What is an XSS attack?
XSS attacks are the most common network attacks. Attackers inject malicious HTML or javascript codes into web pages to control users’ browsers or steal users’ information when they browse the web pages.
Type of XSS attack
- Stored XSS attack
The most common use case is the comment function of a website. I upload the following code to the comment section of a website. The comment is stored on the server and is executed when other users visit the page with the comment.
<script> while (true) { alert( document.cookie) } </script>
When an attacker obtains a user’s cookie, he can send the cookie to his own server to impersonate the user.
- Reflex XSS attack
Reflective XSS attacks reflect search data entered by users back to the browser.
The above search page is a common search page. No matter whether the entered keywords have results, the search keywords will be returned and displayed on the page.
Attacker set a trap, let the user clicks on a link, link to this website is the content of the search interface: https://www.kkkk1000.com/xss/keywords= < script > alert (document. Cookies) < / script >
The attacker injects a piece of malicious code into the parameters of the search interface (it can obtain the user’s cookie for its own use)
After clicking the link, the server sends the request, displays the parameter content on the page, executes the code, and triggers an XSS attack.
- DOM TYPE XSS attack
DOM XSS is formed by modifying the DOM node of the page. DOM XSS attacks, the extraction and execution of malicious code are completed by the browser, which is a security vulnerability of the front-end itself.
If the parameters behind the link are taken out and displayed in the DOM of the page, the attacker can forge the link with malicious code as the parameters, and the user clicks the link to realize an XSS attack.
Defends against XSS attacks
- HttpOnly prevents cookie attacks
The httpOnly attribute indicates that cookies can only be used over HTTP and cannot be read or modified by users. This property effectively prevents cookie attacks (preventing theft of user login information) in XSS attacks.
- Input inspection
Check, filter, and encode user input.
In XSS defense, input check is generally used to check whether special characters such as <, > are contained in the data entered by users. If so, special characters are filtered or encoded. This method is also called XSS Filter.
- Output check
The server also checks and encodes its own output.
In general, with the exception of rich text output, you can use encoding or escaping to defend against XSS attacks when a variable is output to an HTML page.
- Content Security Policy (CSP)
Content Security Policy (CSP) is essentially a whitelist system. Developers clearly tell clients which external resources can be loaded and executed, greatly enhancing the Security of web pages.
Reference article:
Github.com/dwqs/blog/i… Juejin. Cn/post / 684490…