Skip to content

Instantly share code, notes, and snippets.

@magussiro

magussiro/xss_notes.md

Forked from jaceju/xss_notes.md
Created July 17, 2020 15:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save magussiro/db089ab94e9b7e729559e1b59897637a to your computer and use it in GitHub Desktop.
Save magussiro/db089ab94e9b7e729559e1b59897637a to your computer and use it in GitHub Desktop.
Download ZIP
XSS 上課筆記
Raw
xss_notes.md

XSS 上課筆記

OWASP

  1. Injection
  2. Broken Authentication and Session Management
  3. XSS

Devcore

  1. XSS
  2. SQL Injection
  3. Business Logic Flaw
  4. CSRF
  5. Information Leakage

特色

  1. 注入 JavaScript
  2. 主要對 Client 有危害
  3. 取得用戶的 cookie 回傳到駭客的 server 來假冒登入
  4. 安裝有害的瀏覽器元件

攻入

任何可以輸入的地方

  1. content-type
  2. CSS (background-url)
  3. URL

防禦

  1. 白名單過濾
  2. escape 輸出
  3. encoding 檢查 (全轉 utf-8)
  4. OWASP XSS Prevention Cheat Sheet
  5. Html Purifier

Worst Practice (無效)

  1. client side 防禦 (JavaScript)
  2. 字串取代

手法

[OWASP XSS Filter Evasion Cheat Sheet] (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet)

駭客工具

通報

半自動測試工具

Lab

# 監看 port 12345 的輸入
nc -vvv -l 12345

類型

  • 反射式:誘使使用者點選
  • 儲存式:從資料庫讀出,直接讓使用者中招
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment