2021-01-05 09:58发布
攻击WEB客户端
客户端脚本语言
XSS(cross-site scripting)
使用场景
攻击参与方
漏洞形成的根源
XSS漏洞类型
反射型XSS实验8.1 初试XSS8.2 基于html事件类型8.2.1 基于标签超链接8.2.2 基于网页中链接图片/>/>/>/>>< style>
xss是在客户端作为攻击对象,一般不能实现对客户端的完全控制,尽管其漏洞在服务端;VBScript针对微软的浏览器、ActiveX 、Flash、Javascript客户端执行工具/语言。
弹窗告警、广告 //比如输入格式不合格
Javascript
在浏览器中执行
通过WEB站点漏洞,向客户端交付恶意脚本基本代码,实现对客户端的攻击目的
注入客户端脚本代码
盗取cookie
重定向 //本来访问正常站点,但却访问了另一个被黑客伪造的站点,输入了账号、密码
其他客户端脚本:VBScript(仅限于微软自己的浏览器)、ActiveX
直接嵌入html:
[removed]alert('XSS')[removed]
元素标签事件,页面被加载时执行javascript
图片标签。//插入一张图片,默认为图片路径,但也可以是js
< style class=" list-paddingleft-2">其他标签:、<div>、<link></span></p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">DOM对象,篡改页面内容 //文本对象模型,是一种标准,通过调用api调用html中的元素、标签。</p></li></ul><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><br></h3><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important"><span style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important;font-size: 20px">5.攻击参与方</span></strong></h3><ul style="padding: 0px 0px 0px 2.2em;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;text-align: justify;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important" class=" list-paddingleft-2"><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">攻击者</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">被攻击者</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">漏洞站点</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">第三方站点(攻击目标、攻击参与站),比如服务端下发js,众多客户端访问正常的网站,而变向去访问另一个网站,导致ddos</p></li></ul><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><br></h3><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important"><span style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important;font-size: 20px">6.漏洞形成的根源</span></strong></h3><ul style="padding: 0px 0px 0px 2.2em;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;text-align: justify;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important" class=" list-paddingleft-2"><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">服务器对用户提交数据过滤不严</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">提交给服务器的脚本被直接返回给其他客户端执行</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">脚本在客户端执行恶意操作</p></li></ul><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><br></h3><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important"><span style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important;font-size: 20px">7.XSS漏洞类型</span></strong></h3><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important">反射型(非持久):正常情况下,黑客在请求服务器时发送js,服务器由于没有过滤,不执行此代码而是直接立刻返回给黑客的浏览器,此时只是在黑客电脑上执行,不会有什么问题,但如果黑客通过诱使(如邮件)被攻击者点击恶意链接访问,执行了包含的js,服务端原封不动的返回,并在浏览器上执行此js,而可能导致cookie的窃取,被安装键盘记录器等。</p><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important">存储型(持久型):JavaScript在服务器端保存,每个客户在请求服务器时,服务端保存的js会返回,并在浏览器中直接执行。<br><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important">若向服务器提交的片段中,被服务器原封不动的返回,则很有可能存在XSS漏洞</strong></p><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important">DOM型:在本地执行,不去向浏览器去发送请求</p><p><br></p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92731"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92731); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92731"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92731);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div id="comment-92755" class="comment"> <div> <div class="author"> <a href="http://www.shouhuola.com/u-732.html" target="_self" class="avatar"> <img src="http://www.shouhuola.com/data/avatar/000/00/07/small_000000732.jpg"> </a> <div class="info"> <a href="http://www.shouhuola.com/u-732.html" target="_self" class="name"> 茄子酱 </a> <!----> <div class="meta"> <span>3楼 · 2021-01-05 10:12</span> </div> </div> </div> <div class="comment-wrap art-content"> <div class="answercontent"> <p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; font-family: -apple-system, ">跨站脚本攻击(Cross Site Scripting),简称XSS, 是指:由于网站程序对用户输入过滤不足,致使攻击者利用输入可以显示在页面上对其他用户造成影响的代码来盗取用户资料、利用用户身份进行某种动作或者对访问者进行病毒侵害的一种攻击方式。