XSS
What is the XSS
XSS (Cross-site scripting attack) is a computer security vulnerability commonly found in Web applications that allows malicious Web users to implant code into pages intended for use by other users. For example, this code includes HTML code and client-side scripts. Attackers exploit XSS vulnerabilities to bypass access controls — such as the same Origin policy. This type of vulnerability has become well known because it is used by hackers to write more damaging Phishing attacks. For cross-site scripting attacks, the hacker community consensus is: cross-site scripting attacks is a new “buffer overflow attack”, and JavaScript is a new “ShellCode”.
Example: < script > alert (document. Cookies) < / script >Copy the codeThe characteristics of
Can inject malicious HTML/JavaScript code to the user’s browsing web page, so as to achieve Cookie data theft, session hijacking, phishing and other attacks. < Attack code doesn’t have to be in >
why
-
Web browsers are inherently insecure by design. Browsers can parse and execute code such as JS, but do not determine whether the data and program code are malicious.
-
Input and output are the most basic interactions of Web applications, and Web sites are becoming more and more interactive. If you don’t do a good job of security during this process, XSS vulnerabilities can easily occur.
-
The level of programmers is uneven, and most of them have not had formal security training, there is no relevant security awareness.
-
XSS attacks are flexible and flexible.
harm
- Steal all kinds of user accounts, such as machine login account, user network bank account, all kinds of administrator account
- Control of enterprise data, including the ability to read, modify, add, and delete sensitive enterprise data
- Stealing important data of commercial value from the enterprise
- Illegal transfer
- Force E-mail to be sent
- Website hang a horse
- Control the victim’s machine to launch attacks on other sites
How to prevent
- Mark important cookies as HTTP only so that the document.cookie statement in Javascript cannot fetch cookies.
- The type of the specified value of the form data, for example: age should only be int, name can only be alphanumeric…
- Perform Html Encode processing on the data
- Filter or remove special Html tags, such as:
- Tags that filter JavaScript events. For example, “onclick=”, “onfocus”, etc.
Reference data: www.cnblogs.com/phpstudy201… www.cnblogs.com/443855539-w… Baike.baidu.com/item/XSS%E6…
CSRF
Cross-site Request Forgery (CSRF), also known as One Click Attack or Session Riding, is a malicious exploitation of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, which exploits trusted users within a site, whereas CSRF exploits trusted sites by masquerading requests from trusted users. Compared to XSS attacks, CSRF attacks tend to be less popular (and therefore have relatively few resources to defend against them) and harder to defend against, so they are considered more dangerous than XSS attacks.
The characteristics of
- Rely on user identity to compromise the site
- Take advantage of the site’s trust in user identity
- The browser that spoofs the user sends HTTP requests to the target site
- Alternatively, the IMG tag can trigger a GET request, which can be used to implement CSRF attacks.
defense
- User submissions are detected by referer, token, or captcha.
- Try not to expose user privacy in links on pages.
- It is best to use the POST operation for user modification and deletion.
- Avoid site-wide cookies and strictly set the cookie domain.