In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
What is XSS?
Cross-site script (Cross Site Scripting) is abbreviated as XSS because it is not confused with the abbreviation of cascading style sheet (Cascading Style Sheets,CSS). Malicious users insert html code into the web page. When browsing the page, the html code embedded in the web will be executed, thus achieving the special purpose of the user.
What can XSS do?
Steal administrator Cookie or user Cookie
XSS Worm
Hang a horse (puddle *)
Limited keyloggin
XSS classification
Radioactive XSS
Storage XSS
DOM XSS
Flash XSS
MXSS
Reflective (non-persistent) XSS
When the request is made, the XSS code appears in the URL, and finally the input is submitted to the server. After the server parses the response, the XSS code appears in the response content, and finally the browser parses and executes.
This process is like a reflection, so it is named reflective XSS
Xss.php# submission / xss.php?x=alert (1)
When the server resolves the expression, echo outputs alert (1) to the response body, and then the browser parses and executes the trigger pop-up window.
Stored (persistent) XSS
The only difference between a stored XSS and a reflective XSS is that the submitted XSS code is stored on the server (whether it's database / memory / file system, etc.), and the next time you request the target page, you don't have to submit the XSS code.
The most typical example is the message board XSS, where the user submits a message containing the XSS code for storage in the database, and the target user checks the message board. The message content will be checked from the database and displayed. When the browser finds that there is a XSS code, it is executed as normal HTML and JS parsing, so XSS*** is triggered.
The storage XSS is the most hidden.
# eg: http://www.nfpeople.com/user.php?id=21839
How to use XSS
Payload (valid * * code)
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
