xss

16
Lỗi XSS - Cross-Site Scripting

Upload: linh-thai-hoang

Post on 15-Sep-2015

3 views

Category:

Documents


0 download

DESCRIPTION

It is about XSS, one of the security issue of web application

TRANSCRIPT

Li XSS - Cross-Site Scripting

Mc lcCc dng tn cngCng c tm kim liCch phng chng liKhi nim

Khi nimLi XSS xy ra khi mt ng dng nhn vo nhng d liu khng ng tin v gi nhng d liu y cho trnh duyt ca ngi dngV d:mt on Javascript:

Li XSS thng gip ngi khai thc chim phin ng nhp ca ngi dng, deface trang web hay dn ngi dng n nhng trang web la oCc dng liNon-persistentPersistentNon-persistentVi dng non-persistent, d liu khai thc s khng c lu tr trn server. A dng trang web ca BTrang web ca B cho php A lp ti khon v cha nhng thng tin ring tTrang web ca B c li XSS trong chc nng tm kim http://bobssite.org?q=search termsearch termNon-persistentV dChc nng tm kim ca trang web khi nhn c mt query:

Trang web s hin ra

"http://bobssite.org?q=puppies http://bobssite.org?q=puppiespuppiespuppies not foundChc nng tm kim ca trang web khi nhn c mt query bt thng nh:

Trang web s hin ra

alert('pwnd'); http://bobssite.org?q= >https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_SheetTham kho thm v d n AntiSamy: https://www.owasp.org/index.php/AntiSamyCch phng chng