for all the details.
russellwestbrookshoes 10个月前 (01-19) | 回复
Thanks for your entire efforts on this blog. Debby take interest in getting into investigation and it is easy to understand why. A number of us hear all concerning the lively manner you produce both useful and interesting items by means of this website and as well as boost participation from some others on that topic while my daughter has always been starting to learn a great deal. Take pleasure in the rest of the new year. You're conducting a really great job.
offwhite 10个月前 (01-21) | 回复
A lot of thanks for all of the efforts on this web site. Kate loves managing investigations and it is easy to see why. A number of us hear all regarding the powerful tactic you create very helpful things via the web blog and in addition attract response from other individuals on the area of interest while our favorite daughter is without a doubt being taught a great deal. Enjoy the remaining portion of the new year. Your performing a pretty cool job.
bapehoodie 10个月前 (01-23) | 回复
I wanted to write a note to appreciate you for all the marvelous points you are placing at this website. My particularly long internet investigation has at the end been recognized with pleasant know-how to exchange with my colleagues. I 'd assert that we website visitors actually are quite blessed to live in a fine site with many brilliant people with helpful techniques. I feel very much grateful to have seen the web pages and look forward to tons of more cool moments reading here. Thank you once more for all the details.
offwhite 10个月前 (01-24) | 回复
I as well as my pals have been digesting the nice procedures on the blog and at once I had an awful suspicion I had not expressed respect to the web site owner for them. Those ladies ended up as a consequence glad to learn all of them and have now in reality been enjoying those things. Thanks for indeed being well thoughtful and then for picking variety of remarkable guides millions of individuals are really desirous to discover. My personal honest apologies for not saying thanks to earlier.