<br>直白点:恶意攻击者往Web页面里插入恶意Script代码,当用户浏览该页之时,嵌入其中Web里面的Script代码会被执行,从而达到恶意攻击用户的目的。</p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; font-family: -apple-system, ">不同于大多数攻击(一般只涉及攻击者和受害者),XSS涉及到三方,即攻击者、客户端与网站。XSS的攻击目标是为了盗取客户端的cookie或者其他网站用于识别客户端身份的敏感信息。获取到合法用户的信息后,攻击者甚至可以假冒最终用户与网站进行交互。</p><p><br></p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92755"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92755); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92755"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92755);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div id="comment-92770" class="comment"> <div> <div class="author"> <a href="http://www.shouhuola.com/u-997.html" target="_self" class="avatar"> <img src="http://www.shouhuola.com/data/avatar/000/00/09/small_000000997.jpg"> </a> <div class="info"> <a href="http://www.shouhuola.com/u-997.html" target="_self" class="name"> 浅浅77 </a> <!----> <div class="meta"> <span>4楼 · 2021-01-05 10:28</span> </div> </div> </div> <div class="comment-wrap art-content"> <div class="answercontent"> <h4>反射型xss攻击</h4><p> 又称为非持久性跨站点脚本攻击,它是最常见的类型的XSS。漏洞产生的原因是攻击者注入的数据反映在响应中。一个典型的非持久性XSS包含一个带XSS攻击向量的链接(即每次攻击需要用户的点击)。</p><p>简单例子</p><p>正常发送消息:</p><p>http://www.test.com/message.php?send=Hello,World!</p><p>接收者将会接收信息并显示Hello,Word</p><p>非正常发送消息:</p><p>http://www.test.com/message.php?send=[removed]alert(‘foolish!’)[removed]!</p><p>接收者接收消息显示的时候将会弹出警告窗口</p><h4>存贮型xss攻击</h4><p> 又称为持久型跨站点脚本,它一般发生在XSS攻击向量(一般指XSS攻击代码)存储在网站数据库,当一个页面被用户打开的时候执行。每当用户打开浏览器,脚本执行。持久的XSS相比非持久性XSS攻击危害性更大,因为每当用户打开页面,查看内容时脚本将自动执行。谷歌的orkut曾经就遭受到XSS。</p><p>简单例子:</p><p>从名字就可了解到存储型XSS攻击就是将攻击代码存入数据库中,然后客户端打开时就执行这些攻击代码。例如留言板</p><p>留言板表单中的表单域:<input type=“text” name=“content” value=“这里是用户填写的数据”></p><p>正常操作:</p><p>用户是提交相应留言信息;将数据存储到数据库;其他用户访问留言板,应用去数据并显示。</p><p>非正常操作:</p><p>攻击者在value填写[removed]alert(‘foolish!’)[removed]【或者html其他标签(破坏样式。。。)、一段攻击型代码】;</p><p>将数据存储到数据库中;</p><p>其他用户取出数据显示的时候,将会执行这些攻击性代码</p><h4>DOMBasedXSS(基于dom的跨站点脚本攻击)</h4><p> 基于DOM的XSS有时也称为type0XSS。当用户能够通过交互修改浏览器页面中的DOM(DocumentObjectModel)并显示在浏览器上时,就有可能产生这种漏洞,从效果上来说它也是反射型XSS。</p><p> 通过修改页面的DOM节点形成的XSS,称之为DOMBasedXSS。</p><p> 前提是易受攻击的网站有一个HTML页面采用不安全的方式从[removed] 或document.URL 或 document.referrer获取数据(或者任何其他攻击者可以修改的对象)。</p><p>简单例子</p><p> 1 <HTML> 2 <TITLE>Welcome!</TITLE> 3 Hi 4 [removed] 5 var pos=document.URL.indexOf("name=")+5; 6 [removed](document.URL.substring(pos,document.URL.length)); 7 [removed] 8 <BR> 9 Welcome to our system10 …11 </HTML></p><p>这个例子是个欢迎页面,name是截取URL中get过来的name参数</p><p>正常操作:</p><p>http://www.vulnerable.site/welcome.html?name=Joe</p><p>非正常操作:</p><p>http://www.vulnerable.site/welcome.html?name=[removed]alert([removed])[removed]</p><p> 将产生xss条件。让我们看看为什么:受害者的浏览器接收到这个链接,发送HTTP请求到www.vulnerable.site并且接受到上面的HTML页。受害者的浏览器开始解析这个HTML为DOM,DOM包含一个对象叫document,document里面有个URL属性,这个属性里填充着当前页面的URL。当解析器到达javascript代码,它会执行它并且修改你的HTML页面。倘若代码中引用了document.URL,那么,这部分字符串将会在解析时嵌入到HTML中,然后立即解析,同时,javascript代码会找到(alert(…))并且在同一个页面执行它,这就产生了xss的条件。</p><p>注意:</p><p> 1. 恶意程序脚本在任何时候不会嵌入到处于自然状态下的HTML页面(这和其他种类的xss不太一样)。</p><p> 2.这个攻击只有在浏览器没有修改URL字符时起作用。 当url不是直接在地址栏输入,Mozilla.会自动转换在document.URL中字符<和>(转化为< 和 >),因此在就不会受到上面示例那样的攻击了,在IE6下没有转换<和>,因此他很容易受到攻击。</p><p> 当然,直接嵌入到HTML只是攻击的一个挂载点,有很多脚本不需要依赖<和>漏洞,因此Mozilla通常也是无法阻止这些攻击的。</p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92770"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92770); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92770"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92770);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div id="comment-92833" class="comment"> <div> <div class="author"> <a href="http://www.shouhuola.com/u-236.html" target="_self" class="avatar"> <img src="http://www.shouhuola.com/data/avatar/000/00/02/small_000000236.jpg"> </a> <div class="info"> <a href="http://www.shouhuola.com/u-236.html" target="_self" class="name"> 小磊子 </a> <!