Common Security Questions

Cross-site scripting attacks XSS

Cross-site request forgery attack CSRF

Front-end Cookies Security

Clickjacking attack

Transmission process security problem

User password security problem

SQL injection attack

 

This section describes cross-site Scripting (XSS) attacks

What is a XSS

A type of Web attack that is successfully executed by a browser by injecting executable code (HTML code or JS code) into a web page

Conditions for XSS attacks

  1. Need to be able to inject malicious code (input fields, URLS) into web pages
  2. Malicious code can be successfully executed by the browser

XSS attack mechanism

The data passed in by the user is treated as a program, so the program is executed

XSS can do

  • Obtain page data: obtain the value of the specified element through the document, such as the user name, phone number, address, etc.
  • Obtain cookies: Through document. Cookies, you can obtain all the current cookies of the website and steal the login state of the current login user, so as to impersonate the stolen user to log in to the website or even the background management system.
  • Hijacking front-end logic: It is possible to modify the feedback content of an operation, such as clicking a button that should submit only one request, but the address of the request can be tampered with through XSS script, and then the information submitted by the user is sent to the interface encapsulated by the attacker; Or can change the user jump to the page [cheat users, traffic hijacking]
  • Send a request: An attacker can make a user send a request to collect user information without their knowledge

XSS attack mode

  • Reflective XSS: When a user accesses a link that has been tampered with by an attacker, the embedded script will be executed by the user’s browser. It is also called non-persistent because it is one-time and affects only the occasional page visit
  • Reflective XSS scenarios: links turned into short chains with XSS scripts; [XSS script followed by URL], url jump
  • Stored XSS: The content containing XSS attack scripts is stored on the server, which is also called persistent. When users read the content, the scripts are automatically executed
  • Stored XSS scenario: Other users view messages and comments posted by others, announcements issued by administrators, and blog articles published by hackers. Feedback function, complaint function, chat record function

XSS attack injection point

  • HTML node content: Dynamically generated, containing user input, and thus XSS scripts
  • HTML attributes: user input such as SRC of img, value of input box, etc
  • JS code: A JS code needs to be entered by the user
  • Rich text: The content of the rich text editing box itself contains HTML tags, and the user can enter XSS scripts

Potential injection point

Determine if the input point can successfully inject data into the page content. Fuzzing is not necessary for input points that submit data content but do not output to the page, because even if the attack code can be submitted, XSS will not be generated.

Fuzzing: Simulated XSS attack, Fuzzing test is one of the most common means of vulnerability digging, trial and error process

Payload: It is a test case

<a href=" ></a><script>alert(0)</script><a href="Copy the code
<img href="a.jpg" onload=" Payload ", Payload: alert(0)Copy the code

Defends against XSS attacks

  1. X-xss-protection protects against reflective XSS attacks, such as arguments appearing in HTML content and attributes
  2. Escape HTML content, such as escaping [<>] to < > Escape when saved to the database, or escape when displayed
  3. Escape double and single quotation marks in HTML attributes to &quto; ‘
  4. Content SecurityPolicy (CSP1) Specifies the Content that can be executed

 

CSRF (Cross Site Request Forgy) cross-site Request forgery

Understand CSRF in plain English

  1. The site the user visits makes requests to malicious sites, and these requests are made without the user’s knowledge
  2. An attacker steals the identity of a trusted user and sends a malicious request on his behalf to a third-party website that is legitimate to the server

CSRF attack mechanism

 

How does CSRF attack? And how to defend against it

  1. Site B sends A request to site A
  2. Request site Acookies
  3. Do not access the front end of site A
  4. Referer is site B

CSRF attack hazards

  1. Use the user login state
  2. The user doesn’t know
  3. Complete business requests (steal users’ funds, pretend to be users and take the blame for Posting)
  4. Cause a worm attack