XSS 背后的一般概念是什么? [英] What is the general concept behind XSS?

问题描述

跨站脚本(XSS)是一种类型计算机安全漏洞通常在 Web 应用程序中找到这使恶意攻击者能够将客户端脚本注入 Web其他用户查看的页面.一个被利用的跨站脚本攻击者可以利用漏洞绕过访问控制，例如同源政策.跨站在网站上进行的脚本编写是大约 80% 的安全性赛门铁克记录的漏洞截至 2007 年.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.

好的，这是否意味着黑客在访问具有未转义输入的合法网站时制作了一些恶意的 JS/VB 脚本并将其传送给毫无戒心的受害者?

Okay so does this mean that a hacker crafts some malicious JS/VBscript and delivers it to the unsuspecting victim when visiting a legitimate site which has unescaped inputs?

我的意思是，我知道 SQL 注入是如何完成的....

I mean, I know how SQL injection is done....

我特别不明白JS/VBscript怎么会造成这么大的伤害！我认为它们只能在浏览器中运行，但显然损害范围从 键盘记录到 cookie 窃取和木马.

I particularly don't understand how JS/VBscript can cause so much damage! I thoguht they are only run within browsers, but apparently the damage ranges from keylogging to cookie stealing and trojans.

我对 XSS 的理解正确吗?如果没有，有人可以澄清一下吗?

Is my understanding of XSS correct? if not, can someone clarify?

如何防止 XSS 在我的网站上发生?这似乎很重要；80% 的安全漏洞意味着这是一种非常常见的入侵计算机的方法.

How can I prevent XSS from happening on my websites? This seems important; 80% of security vulnerabilities means that it's an extremely common method to compromise computers.

推荐答案

直接XSS

1. 我发现 Google 存在 XSS 漏洞.
2. 我编写了一个脚本，用于重写公开的 Google 页面，使其看起来与实际的 Google 登录完全相同.
3. 我的虚假页面提交给第三方服务器，然后重定向回真实页面.
4. 我得到了 Google 帐户密码，但用户不知道发生了什么，Google 也不知道发生了什么.

<小时>

XSS 作为 CSRF 的平台(据说确实发生过)

---

XSS as a platform for CSRF (this supposedly actually happened)

1. 亚马逊存在 CSRF 漏洞，其中始终保持登录状态"cookie 允许您将条目标记为具有攻击性.
2. 我在一个高流量网站上发现了一个 XSS 漏洞.
3. 我编写了一个 JavaScript，它会点击 URL 以将所有男/女同性恋作者在亚马逊上撰写的书籍标记为具有攻击性.
4. 对于亚马逊来说，他们使用真实的auth cookie 从真实的浏览器中获取有效请求.一夜之间，所有书籍都从网站上消失了.
5. 互联网太可怕了.

1. Amazon has a CSRF vulnerability where a "always keep me logged in" cookie allows you to flag an entry as offensive.
2. I find an XSS vulnerability on a high traffic site.
3. I write a JavaScript that hits up the URLs to mark all books written by gay/lesbian authors on Amazon as offensive.
4. To Amazon, they are getting valid requests from real browsers with real auth cookies. All the books disappear off the site overnight.
5. The internet freaks the hell out.

<小时>

XSS 作为会话固定攻击的平台

1. 我发现一个电子商务网站在登录后不会重置会话(就像任何 ASP.NET 网站一样)，能够通过查询字符串或 cookie 传递会话 ID，并将身份验证信息存储在会话中(很常见).
2. 我在该站点的页面上发现了 XSS 漏洞.
3. 我编写了一个脚本，将会话 ID 设置为我控制的 ID.
4. 有人点击了那个页面，然后进入了我的会话.
5. 他们登录.
6. 我现在可以像他们一样做任何我想做的事情，包括使用保存的卡片购买产品.

1. I find an e-commerce site that does not reset their session after a login (like any ASP.NET site), have the ability to pass session id in via query string or via cookie, and stores auth info in the session (pretty common).
2. I find an XSS vulnerability on a page on that site.
3. I write a script that sets the session ID to the one I control.
4. Someone hits that page, and is bumped into my session.
5. They log in.
6. I now have the ability to do anything I want as them, including buying products with saved cards.

<小时>

这三个是最大的.XSS、CSRF 和会话固定攻击的问题在于，它们很难被追踪和修复，而且很容易被允许，尤其是在开发人员不太了解它们的情况下.

---

Those three are the big ones. The problem with XSS, CSRF, and Session Fixation attacks are that they are very, very hard to track down and fix, and are really simple to allow, especially if a developer doesn't know much about them.

这篇关于XSS 背后的一般概念是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！