----> <div class="meta"> <span>5楼 · 2021-01-05 11:00</span> </div> </div> </div> <div class="comment-wrap art-content"> <div class="answercontent"> <p></p><p><article><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">一、简介</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">什么是XSS?</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><a style='color:#2f2f2f;cursor:pointer;' href='http://www.baidu.com'>百度</a>百科的解释: XSS又叫CSS (Cross Site Script) ,跨站脚本攻击。它指的是恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意用户的特殊目的。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">它与SQL注入攻击类似,SQL注入攻击中以SQL语句作为用户输入,从而达到查询/修改/删除数据的目的,而在xss攻击中,通过插入恶意脚本,实现对用户游览器的控制,获取用户的一些信息。</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">二、分类</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">xss攻击可以分成两种类型:</span><br><br>1.非持久型攻击<br>2.持久型攻击<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">非持久型xss攻击:顾名思义,非持久型xss攻击是一次性的,仅对当次的页面访问产生影响。非持久型xss攻击要求用户访问一个被攻击者篡改后的链接,用户访问该链接时,被植入的攻击脚本被用户游览器执行,从而达到攻击目的。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">持久型xss攻击:<span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">持久型xss,</span>会把攻击者的数据存储在服务器端,攻击行为将伴随着攻击数据一直存在。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">也可以分成三类:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">反射型:经过后端,不经过数据库<br><br>存储型:经过后端,经过数据库<br><br>DOM:不经过后端,DOM—based XSS漏洞是基于文档对象模型Document Objeet Model,DOM)的一种漏洞,dom - xss是通过url传入参数去控制触发的。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">三、原理</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">1.反射型</span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">新建一个xss.php文件并加入以下代码:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"></span></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);">\\XSS反射演示<form action="" method="get"><input type="text" name="xss"/><input type="submit" value="test"/></form><?php$xss = @$_GET['xss'];if($xss!==null){ echo $xss;}</pre><p><br><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 18px;">这段代码中首先包含一个表单,用于向页面自己发送 GET 请求,带一个名为xss的参数。 然后 PHP 会读取该参数,如果不为空,则直接打印出来,这里不存在任何过滤。也就是说,如果xss中存在 HTML 结构性的内容,打印之后会直接解释为 HTML 元素。</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">部署好这个文件,访问http://localhost/xss.php,</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">直接输入一个js代码,比如[removed]alert('hack')[removed],</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227121447473" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">之后点击test:</span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227121516583" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">我们输入的HTML代码被执行了。用Firebug查看,我们输出的内容直接插入到了页面中,解释为[removed]标签。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227122040887" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">反射型 XSS 的数据流向是:浏览器 -> 后端 -> 浏览器。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">2.存储型</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">把xss.php内容改为(同时数据库中需要配置相应的表):<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);">\\存储XSS演示<form action="" method="post"><input type="text" name="xss"/><input type="submit" value="test"/></form><?php$xss=@$_POST['xss'];mysql_connect("localhost","root","123");mysql_select_db("xss");if($xss!==null){ $sql="insert into temp(id,payload) values('1','$xss')"; $result=mysql_query($sql); echo $result;}</pre><p><br><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">用户输入的内容还是没有过滤,但是不直接显示在页面中,而是插入到了数据库。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">新建show.php,内容为:<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"></span></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);">mysql_connect("localhost","root","root");mysql_select_db("xss");$sql="select payload from temp where id=1";$result=mysql_query($sql);while($row=mysql_fetch_array($result)){echo $row['payload'];}</pre><p><br><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 18px;">该代码从数据库读取了之前插入的内容,并将其显示出来。