General description
A simple description of what isXSSattack
How to findXSSvulnerability
ForXSSattack the General idea
From internal attacks:
How to find the internalXSSvulnerability
How to construct attack
How to use
The junction of any instances of attacks, such as DVBBS&BBSXP
From external attack
How to constructXSSattack
How to deceive the administrator open
XSSwith other technologies of knot what
With mssql injection of the combination
QQ cross-site junction where
Domestic large-scale statistics web site the cross-site vulnerabilities
Social engineering
Making a horror flash Trojan
The production method by Li Feng beginning to write
Summary
Body:
XSSGeneral description
What isXSSattack
XSSalso known as CSS (Cross Site Script), cross-site scripting attacks. It refers to a malicious attacker to the Web page to insert malicious html code, when a user browses the page, Embedded Web inside the html code will be executed, so as to achieve a malicious user of the special purpose. XSSbelongs to the passive attacks, because of its passive and not use, so many people often call slightly its harmful. While this article is primarily about the use ofXSSto give the target server shell. Technology although is old technology, but its ideas hope to help everyone.
How to findXSSvulnerability
Personally, I putXSSthe attack is divided into two categories, one is from internal attacks, mainly refers to the use of the program’s own vulnerability, to construct cross-site statement, such as:dvbbs of showerror. asp the presence of cross-site vulnerabilities. The other is from external attacks, mainly referring to construct their ownXSScross-site vulnerabilities a web page or looking for non-target machine other than a cross-site vulnerability of the page. Such as when we want to infiltrate a site, we ourselves constructed a cross-site vulnerability of the page, and then construct cross-site statement, through a combination of other techniques, such as social engineering, etc., to deceive the target server administrator to open.
And then use the following technique to get a shell.
How to use
Traditional cross-site the use of methods are generally attacker to construct a cross-site page, and then in another space to put a collection of cookie page, and then in combination with other techniques let the user open to cross-site pages to steal user’s cookie, in order to further attack. Personally think this is way too behind, for the drawbacks you may all know, because even if you collected the cookie you may not be able to penetrate further into it, most of the cookies inside the password is encrypted, if you want the cookie trick, then, is also subject to other conditions of the Limited is about. And this paper presents another idea, from a certain extent, solve the above problems. For individuals, more Mature approach is through cross-site constructs a form, the form content is to use the program’s backup function or admin function to give a high privilege. Below I will detail this technique.
From the interior of the cross-site attacks
Looking for cross site vulnerabilities
If there are Code words the better do, we mainly look at the code in the user input place and the variable has nothing to do with the length and the”<”,”>”,”;”,”’”and other characters are filtered. Also to be noted that the tag is closed, like test QQ group cross-site vulnerability when your in the title at the input<script>alert(‘test’)</script>, the code will not be executed, because in the source code, there are other tags not closed, as little a</script>, this time, you just closed a</script>, the code will be executed, such as: your title at the input</script><script>alert(‘test’)</script>, so you can pop a test frame.
How to use
I’m the first to BBSXP, for example, the process has been made into animation, the details, the visible disc of the animation. I, for BBSXP, two of which compare well with the cross-site vulnerability points, for example.
a. To register an ordinary user, I registered here the user is linzi. Then we at personal signature write:
! |
---|
Or to construct cross-site statement, 利用iframe打开一个0大小的linzi.txt the.
When the administrator opens, it will automatically backup to get a shell.
Fourth, XSSwith other technologies of knot what
From the above examples, we can know, how to cheat management open is a very important step, for cheat open, in addition to social engineering, we can combine other technologies, such as sql injection. When we penetrate a website, the Main Station mssql injection vulnerability, access for the public,this time we use the update construct cross-site statement, such as with an iframe open a above backup get the shell cross-site statement, etc., similarly, we can in social engineering, the use of QQ and other cross-site vulnerability, etc.
Always for cheating is also an art, specifically how to use, you just play your own imagination!
Five, the Flash Trojan production.
Slightly