What is an XSS attack? XSS is also called CSS (Cross Site Script), a cross-site scripting attack. It refers to a malicious attacker inserting malicious HTML code into a Web page. When a user browses the page, the HTML code embedded in the Web will be executed, thereby achieving the special purpose of maliciously attacking the user. XSS is a passive attack. Because it is passive and difficult to exploit, many people often ignore its harm. This article mainly talks about using XSS to get the shell of the target server. Although the technology is old, I hope its ideas will be helpful to everyone. [Edit this paragraph] How to find XSS vulnerabilities Personally, I divide XSS attacks into two categories. One is attacks from within, which mainly refers to using the loopholes of the program itself to construct cross-site statements, such as: showerror of dvbbs Cross-site vulnerability in .asp. The other type is attacks from the outside, which mainly refers to constructing XSS cross-site vulnerable web pages or looking for web pages with cross-site vulnerabilities other than the target machine. For example, when we want to penetrate a site, we construct a web page with a cross-site vulnerability, and then construct a cross-site statement, and combine it with other techniques, such as social engineering, to trick the administrator of the target server into opening it.
Then use the following technology to get a shell. [Edit this paragraph] How to use traditional cross-site exploitation methods. Generally, the attacker first constructs a cross-site web page, and then places a collection in another space. cookie page, and then combined with other technologies to allow users to open cross-site pages to steal users' cookies for further attacks. I personally think this method is too backward, and everyone may know the disadvantages, because even if you collect cookies, you may not be able to penetrate further. Most of the passwords in cookies are encrypted. If you want to deceive cookies, the same It is also subject to other conditions. Another idea proposed in this article solves the above problems to a certain extent. For individuals, the more mature method is to construct a form through cross-site, and the content of the form is to use the backup function of the program or add administrators to obtain a high authority. Below I will introduce this technology in detail. [Edit this paragraph] Looking for cross-site vulnerabilities from internal cross-site attacks
It would be easier to handle if there is code. We mainly look at whether the length and variables of user input places and variables in the code are correct."〈 Whether to filter characters such as ","〉",";","'". Another thing to note is the closing of tags. For example, when testing cross-site vulnerabilities in QQ groups, if you enter 〈script〉alert('test')〈/script〉 in the title, the code will not be executed because in In the source code, there are other tags that are not closed, such as a missing. At this time, you only need to close a and the code will be executed. For example: you enter