Recently dealt with a company outside the network project of the two security vulnerabilities are very common, and very dangerous.
A reflected cross site scripting vulnerability
Can be embedded in the attack script, once in the user's browser to load the page, it will execute this script. Might steal or manipulate customer session and cookies, which may be used to mimic a legitimate user, allowing the hackers to to the identity of the user to view or change user records and perform transactions.
By a program parameter output parameter passed to the HTML page, then open the following URL will return a message prompt:
http://***. com/xss/message. jsp? send=Hello,World!
This program functions to extract the parameters of the data and inserted into the page after loading the HTML code, This isXSSthe vulnerability of one of the obvious features;
If this program does not go through filtering and other security measures, then it will be very vulnerable to attack.
Below we look at how to implement the attack. In the original program of the URL parameter replacement as we used to test the code:
http://www.***. com /xss/message. jsp? send=<script>alert(‘xss’)</script>
The page output was:<script>alert(‘xss’)</script>
When the user in the user browser open, it will pop up a prompt message.
If the user is already log in to the Web system and get a session information in the cookie, and then open the hack embedded in the illegal script of the page, then the hackers basically can pass the cookie information to hijack the user's session to do whatever they want.
1, Do not trust any user input, do a check, if conditions allow, try to use whitelisting to validate the input parameters;
2, is output when the user provides the content for escape processing.
By constructing a URL, an attacker can use the user is redirected to an arbitrary URL, using this vulnerability can convince a user to visit a page, hung it, password recording, downloading any files etc.