Python Ethical Hacking - VULNERABILITY SCANNER(5)

EXPLOITATION - XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

  • Allow an attacker to inject javascript code into the page.
  • The code is executed when the page loads.
  • The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS.

2. Reflected XSS.

3.DOM-based XSS

 

DISCOVERING XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    •   http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL
    •   http://target.com/page.php?something=<script>altert("XSS")</script>

 

 

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

 

posted @ 2019-10-20 16:40  晨风_Eric  阅读(139)  评论(0编辑  收藏  举报