如何在 xss 攻击后恢复站点? [英] How to recover a site after an xss attack?

问题描述

最近我正在研究 XSS 攻击以及它们对网站的破坏性.

Recently i was studying about the XSS attacks and how devastating they can be on a website.

令我感到惊讶的是，Web(甚至SO)充满了如何防止xss攻击，但没有相关资源如何恢复被 ​​xss 攻击的网站.

What surprised me was that, web (even SO) is full about how to prevent xss attack but there is no relevant resource on how to recover a website, after it has been attacked through xss.

我遇到了一些事情:

• 将备份网站代码上传回服务器
• 下载整个站点并手动查找任何恶意脚本

但这些听起来还不够好......我的意思是，没有任何其他专业主动方法来恢复被黑客入侵的网站???

but these doesn't sound good enough....i mean, isn't there any other professionaly active method to recover the sites once hacked???

推荐答案

对于 XSS，代码实际上并没有被修改.相反，通常会发生以下两种情况之一:反射型 XSS 和存储型 XSS.

With XSS the code is not actually modified. Instead what usually happens are one of two scenarios: reflected and stored XSS.

在反射型 XSS 中，请求中有一些参数(通常是查询字符串参数)会在未经清理的情况下被回显到页面上.这可能会导致攻击者向用户提供恶意链接，然后他们点击并劫持他们的会话.

In reflected XSS, there is some parameter in the request (usually a query string parameter) that gets echoed onto the page without being sanitized. This could lead to an attacker providing a malicious link to a user, and them clicking and having their session hijacked.

在存储型 XSS 中，攻击者会找到某种方法来保留其他用户在查看此站点时会遇到的恶意字符串(通常存储在数据库中，以论坛帖子或网站评论的形式).然后在查看页面的用户的上下文中执行该脚本，攻击者可以再次劫持会话.

In stored XSS, the attacker finds some way to persist a malicious string (usually stored in a database, in the form of a forum post or website comment) that other users will come across when viewing this site. That script is then executed in the context of the user that viewed the page, and the attacker could again hijack the session.

要从反射的 XSS 中恢复" - 您需要修复反射的参数(执行诸如输出编码之类的操作)并使所有会话无效，从而使用户必须再次登录.

To "recover" from reflected XSS - you would want to fix the reflected parameter (do something like output encoding) and invalidate all sessions, making users have to log in again.

要从反射的 XSS 中恢复" - 您需要确定提供恶意代码的位置，添加输入的清理和该数据输出的编码.然后清除这些恶意值的数据库，然后使所有会话无效，迫使用户重新登录.

To "recover" from reflected XSS - you would want to identify where the malicious code was provided, add sanitization of the input and encoding of the output of that data. Then clean the database of these malicious values, then invalidate all sessions, forcing users to log back in again.

这篇关于如何在 xss 攻击后恢复站点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！