</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">先创建一个数据库xss,创建temp表</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227133124544" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">然后访问xss.php,像之前一样输入 HTML 代码</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227135717332" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击test,</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击之后却发现没有任何动静,但事实上,我们的数据已经插入到了数据库中。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227135826942" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">当我们访问show.php查询这个值的时候,代码就会被执行。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227135930117" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">存储型 XSS 的执行位置通常不同于输入位置。我们可以看出,存储行 XSS 的数据流向是:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">浏览器 -> 后端 -> 数据库 -> 后端 -> 浏览器。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">3.dom-xss</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">把xss.php内容改为</span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"></span></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);"><?phperror_reporting(0); //禁用错误报告$name = $_GET["name"];?><input id="text" type="text" value="<?php echo $name;?>" /><div id="print"></div>[removed]var text = document.getElementById("text");var print = document.getElementById("print");print[removed] = text.value; // 获取 text的值,并且输出在print内。这里是导致xss的主要原因。[removed]</pre><p><br><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227141714142" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">DOM-XSS 的数据流向是:</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">URL-->浏览器 </span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">总结: 在易用上,存储型XSS > DOM - XSS > 反射型 XSS。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">注:反射型xss和dom-xss都需要在url加入js代码才能够触发。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">四、利用</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">通过 XSS 来获得用户 Cookie 或其他有用信息,利用平台负责接收并保存这些信息。XSS利用平台有很多种如XSS Shell, BeEF, Anehta, CAL9000。这里使用xsser.me、搭建过程可参考这:http://blog.csdn.net/u011781521/article/details/53895363</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">进入搭建好的xsser.me平台首页输入用户名与密码进行登录</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163124497" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">成功之后会显示主界面,左边是模块列表,右边是项目列表: </span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163230593" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">我们点击左边“我的项目”旁边的“创建”按钮:</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227163420908" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">名称和描述可以随便取,不影响使用。输入时候点击“下一步”按钮。之后会出现“配置代码”界面:<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163600144" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163648051" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击下一步、就会看到这个项目的一些信息</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227163822811" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击完成。</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">然后我们会在首页看到我们的新项目,点击这个项目:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163924320" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">之后点击项目,进入一个页面再点击右上方的查看代码</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227164047010" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">就可以看到使用方法:</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227164414468" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">下面就演示下怎么利用</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">把[removed][removed]注入到反射型 XSS 的演示页面中。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227222339670" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">上面的src="xxxx"是我另外创建的一个项目的地址,把你创建好的那个项目,提供的那个地址放进去,就可以了,虽然这个页面没反应,但是<span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">xsser.me那个项目就收到消息了。