In fact, far not so simple. You found the only programmer of a small bug only, far fromXSS. Their relationship as a system vulnerability with the exploitability of the vulnerability relationship, quite different. If your system is appeared“**** memory cannot be read”it? Whether you know it is overflow vulnerability of a performance? But want to therefore make the virus far not so simple things, you could say they found the overflow bug?
Then usexssvulnerability can do? Monyer believed it should be a few points:
1, targeted hung it to the
So this site must be gaming sites, banking sites or on qq, taobao or influence quite a large site, etc., they must have our usual need to steal the account password; of course, perhaps this site rank quite high, we can be more horses hanging out.
And if only the middle of a small siteXSSvulnerabilities, if we want to hung it, then everyone as it is directly to the Trojan page address posted out.
2, The user permissions under the operation
Such sites must have members, and these members have a lot of meaningful operation or to have we need the internal profile, so we can byXSSfor the logged in visitor to have permission to operate. I think the cookies of the theft should be counted as this one, because its purpose is to get the user operation permissions stolen password included, to obtain the user some information or for permission under the relevant operation.
3, the Dos attack or the puppet machine
This same need to one of the most visited a very large site, the use of a small site everyone as our own attacks or to gain information. We can use this page to access the user uninterrupted attack other sites, or for LAN scanning, and so on. These js tools have been generated, the js port scanning, jikto, axssshell, and so on.
4, put the right
Generally this occurs mainly in the forum or information management system, in short, be sure to have administrator. This requires the attacker to the target system is quite familiar, generally such a system requires open source code, so you know how to construct the statement. rights.
5, to achieve special effects
For example, Monyer in the Baidu space to insert video, insert section; for example, some people in Sina blog or the school network to achieve the special effects, and so on.
So, you should be aware of these sites should have the properties:
Extremely high traffic, members, administrator, having a value of the account password, or meaningful special effects.
This means that normal access to a page will not trigger the reservation of the formulaXSS, although this is most of the site has the vulnerability, wherein the Search section, also known as the search formulaXSSvulnerabilities.
So when you get a input XSS, you only alert a small box of. You talk to someone boasting that you found a vulnerability, and you can alert a box to him, but the fact that you can not do anything. Even if you can hang some small Trojans, that is also no sense of things-because you did not dare directly in your virtual host makeXSSpage to someone else.
This withsql injection, XSSis after all the client stuff. sql injectionthe purpose is often to obtain the target system's permissions, and the sql statement itself, the execution is the service side of the instruction; but XSSgenerally is in order to get the client something, the execution is also the client's instructions. So they can“'”what“went wrong”and shouting, you're not as“alert”“xssthe window” and barking.
Otherwise it will only let others joke!
Of course, if you thinkXSSyou can also do what things, and can be in a useless user didn't manage a small website, then Monyer willing to humbly ask!）
Monyer it! from:Monyer's blog