摘要
XSS漏洞是当前Web应用程序中普遍存在的漏洞,很多Web应用程序因存在此漏洞而受到攻击。每个Web应用程序XSS漏洞出现的场景、攻击方式和危害程度都可能不同,对网站没有直接的影响,因此很多网站管理员对此攻击不太重视。文中描述XSS漏洞形成原理并讲述漏洞检测方法,通过对XSS攻击的利用方式,如偷取Cookie伪造身份登录,来获取浏览器明文密码分析,并提出相应的防范措施。
XSS exploit is prevalent in current web application. Many web applications are xnxlnerable to attack for existence of XSS exploit in their applications. On the different occasions where the web applications security exploit appears, the attack ways are different, so Web administrators pay little attention to this attack. This paper gives the forming principles and detection methods of XSS exploit. Through analyzing the utilization ways of XSS attack, that is, stealing the cookie and forging identity for logging in, getting the plain-text password in browser, some corresponding measures for preventin~ the cross-site scriDtin~ attack are proposed.
出处
《信息安全与通信保密》
2013年第3期72-74,共3页
Information Security and Communications Privacy
关键词
XSS漏洞
检测方法
防范措施
XSS exploit
detection method
prevention measures