</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227222912537" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p></article></p><p></p><p><br></p><p><br></p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92833"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92833); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92833"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92833);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div class="pages"></div> </div> </div> <div></div> </div> <!-- cdn 问答邀请 --> <div class="cdn_question_invate"></div> <script type="text/javascript"> getquestioncaozuo(7,32472); </script> <!-- 相关问题推荐 --> <div class="new_xgwt"> <h3>相关问题推荐</h3> <!-- 15条-20条左右 具体联系需求 --> <ul><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-13733.html" target="_blank">网络安全和软件测试那个相对简单好学一些?</a><i>2020-05-21 18:08</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>6</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">这个还是因人而异吧,看你自己对哪方面感兴趣,兴趣是最好的老师,感兴趣了才愿意钻研学习下去,简单说一下这两个学习知识方面的不同吧:软件测试岗位虽然对于从业者的知识基础要求不高,但是软件测试岗位所涉及到的知识面还是比较广的,所以软件测试人员也需...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-33489.html" target="_blank">【网络安全】sql注入漏洞的危害有哪些</a><i>2021-02-01 10:48</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>5</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">SQL注入漏洞的危害:1、数据库中存储的用户隐私信息泄漏;2、通过操作数据库对某些网页进行篡改;3、修改数据库一些字段的值,嵌入网马链接,进行挂马攻击;4、数据库服务器被恶意操作,系统管理员帐户被窜改;5、数据库服务器提供的操作系统支持,让黑客得以...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36967.html" target="_blank">从事网络安全工作有哪些证书是必须考的,哪些证书可以</a><i>2021-09-09 18:21</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>16</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">一、CISP(Certified Information Security Professional)证书中文叫注册信息安全专业人员,由中国信息安全产品测评认证中心实施的国家认证。可以说,这是目前国内对于个人来说认可度最高的信息安全人员资质,堪称最权威、最专业、最系统。根据实际岗位的不...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36553.html" target="_blank">网络安全中渗透是什么意思,有什么具体的作用吗?</a><i>2021-06-21 09:56</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>14</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">渗透测试(也称为pentest)是测试移动应用程序漏洞的过程。此测试的主要目的是确保外部人员的重要数据.通过模拟黑客的思维和攻击手段,对计算机业务系统的弱点、技术缺陷和漏洞进行探查评估。经过客户授权后,在不影响业务系统正常运行的条件下,渗透人员在黑...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-2753.html" target="_blank">网络安全主要是做什么事情的?</a><i>2020-04-01 13:53</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>1</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">网络安全是指网络系统的硬件、软件及其系统中的数据受到保护,不因偶然的或者恶意的原因而遭受到破坏、更改、泄露,系统连续可靠正常地运行,网络服务不中断。主要涉及到的有:1、物理措施:例如,保护网络关键设备(如交换机、大型计算机等),制定严格的网络...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36897.html" target="_blank">学习网络安全都学什么啊,计算机专业的可以不,薪资多</a><i>2021-08-20 11:16</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>33</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p"> 网络安全工程师学习内容: 1、计算机应用、计算机网络、通信、信息安全等相关专业本科学历,三年以上网络安全领域工作经验; 2、精通网络安全技术:包括端口、服务漏洞扫描、程序漏洞分析检测、权限管理、入侵和攻击分析追踪、网站渗透、病毒木马防...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36846.html" target="_blank">网络安全好学吗?现在大专学习好就业吗?</a><i>2021-08-16 16:01</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>26</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p"> 学历不是问题,技术才是硬道理!只要你的技术过硬的话,你完全可以进国家安全部门去工作的。比如公安局里的网监工作,大都是九零后的电脑方面的精英。未必都是本科生。还有从社会上特招进去的。所以说,现在是拿技术说话,不是靠学历吃饭的时代了。 网...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-30553.html" target="_blank">自学网络信息安全难不难?</a><i>2020-10-22 10:19</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>16</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">网络安全的知识是比较简单的,比较好入门,好多知识理论,大家都是可以听懂的,这是完全没有问题的。网络安全最终的则是实战的应用,怎么把这些理论知识运用到事件中,这些才是重中之重。所以在选择培训机构的时候,也需要尽量去找这些实践操作多的培训机构。...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36966.html" target="_blank">网络安全如何选择自己的工作方向?