Web??y???XSS???????
???????????? ???????[ 2014/2/11 10:25:33 ] ????????Web ???????
?????? WEB ??y??? XSS ??????????????????????? WEB ??????? XSS ??????Σ??????????? JavaScript ???????? XSS ?????????????????????????? XSS ??????????? JavaScript ???????·????
?????????? XSS ????
????XSS ??????????? JavaScript ??????絯?????????<script>alert("XSS");</script>
????XSS ??????????? HTML ????Σ???磺
??????????????? <meta http-equiv="refresh" content="0;">
???????????????????? <iframe src=http://xxxx width=250 height=250></iframe>
????XSS (Cross Site Scripting) Cheat Sheet ????????????? XSS ????????б?????????????? WEB ????????? XSS ????????????????????ν?? XSS ????????????????????б??????Щ XSS ??????????????????????????????????????? XSS ?????????????????
???????????
??????????????????????? Get/Post ??????????????????????????????е???????????? JavaScript ????齫?????????????????????????Щ??????? HTTP ?????????б??
Paros proxy (http://www.parosproxy.org)
Fiddler (http://www.fiddlertool.com/fiddler)
Burp proxy (http://www.portswigger.net/proxy/)
TamperIE (http://www.bayden.com/dl/TamperIESetup.exe)
??????????????? TamperIE ?? WEB ??y??а????????TamperIE С????????????? IE ?????????? Get/Post ????????????? SSL ????????? TamperIE + IE7 ???????????IE7 ????? IPV6 ??????????????????????? Web ???? IPV6 ?????????黹????? TamperIE + IE6 ??????
???????2???: TamperIE ????????????? JavaScript ??У?飬?? POST ????????????????????????????????????? name ?? message ???????罫 message ??????? "<script>alert(“XSS hole!!”);</script>"??????? ”Send altered data” ??????????????????????? Web ????????
? 2. ??? TamperIE ??? Post ????
????????????????????б???
????????? Web ??????????????????????????????????????????????????????????????????????????????????????????п???????????????????????????????????????ж???????????????????????????????????????????????????????й????綯???????? HTML ????????????????????? JavaScript ??????С???????????? PHP ????? Web ?????????"echo"??"print"??"printf"??"<?=" ??????????????????????????????????? PHP ??????? htmlspecialchars()???÷??????????? 5 ?? HTML ??????????????????????? HTML ??????????????Щ?????????μ? XSS ?????????????????????????????????塢?????????? XSS ??????
??????? PHP ?? htmlspecialchars() ??? HTML ???????
???????????о?? XSS ??????????????????Щ?????а??????Щ????? HTML ????? "<"??">"????????????????????????????????????????Щ HTML ??JavaScript ?????????????????Щ???????< > & “ ???????HTML?????????????壬????????????????????????????????????ж?????????????????????????н????
????HTML???????? & ??????????????? # ?????????????????????ɡ?????? HTML ???Щ?????????????е??????????????????ж??????????????絥?????
????PHP ????htmlspecialchars()????????? HTML ???????????????????????????????????????????????????? HTML ????????????????????????????Щ HTML ???????????????С?htmlspecialchars()????????????????? HTML ???????????????????
& ??? &amp;
“ ??? &quot;
< ??? &lt;
> ??? &gt;
‘ ??? &#39;
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11