摘要
XSS又叫CSS(Cross Site Script),跨站脚本攻击。跨站脚本攻击以访问服务器的客户端为攻击目标,通过恶意脚本向第三方站点发送用户的信息。跨站脚本攻击是继SQL注入攻击后最为常用的攻击手段。XSS本质上是Web应用服务的漏洞,主要的攻击方法分别是在Web应用程序中偷cookie、利用iframe或frame存取管理页面或后台页面、利用XMLHttpRequest存取管理页面或后台页面。
XSS also known as CSS(Cross Site Script),cross-site scripting attacks.Cross-site scripting attack to access the server,the client object of the attack by a malicious script to a third party site to send the user information.Cross-site scripting attack is SQL injection attacks,following the most commonly used means of attack.XSS is essentially a Web application service vulnerability,the main attack methods are in the Web application to steal cookie,use of iframe or frame to access the management page,or the background page,use XMLHttpRequest to access the management page,or the background page.
出处
《宜春学院学报》
2009年第6期87-89,共3页
Journal of Yichun University