</a><i>2021-09-09 18:20</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>22</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p"> 能够胜任的岗位主要有:渗透测试工程师、大数据安全工程师、信息安全工程师、安全测试工程师、安全服务工程师、安全运维工程师、系统安全工程师、服务器安全工程师、云计算安全工程师、网络安全工程师、安全分析师、渗透讲师等; 按照web渗透、内网渗透...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36934.html" target="_blank">网络安全学习需要有计算机基础吗?就业怎么样?</a><i>2021-09-03 10:13</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>23</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">一些典型的网络安全问题,可以来梳理一下:IP安全:主要的攻击方式有被动攻击的网络窃听,主动攻击的IP欺骗(copy报文伪造、篡改)和路由攻击(中间人攻击);2. DNS安全:这个大家应该比较熟悉,修改DNS的映射表,误导用户的访问流量;3. DoS攻击:单一攻击...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36932.html" target="_blank">网络运维和网络安全有什么区别?</a><i>2021-09-03 10:00</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>19</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">运维一般是设备或者环境的搭建和维护,网络安全可以看做是防火墙</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36528.html" target="_blank">网络运维与网络安全有什么区别,主要从事的方向有什么</a><i>2021-06-18 09:23</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>12</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">先说说运维工程师和网络工程师的区别。运维工程师是泛指,网络工程师为特指,所以不能这么对比。你应该这么理解,网络工程师是一个人(也可以是理解成一个岗位),而运维则是他的工作内容。从工作内容上来说,运维可细分为桌面运维、网络运维、服务器运维三大...</p> </div> </li></ul> <div class="notSolve">没有解决我的问题,<a href="http://www.shouhuola.com/question/add.html">去提问</a></div> </div> </div> </div> </div> </div> <div class="col-md-7 aside "> <div class="standing"> <div class="positions bb" id="rankScroll"> <h3 class="title">等你来答</h3> <ul><li class="no-video"> <a href="http://www.shouhuola.com/q-13733.html" title="网络安全和软件测试那个相对简单好学一些?"> 网络安全和软件测试那个相对简单好学一些? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-13733.html" class="anum">6 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-33489.html" title="【网络安全】sql注入漏洞的危害有哪些"> 【网络安全】sql注入漏洞的危害有哪些 </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-33489.html" class="anum">5 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36967.html" title="从事网络安全工作有哪些证书是必须考的,哪些证书可以挂靠赚钱?"> 从事网络安全工作有哪些证书是必须考的,哪些证书可以挂靠赚钱? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36967.html" class="anum">16 个回答</a> </div> </li></ul> </div> </div> <div class="standing"> <div class="positions bb" id="rankScroll"> <h3 class="title">热门问答</h3> <ul><li class="no-video"> <a href="http://www.shouhuola.com/q-32791.html" title="xss分为哪三类"> xss分为哪三类 </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-32791.html" class="anum">4 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36528.html" title="网络运维与网络安全有什么区别,主要从事的方向有什么不同吗?"> 网络运维与网络安全有什么区别,主要从事的方向有什么不同吗? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36528.html" class="anum">12 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36932.html" title="网络运维和网络安全有什么区别?"> 网络运维和网络安全有什么区别? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36932.html" class="anum">19 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36431.html" title="网络安全需要学什么编程语言?那种是最常用的?"> 网络安全需要学什么编程语言?那种是最常用的? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36431.html" class="anum">7 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-30798.html" title="网络安全好学吗?听说这个工资很高 "> 网络安全好学吗?听说这个工资很高 </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-30798.html" class="anum">15 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36934.html" title="网络安全学习需要有计算机基础吗?就业怎么样?"> 网络安全学习需要有计算机基础吗?就业怎么样? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36934.html" class="anum">23 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-13579.html" title="网络安全的工资多少钱?好找工作嘛?"> 网络安全的工资多少钱?好找工作嘛? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-13579.html" class="anum">8 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36223.html" title="如何获取手机的udid?"> 如何获取手机的udid? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36223.html" class="anum">9 个回答</a> </div> </li></ul> </div> </div><div class="standing"> <div class="positions bb" id="rankScroll"> <h3 class="title">相关文章</h3> <ul><li class="no-video"><a href="http://www.shouhuola.com/article-54255.html" title="第三方软件压力测试报告需要哪些资质?