XSS

XSS, or Cross Site Script, is a cross-site scripting attack. XSS is essentially Html injection. Attackers inject malicious JS codes on websites and tamper with client pages, thus stealing private data such as cookies and sessions or redirecting to bad websites.

XSS scene reproduction

Use url parameter attack: https://www.baidu.com?jarttoTest=, this is reflective TYPE XSS, attack is one-time. To put it simply: lead the user to click on a malicious link, js code on the link is sent to the server, and the server will return the script to the client without processing, at this time the user client will execute JS code.
Someone inserts malicious JS into the message content, the server puts the content into the database, at this point, every time someone accesses the message, the malicious JS will be executed. This is storage XSS.

XSS injection method

In text embedded in HTML, malicious content is injected as script tags.
In inline JavaScript, concatenated data breaks through the original constraints (strings, variables, method names, etc.).
In tag attributes, malicious content includes quotes to override attribute values and inject other attributes or tags.
In the href, SRC and other attributes of the tag, it contains javascript: and other executable codes.
Inject uncontrolled code in events such as onload, onError, and onClick.
In the style attribute and tag, include something like background-image:url(“javascript:…”) ); (newer versions of browsers are already defensible).
In the style attribute and tag, contain something like expression(…) CSS expression code (newer versions of browsers are already defensible).

Preventive measures:

Don’t trust user input: Filter user input. Entity escape for special characters.
Do not trust the server completely: escape the server output.
useHttpOnly Cookie: Will be importantcookieMarked ashttponly, which cannot be retrieved using JS codecookie.
Characters to escape are:

character	Escape after character
&	`&`
<	`<`
>	`>`
“	`"`
‘	`'`
/	`/`

XSS Reference articles:here

CSRF

Cross Site Request Forgery. Without the user’s permission, secretly use the user name, send malicious request attacks. Cookies are usually used to defraud the server of trust.

CSRF characteristics

CSRF (usually) occurs in third party domain names.
CSRF attackers (usually) cannot obtain information such as cookies, but simply use.

Preventive measures:

Homologous monitoring
CSRF Token: Requires the server to generate a Token and place it in the page. When the page submits the request, it carries the Token. The server removes the Token from the Session and compares it with the Token in the request for verification.
Samesite CookieProperties:

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

XSS and CSRF attacks

XSS

XSS scene reproduction

XSS injection method

Preventive measures:

XSS Reference articles:here

CSRF

CSRF characteristics

Preventive measures:

XSS and CSRF attacks

XSS

XSS scene reproduction

XSS injection method

Preventive measures:

XSS Reference articles:here

CSRF

CSRF characteristics

Preventive measures:

Related Posts

Compatible IE and Chrome picture paste, drag upload function implementation

JS binary tree traversal

The holes React stepped on