Ethical Hacking 简明教程
Ethical Hacking - Cross-Site Scripting
Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser.
The attacker does not directly target his victim. Instead, he exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him. To the victim’s browser, the malicious JavaScript appears to be a legitimate part of the website, and the website has thus acted as an unintentional accomplice to the attacker. These attacks can be carried out using HTML, JavaScript, VBScript, ActiveX, Flash, but the most used XSS is malicious JavaScript.
These attacks also can gather data from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising and create DoS attacks.
Example
让我们通过一个示例了解它的工作原理。我们有一个 metasploitable 机器获取的一个易受攻击的网页。现在,我们将测试用红色箭头高亮显示的域,以针对 XSS。
Let’s take an example to understand how it works. We have a vulnerable webpage that we got by the metasploitable machine. Now we will test the field that is highlighted in red arrow for XSS.
首先,我们编写一个简单的警报脚本
First of all, we make a simple alert script
<script>
alert(‘I am Vulnerable’)
</script>它将生成如下输出:
It will produce the following output −
Types of XSS Attacks
XSS 攻击通常分为三种类型:
XSS attacks are often divided into three types −
-
Persistent XSS, where the malicious string originates from the website’s database.
-
Reflected XSS, where the malicious string originates from the victim’s request.
-
DOM-based XSS, where the vulnerability is in the client-side code rather than the server-side code.
一般而言,可以通过 vulnerability scanners 找到跨站脚本攻击,这样您不必在其中放置 JavaScript 来进行全部手动工作,例如
Generally, cross-site scripting is found by vulnerability scanners so that you don’t have to do all the manual job by putting a JavaScript on it like
<script>
alert('XSS')
</script>Burp Suite 和 acunetix 被认为是最好的漏洞扫描程序。
Burp Suite and acunetix are considered as the best vulnerability scanners.