XSS concept

XSS is Cross Site Scripting, which has been shortened to XSS for confusion over the abbreviation for Cascading Style Sheets (CSS). A malicious attacker inserts malicious Script code into a Web page, and when the user browses the page, the Script code embedded in the Web will be executed, thus achieving the purpose of malicious attack on the user.”

I believe the above explanation is not difficult to understand, but to be more specific, here is a simple example, is the message board. We know that a message board’s usual task is to display the content of a user’s comments. Normally, the user’s message is in normal language, and the message board displays nothing wrong. However, at this point, if someone does not follow the routine card, in the message content dropped in a line

< script > alert (" hey! You are attacked ") < / script >

The page code for the message board interface would look like this:

<div id= "board" <script>alert(" hey! You are attacked ")</script> </div> </body> </ HTML >Copy the code

So the question is, what happens when the browser parses that line of code that the user entered? The obvious answer is that the browser doesn’t know that the code changes the intent of the original program, and it does so and pops up an information box.

CSRF concept

Cross-site Request Forgery (CSRF), Chinese name: cross-site request forgery, also known as: One Click Attack/Session riding, abbreviated as: CSRF/XSRF.

Schematic diagram

As you can see from the figure above, to complete a CSRF attack, the victim must complete two steps in sequence:

1. Log in to the trusted website A and generate cookies locally.

2. Visit dangerous website B without logging out of A.

You can think of a CSRF attack this way: the attacker steals your identity and sends malicious requests in your name. CSRF can do things like send emails and messages in your name, steal your account, and even buy goods and transfer virtual money…… The problems include: personal privacy and property security.

CSRF XSS difference and connection

While XSS leverages the user’s trust in a given site, CSRF leverages the site’s trust in the user’s web browser.

XSS can be used as a springboard to CSRF, such as using XSS to open another web page from the current web site

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

What is CSRF and XSS?

XSS concept

CSRF concept

Schematic diagram

CSRF XSS difference and connection

What is CSRF and XSS?

XSS concept

CSRF concept

Schematic diagram

CSRF XSS difference and connection

Related Posts

Nginx 413 Request Entity Too Large

From Zhou Zhihua’s watermelon book to Li Hongyi’s open source machine learning project, this article summarizes Datawhale series sharing

Redis (2) – Publish subscribe, transaction, security, persistence