XSS
XSS, or Cross Site Script, is a cross-site scripting attack. XSS is essentially Html injection. Attackers inject malicious JS codes on websites and tamper with client pages, thus stealing private data such as cookies and sessions or redirecting to bad websites.
XSS scene reproduction
-
Use url parameter attack: https://www.baidu.com?jarttoTest=, this is reflective TYPE XSS, attack is one-time. To put it simply: lead the user to click on a malicious link, js code on the link is sent to the server, and the server will return the script to the client without processing, at this time the user client will execute JS code.
-
Someone inserts malicious JS into the message content, the server puts the content into the database, at this point, every time someone accesses the message, the malicious JS will be executed. This is storage XSS.
XSS injection method
- In text embedded in HTML, malicious content is injected as script tags.
- In inline JavaScript, concatenated data breaks through the original constraints (strings, variables, method names, etc.).
- In tag attributes, malicious content includes quotes to override attribute values and inject other attributes or tags.
- In the href, SRC and other attributes of the tag, it contains javascript: and other executable codes.
- Inject uncontrolled code in events such as onload, onError, and onClick.
- In the style attribute and tag, include something like background-image:url(“javascript:…”) ); (newer versions of browsers are already defensible).
- In the style attribute and tag, contain something like expression(…) CSS expression code (newer versions of browsers are already defensible).
Preventive measures:
- Don’t trust user input: Filter user input. Entity escape for special characters.
- Do not trust the server completely: escape the server output.
- use
HttpOnly Cookie
: Will be importantcookie
Marked ashttponly
, which cannot be retrieved using JS codecookie
. - Characters to escape are:
character | Escape after character |
---|---|
& | & |
< | < |
> | > |
“ | " |
‘ | ' |
/ | / |
XSS Reference articles:here
CSRF
Cross Site Request Forgery. Without the user’s permission, secretly use the user name, send malicious request attacks. Cookies are usually used to defraud the server of trust.
CSRF characteristics
- CSRF (usually) occurs in third party domain names.
- CSRF attackers (usually) cannot obtain information such as cookies, but simply use.
Preventive measures:
- Homologous monitoring
CSRF Token
: Requires the server to generate a Token and place it in the page. When the page submits the request, it carries the Token. The server removes the Token from the Session and compares it with the Token in the request for verification.Samesite Cookie
Properties: