摘要
跨站脚本攻击(XSS)是目前网上最流行的WEB攻击方式之一,也是危害最大的Web攻击方式之一。由于Javascript的普及应用,跨站脚本攻击的利用场景也在逐渐扩展,造成的危害会随着黑客对其的理解加深而越来越大。与其他类型的漏洞相比,互联网上的各类扫描器对于XSS的识别都具有较高的准确性,而XSS平台的普及也为XSS的深度利用制造了条件,越来越多的人正在掌握XSS攻击的各类用法。在可预见的未来,对于XSS的认知是网站开发人员必不可少的知识,本文就当下XSS漏洞所能利用的手法与利用的场景进行分析,希望能对开发人员在相关业务场景代码编写过程中有所警示,也希望安全人员更多的了解XSS攻击存在的场景和被利用的手段,以促进互联网安全生态圈的发展。
Cross site scripting (XSS) is one of the most popuIar WEB At acking methods at present, and aIso one of the most risky web at acks. Because of the popuIarization of JavaScript, the scene of the cross site scripting at ack is aIso graduaI y expanded.And it’s more and more harmfuI with the hacker’s deepening understanding. Compared with other vuInerabiIities, aI the scanners have a high accuracy for the recognition of the XSS, PopuIarize of XSS pIatform which is for XSS depth using manufacturing conditions, make more and more peopIe become masters of XSS at ack. In the foreseeabIe future, XSS wiI be essentiaI knowIedge for website deveIopers.This paper anaIysis how XSS vuInerabiIities couId be used at present,which may be heIpfuI to deveIopers who are going to write some process with the reIevant business scene code, aIso make more security engineeers know it, to promote the deveIopment of Internet security ecoIogicaI circIe.