摘要
针对危害性最为严重的存储型XSS漏洞的特点及其触发方式,设计并实现了一款自动生成存储型XSS攻击向量的工具.使用该工具对中国2个大型视频分享网站的日志发布系统进行测试,发现6类导致存储型XSS漏洞的攻击向量.实验结果验证了该方法及测试工具的有效性,并说明中国视频网站仍存在着较大安全隐患.
The stored-XSS(cross-site scripting) is generally more serious than the other modalities of XSS.We study the characteristics and trigger mechanism of stored-XSS,propose an generation method of attack vectors for stored-XSS,and accomplish a tool which can generate the attack vectors automatically.After we used this tool in testing the blog systems of two popular video-sharing sites in China,we found 6 types of attcak vectors which can trigger stored-XSS.The results of the testing experiments show the effectiveness of our method and also show the potential security risk in the video-sharing sites.
出处
《中国科学院研究生院学报》
CAS
CSCD
北大核心
2012年第6期815-820,共6页
Journal of the Graduate School of the Chinese Academy of Sciences
基金
国家自然科学基金(60970140)资助