XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

Allow an attacker to inject javascript code into the page.

The code is executed when the page loads.

The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS

2. Reflected XSS

3. DOM-based XSS

Discovering XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    • http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL.
  • EX:
    • http://target.com/page.php?something=<script>alert("XSS")</script>

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

EXPLOITING XSS

  • Run any javascript code.
  • The BeEF framework can be used to hook targets.
  • Inject BeEF hook in vulnerable pages.
  • Execute code from BeEF.

1. Start BeEF

2. Sigh the hook script to Stored XSS page.

3. The computer which visits the URL http://10.0.0.24/dvwa/vulnerabilities/xss_s/ will get hooked to BeEF.

4. Then you can use Commands in BeEF.

PREVENTING XSS VULNS

  • Minimize the usage of user input on HTML.
  • Escape any untrusted input before inserting it into the page.

For more information about XSS Prevention Cheat Sheet, please visit the following website:

https://owasp.org/www-project-cheat-sheets/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

Ethical Hacking - Web Penetration Testing(12)的更多相关文章

  1. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  2. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  3. Ethical Hacking - Web Penetration Testing(10)

    SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...

  4. Ethical Hacking - Web Penetration Testing(6)

    REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...

  5. Ethical Hacking - Web Penetration Testing(5)

    LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside ww ...

  6. Ethical Hacking - Web Penetration Testing(1)

    How to hack a website? An application installed on a computer. ->web application pen-testing A co ...

  7. Python Ethical Hacking - WEB PENETRATION TESTING(1)

    WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...

  8. Python Ethical Hacking - WEB PENETRATION TESTING(2)

     CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...

  9. Ethical Hacking - Web Penetration Testing(11)

    SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be byp ...

随机推荐

  1. 04 . Jenkins定制主题和设置项目构建信息输出颜色

    Jenkins thems自动生成定制主题css Jenkins默认界面比较丑,视觉容易疲劳,这时候就需要我们更换一个主题,让我们的Jenkins美观一些. 以下是css主题的地址 http://af ...

  2. ca75a_c++_标准IO库-利用流对象把文件内容读取到向量-操作文件

    /*ca75a_c++_标准IO库习题练习习题8.3,8.4,8.6习题8.9.8.10 ifstream inFile(fileName.c_str());1>d:\users\txwtech ...

  3. winXP vc6行号显示插件-VC6LineNumberAddin方法-可用-无需注册

    1.VC6LineNumberAddin 修改日期是2008.6.3可用,其它需要注册码 http://codefish.googlecode.com/files/VC%E6%98%BE%E7%A4% ...

  4. MongoDB文档(二)--查询

    (一)查询文档 查询文档可以使用以下方法 # 以非结构化的方式显示所有的文档 db.<collectionName>.find(document) # 以结构化的方式显示所有文档 db.& ...

  5. Linux 安装指定jdk版本

    操作步骤 卸载系统自带jdk版本 1.查看安装的jdk rpm -qa | grep java 2.卸载系统自带jdk rpm -e --nodeps 包名 下载jdk 当前最新版本下载地址:http ...

  6. Module Error (from ./node_modules/eslint-loader/index.js):解决办法

    vue启动项目报如下错误: Failed to compile. ./src/components/Vcontent.vue Module Error (from ./node_modules/esl ...

  7. 汇编字符串末尾以00H或 0AH和00H结尾

    例如:db 'hello',0 用 C 语言百定义字符串时,编译软件会自动在字符串的末尾,加上一个零('\0').作为度字符串结束的标记. 用汇编的 DB 伪指令定义字符串,编译软件没有自动加上零的功 ...

  8. MongoDB设计方法及技巧

    MongoDB是一种流行的数据库,可以在不受任何表格schema模式的约束下工作.数据以类似JSON的格式存储,并且可以包含不同类型的数据结构.例如,在同一集合collection 中,我们可以拥有以 ...

  9. 网络编程 套接字socket TCP UDP

    网络编程与套接字 网络编程 网络编程是什么: ​ 网络通常指的是计算机中的互联网,是由多台计算机通过网线或其他媒介相互链接组成的 ​ 编写基于网络的应用程序的过程序称之为网络编程. 网络编程最主要的工 ...

  10. Python3-queue模块-同步队列

    Python3中的queue模块实现多生产者,多消费者队列,特别适用于多个线程间的信息的安全交换,主要有三个类 queue.Queue(maxsize=0) 构造一个FIFO(先进先出)的队列 que ...