XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

Allow an attacker to inject javascript code into the page.

The code is executed when the page loads.

The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS

2. Reflected XSS

3. DOM-based XSS

Discovering XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    • http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL.
  • EX:
    • http://target.com/page.php?something=<script>alert("XSS")</script>

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

EXPLOITING XSS

  • Run any javascript code.
  • The BeEF framework can be used to hook targets.
  • Inject BeEF hook in vulnerable pages.
  • Execute code from BeEF.

1. Start BeEF

2. Sigh the hook script to Stored XSS page.

3. The computer which visits the URL http://10.0.0.24/dvwa/vulnerabilities/xss_s/ will get hooked to BeEF.

4. Then you can use Commands in BeEF.

PREVENTING XSS VULNS

  • Minimize the usage of user input on HTML.
  • Escape any untrusted input before inserting it into the page.

For more information about XSS Prevention Cheat Sheet, please visit the following website:

https://owasp.org/www-project-cheat-sheets/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

Ethical Hacking - Web Penetration Testing(12)的更多相关文章

  1. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  2. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  3. Ethical Hacking - Web Penetration Testing(10)

    SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...

  4. Ethical Hacking - Web Penetration Testing(6)

    REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...

  5. Ethical Hacking - Web Penetration Testing(5)

    LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside ww ...

  6. Ethical Hacking - Web Penetration Testing(1)

    How to hack a website? An application installed on a computer. ->web application pen-testing A co ...

  7. Python Ethical Hacking - WEB PENETRATION TESTING(1)

    WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...

  8. Python Ethical Hacking - WEB PENETRATION TESTING(2)

     CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...

  9. Ethical Hacking - Web Penetration Testing(11)

    SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be byp ...

随机推荐

  1. Windows 程序设计(4) MFC-02 基本控件-上

    1. Button 按钮控件 1.1.按钮控件的基本使用 新建对话框工程,拖拽按钮控件,添加点击事件响应函数! a.双击模版进行添加: b.事件方式进行添加: button的常见事件类型 void C ...

  2. RocketMQ 内存优化

    rocketmq官方文档 RocketMQ 的默认内存占用非常高,调整RocketMQ的内存目前我所知道的有两个方面: MQ的启动脚本可以调整内存mqbroker和mqnamesrv的配置可以调整内存 ...

  3. AsyncOperation和SceneManager.LoadSceneAsync协同加载场景

    这篇属于杂记,用于记录不甚理解的AsyncOperation AsyncOperation: //加载进度条 public Silder silder; 加载场景 public void LoginG ...

  4. linux kernel update

    linux内核升级 最近HW行动,报出来的linux系统内核漏洞,环境中全部是2.6.32-431.el6.x86_64的主机,需要全部升级到754版本,这也是第一次进行内核升级操作. 先找了一台和生 ...

  5. 上位机面试必备——TCP通信灵魂二十问【上】

    关注公众号获取更多干货 TCP通信协议应该是上位机开发中应用最广泛的协议,无论是西门子S7协议.三菱MC协议或者是欧姆龙的Fins-TCP协议等,都是TCP通信协议的典型应用.很多人在上位机面试时,都 ...

  6. xutils工具上传日志文件

    首先下载xutils java包: 添加到项目的工程中: 第二在新建一个类继承application package logback.ecmapplication.cetcs.com.myapplic ...

  7. C# 获取枚举的描述Description

    方法类: public static class EnumExtensions { #region Enum /// <summary> /// 获取枚举变量值的 Description ...

  8. 不就是语法和长难句吗—笔记总结Day1

    CONTENTS 第一课 简单句 第二课 并列句 第三课 名词(短语)和名词性从句 第四课 定语和定语从句 第五课 状语和状语从句 第六课 英语的特殊结构 第一课 奋斗的开始——简单句 一.什么是英语 ...

  9. SQL注入基础原理

    Web安全: 三层架构(3-tier architecture) 通常意义上就是将整个业务应用划分为: 界面层(User Interface layer) 业务逻辑层(Business Logic L ...

  10. linux test tool--"ab"

    install(ubuntu os): sudo apt-get install apache2-utils usage: ab -c 200 -t 100 http://localhost:8001 ...