Common Security Questions
Cross-site scripting attacks XSS
Cross-site request forgery attack CSRF
Front-end Cookies Security
Clickjacking attack
Transmission process security problem
User password security problem
SQL injection attack
This section describes cross-site Scripting (XSS) attacks
What is a XSS
A type of Web attack that is successfully executed by a browser by injecting executable code (HTML code or JS code) into a web page
Conditions for XSS attacks
- Need to be able to inject malicious code (input fields, URLS) into web pages
- Malicious code can be successfully executed by the browser
XSS attack mechanism
The data passed in by the user is treated as a program, so the program is executed
XSS can do
- Obtain page data: obtain the value of the specified element through the document, such as the user name, phone number, address, etc.
- Obtain cookies: Through document. Cookies, you can obtain all the current cookies of the website and steal the login state of the current login user, so as to impersonate the stolen user to log in to the website or even the background management system.
- Hijacking front-end logic: It is possible to modify the feedback content of an operation, such as clicking a button that should submit only one request, but the address of the request can be tampered with through XSS script, and then the information submitted by the user is sent to the interface encapsulated by the attacker; Or can change the user jump to the page [cheat users, traffic hijacking]
- Send a request: An attacker can make a user send a request to collect user information without their knowledge
XSS attack mode
- Reflective XSS: When a user accesses a link that has been tampered with by an attacker, the embedded script will be executed by the user’s browser. It is also called non-persistent because it is one-time and affects only the occasional page visit
- Reflective XSS scenarios: links turned into short chains with XSS scripts; [XSS script followed by URL], url jump
- Stored XSS: The content containing XSS attack scripts is stored on the server, which is also called persistent. When users read the content, the scripts are automatically executed
- Stored XSS scenario: Other users view messages and comments posted by others, announcements issued by administrators, and blog articles published by hackers. Feedback function, complaint function, chat record function
XSS attack injection point
- HTML node content: Dynamically generated, containing user input, and thus XSS scripts
- HTML attributes: user input such as SRC of img, value of input box, etc
- JS code: A JS code needs to be entered by the user
- Rich text: The content of the rich text editing box itself contains HTML tags, and the user can enter XSS scripts
Potential injection point
Determine if the input point can successfully inject data into the page content. Fuzzing is not necessary for input points that submit data content but do not output to the page, because even if the attack code can be submitted, XSS will not be generated.
Fuzzing: Simulated XSS attack, Fuzzing test is one of the most common means of vulnerability digging, trial and error process
Payload: It is a test case
<a href=" ></a><script>alert(0)</script><a href="Copy the code
<img href="a.jpg" onload=" Payload ", Payload: alert(0)Copy the code
Defends against XSS attacks
- X-xss-protection protects against reflective XSS attacks, such as arguments appearing in HTML content and attributes
- Escape HTML content, such as escaping [<>] to < > Escape when saved to the database, or escape when displayed
- Escape double and single quotation marks in HTML attributes to &quto; ‘
- Content SecurityPolicy (CSP1) Specifies the Content that can be executed
CSRF (Cross Site Request Forgy) cross-site Request forgery
Understand CSRF in plain English
- The site the user visits makes requests to malicious sites, and these requests are made without the user’s knowledge
- An attacker steals the identity of a trusted user and sends a malicious request on his behalf to a third-party website that is legitimate to the server
CSRF attack mechanism
How does CSRF attack? And how to defend against it
- Site B sends A request to site A
- Request site Acookies
- Do not access the front end of site A
- Referer is site B
CSRF attack hazards
- Use the user login state
- The user doesn’t know
- Complete business requests (steal users’ funds, pretend to be users and take the blame for Posting)
- Cause a worm attack