XSS注入,js腳本注入後臺

 曾經一度流行sql注入，因爲如今技術的更新，已經看不到這問題了，可是又出來新的安全問題,XSS攻擊，他的原理就是在前端提交表單的時候，在input標籤當中輸入js腳本，經過js腳本注入後臺，請看下圖.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

這裏用用原生servlet作說明，幫助你們理解。

 

 

如下是我項目的路徑

 

 

 

 

 

 

 

 

 

 

 

以上是個人項目結構。首先須要配置pom.xml把jar下載，第二步新建，XSSFilete.java這是一個過濾器。而後新建XSSRequest，這是至關於HttpServlet的子類，重寫getParmeter方法。DoFromServlet主要是用來測試的，經過前端傳js腳本避免出現XSS攻擊。

 

 

 

 

 

 

 

 

1.配置pom.xml

 

 

<project xmlns=

"http://maven.apache.org/POM/4.0.0"

xmlns:xsi=

"http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation=

"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"

>

 

 

  <modelVersion>4.0.0</modelVersion>

 

 

  <groupId>com.itmayideu.xss</groupId>

 

 

  <artifactId>

xssfilter

</artifactId>

 

 

  <version>0.0.1-SNAPSHOT</version>

 

 

  <packaging>war</packaging>

 

 

  <build/>

 

 

  <dependencies>

 

 

          <dependency>

 

 

              <groupId>org.apache.commons</groupId>

 

 

              <artifactId>commons-lang3</artifactId>

 

 

              <version>3.4</version>

 

 

          </dependency>

 

 

          <dependency>

 

 

              <groupId>javax.servlet</groupId>

 

 

              <artifactId>javax.servlet-

api

</artifactId>

 

 

              <version>3.0.1</version>

 

 

              <scope>provided</scope>

 

 

          </dependency>

 

 

          <dependency>

 

 

              <groupId>javax.servlet.jsp</groupId>

 

 

              <artifactId>

jsp

-

api

</artifactId>

 

 

              <version>2.1</version>

 

 

              <scope>provided</scope>

 

 

          </dependency>

 

 

     </dependencies>

 

 

 

</project>

 

 

 

 

 

 

 

 

第二步:

 

 

 

 

 

編寫XSSFilete過濾器

 

 

package com.sunjian.xssfilter;

 

 

 

 

 

import java.io.IOException;

 

 

 

 

 

import javax.servlet.Filter;

 

 

import javax.servlet.FilterChain;

 

 

import javax.servlet.FilterConfig;

 

 

import javax.servlet.ServletException;

 

 

import javax.servlet.ServletRequest;

 

 

import javax.servlet.ServletResponse;

 

 

import javax.servlet.http.HttpServletRequest;

 

 

 

 

 

 

 

 

public class XSSFilete implements Filter{

 

 

 

 

 

    @Override

 

 

    public void init(FilterConfig arg0) throws ServletException {

 

 

 

 

 

    }

 

 

 

 

 

 

 

 

    @Override

 

 

    public void doFilter(ServletRequest request, ServletResponse response,

 

 

            FilterChain chain) throws IOException, ServletException {

 

 

        //解決XSS攻擊手段思路，將表單提交的參數所有轉換成html語言進行保存

 

 

        HttpServletRequest req = (HttpServletRequest) request;

 

 

        XSSRequest httpServletRequestWrapper = new XSSRequest(req);

 

 

        chain.doFilter(httpServletRequestWrapper, response);

 

 

    }

 

 

 

 

 

    @Override

 

 

    public void destroy() {

 

 

 

 

 

    }

 

 

}

 

 

 

 

 

 

 

 

第三步:XSSRequest繼承HttpServletRequestWrapper

 

 

 

 

 

package com.sunjian.xssfilter;

 

 

 

 

 

import javax.servlet.http.HttpServletRequest;

 

 

import javax.servlet.http.HttpServletRequestWrapper;

 

 

 

 

 

import org.apache.commons.lang3.StringEscapeUtils;

 

 

import org.apache.commons.lang3.StringUtils;

 

 

 

 

 

public class XSSRequest extends HttpServletRequestWrapper{

 

 

 

 

 

    HttpServletRequest request;

 

 

 

 

 

 

 

 

    public XSSRequest(HttpServletRequest request) {

 

 

        super(request);

 

 

        this.request = request;

 

 

    }

 

 

 

 

 

    /**

 

 

     * 重寫方法

 

 

     */

 

 

    @Override

 

 

    public String getParameter(String name) {

 

