摘要
XSS漏洞普遍存在于当前Web应用中,而且危害极其严重。随着Web2.0的到来,Web应用日趋大型化和复杂化,进一步为Web漏洞的滋生提供了温床。针对大型Web应用中复杂的数据组织结构,文章提出一种基于动态数据生成缺陷的XSS漏洞挖掘方法,能快速、高效地挖掘出大型Web应用中存在的XSS漏洞。同时,利用这一挖掘方法对Web应用中存在的HTTP Response Splitting漏洞、URL Redirection漏洞进行挖掘分析,都取得了非常显著的效果。
XSS is the most common and seriously harmful vulnerability in current Web applications. With the arrival of Web2.0 technologies, Web applications tend to be much larger and more complex, which provided the hotbed for Web vulnerabilities. According to the complex structure of data organization in large-scale web applications, in this paper we proposed an approach for exploiting XSS vulnerability based on dynamic data generating flaw. It can exploit XSS vulnerability existing in large-scale Web applications quickly and effectively. We also use this method to analysis HTTP Response Splitting vulnerability and URL Redirection vulnerability in Web applications and also achieved significant results.
出处
《信息网络安全》
2012年第11期44-47,共4页
Netinfo Security
基金
国家自然科学基金资助项目[61170268
61272493]