 

        String value = request.getParameter(name);

 

 

        if(!StringUtils.isEmpty(value)){

 

 

            System.out.println("轉換前value:"+value);

 

 

            // 將value轉換成html,就是會將一些腳本元素轉換成html進行返回。

 

 

            value = StringEscapeUtils.escapeHtml4(value);

 

 

            System.out.println("轉換後value:"+value);

 

 

        }

 

 

        return value;

 

 

    }

 

 

 

 

 

}

 

 

 

 

 

 

 

 

第四部編寫DoFromServlet接口

 

 

package com.sunjian.xssfilter;

 

 

 

 

 

import java.io.IOException;

 

 

 

 

 

import javax.servlet.ServletException;

 

 

import javax.servlet.annotation.WebServlet;

 

 

import javax.servlet.http.HttpServlet;

 

 

import javax.servlet.http.HttpServletRequest;

 

 

import javax.servlet.http.HttpServletResponse;

 

 

 

 

 

 

 

 

@WebServlet("/DoFromServlet")

 

 

public class DoFromServlet extends HttpServlet{

 

 

 

 

 

    @Override

 

 

    protected void doPost(HttpServletRequest req, HttpServletResponse resp)

 

 

            throws ServletException, IOException {

 

 

        System.out.println("DoFromServlet");

 

 

        String userName = req.getParameter("userName");

 

 

        req.setAttribute("userName", userName);

 

 

        //將參數轉發到另外一個頁面進行展現。

 

 

        req.getRequestDispatcher("showUserName.jsp").forward(req, resp);

 

 

    }

 

 

}

 

 

 

 

 

 

 

 

第五步:配置web.xml,配置過濾器

 

 

<?xml version=

"1.0"

encoding=

"UTF-8"

?>

 

 

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

 

 

<web-app id=

"WebApp_ID"

>

 

 

     <display-name>

xssfilter

</display-name>

 

 

     <welcome-file-list>

 

 

          <welcome-file>index.html</welcome-file>

 

 

          <welcome-file>index.htm</welcome-file>

 

 

          <welcome-file>index.jsp</welcome-file>

 

 

          <welcome-file>default.html</welcome-file>

 

 

          <welcome-file>default.htm</welcome-file>

 

 

          <welcome-file>default.jsp</welcome-file>

 

 

     </welcome-file-list>

 

 

     <filter>

 

 

          <filter-class>com.sunjian.xssfilter.XSSFilete</filter-class>

 

 

          <filter-name>XSSFilete</filter-name>

 

 

     </filter>

 

 

     <filter-mapping>

 

 

          <filter-name>XSSFilete</filter-name>

 

 

          <url-pattern>/*</url-pattern>

 

 

     </filter-mapping>

 

 

 

</web-app>

 

 

 

 

 

第六步:編寫前端form.jsp

 

 

<%@ page language=

"java"

contentType=

"text/html; charset=UTF-8"

 

 

    pageEncoding=

"UTF-8"

%>

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

 

 

<html>

 

 

<head>

 

 

<meta http-equiv=

"Content-Type"

content=

"text/html; charset=UTF-8"

>

 

 

<title>Insert title here</title>

 

 

</head>

 

 

<body>

 

 

<form action=

"DoFromServlet"

method=

"post"

>

 

 

          用戶名是<input type=

"text"

name=

"userName"

>

 

 

          <input type=

"submit"

value=

"提交"

>

 

 

     </form>

 

 

</body>

 

 

 

</html>

 

 

 

 

 

第七部:showUserName.jsp

 

 

<%@ page language=

"java"

contentType=

"text/html; charset=UTF-8"

 

 

    pageEncoding=

"UTF-8"

%>

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

 

 

<%@ page isELIgnored=

"false"

%>

 

 

<html>

 

 

<head>

 

 

<meta http-equiv=

"Content-Type"

content=

"text/html; charset=UTF-8"

>

 

 

<title>Insert title here</title>

 

 

</head>

 

 

<body>    

 

 

     <h1>測試index.jsp</h1>

 

 

     用戶名是::${userName}

 

 

     &gt;

 

 

</body>

 

 

 

</html>

 

 

 

 

 

最終的效果:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

以上是相關代碼。其實XSS攻擊就是經過前端input將js腳本注入到後臺，解決原理是將<script>中的>轉換成&gt;  來解決XSS攻擊

 

 

原文連接:

http://www.jianshu.com/p/7e259660f7ee

 

關注個人公衆號，都是滿滿的乾貨!