大概费用和周期是多少?"> 第三方软件压力测试报告需要哪些资质?大概费用和周期是多少?</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-54255.html" title="第三方软件压力测试报告需要哪些资质?大概费用和周期是多少?" class="anum"> 0个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-53316.html" title="网络——路由进阶与安全"> 网络——路由进阶与安全</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-53316.html" title="网络——路由进阶与安全" class="anum"> 0个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-52493.html" title="gpu香港显卡服务器有什么作用,可应用哪些场景呢"> gpu香港显卡服务器有什么作用,可应用哪些场景呢</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-52493.html" title="gpu香港显卡服务器有什么作用,可应用哪些场景呢" class="anum"> 0个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1633.html" title="早知道安装图纸加密软件,就不会损失300万。"> 早知道安装图纸加密软件,就不会损失300万。</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1633.html" title="早知道安装图纸加密软件,就不会损失300万。" class="anum"> 1个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1626.html" title="网络安全的层次包括哪些"> 网络安全的层次包括哪些</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1626.html" title="网络安全的层次包括哪些" class="anum"> 3个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1624.html" title="有关网络病毒的法律有哪些"> 有关网络病毒的法律有哪些</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1624.html" title="有关网络病毒的法律有哪些" class="anum"> 1个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1621.html" title="你觉得医院的网络安全吗?"> 你觉得医院的网络安全吗?</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1621.html" title="你觉得医院的网络安全吗?" class="anum"> 2个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-986.html" title="网络安全灵魂三问(下)"> 网络安全灵魂三问(下)</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-986.html" title="网络安全灵魂三问(下)" class="anum"> 0个评论</a> </div></li> </ul> </div> </div><!--广告位5--></div> </div> </div> <div class="modal fade" id="dialogadopt"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title">采纳回答</h4> </div> <div class="modal-body"> <form class="form-horizontal" name="editanswerForm" method="post"> <input type="hidden" value="32472" id="adopt_qid" name="qid" /> <input type="hidden" id="adopt_answer" value="0" name="aid" /> <table class="table "> <tr valign="top"> <td>向帮助了您的网友说句感谢的话吧!</td> </tr> <tr> <td> <div class="inputbox mt15"> <textarea class="form-control" id="adopt_txtcontent" name="content">非常感谢!</textarea> </div> </td> </tr> <tr> <td><button type="button" id="adoptbtn" class="btn btn-success">确 认</button></td> </tr> </table> </form> </div> </div> </div> </div> <script> if(typeof($(".work-show-box").find("img").attr("data-original"))!="undefined"){ var imgurl=$(".work-show-box").find("img").attr("data-original"); $(".work-show-box").find("img").attr("src",imgurl); } $(".work-show-box,.answercontent").find("img").attr("data-toggle","lightbox").attr("data-lightbox-group",Date.parse( new Date() ).toString()); $("#adoptbtn").click(function(){ var data={ content:$("#adopt_txtcontent").val(), qid:$("#adopt_qid").val(), aid:$("#adopt_answer").val() } $.ajax({ //提交数据的类型 POST GET type:"POST", //提交的网址 url:"http://www.shouhuola.com/question/ajaxadopt.html", //提交的数据 data:data, //返回数据的格式 datatype: "json",//"xml", "html", "script", "json", "jsonp", "text". //在请求之前调用的函数 beforeSend:function(){}, //成功返回之后调用的函数 success:function(data){ var data=eval("("+data+")"); if(data.message=='ok'){ new $.zui.Messager('采纳成功!', { type: 'success', close: true, placement: 'center' // 定义显示位置 }).show(); setTimeout(function(){ window.location.reload(); },1500); }else{ new $.zui.Messager(data.message, { close: true, placement: 'center' // 定义显示位置 }).show(); } } , //调用执行后调用的函数 complete: function(XMLHttpRequest, textStatus){ }, //调用出错执行的函数 error: function(){ //请求出错处理 } }); }) </script> </div> <!-- 编辑标签 --> <div class="modal fade" id="dialog_tag"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title">编辑标签</h4> </div> <div class="modal-body"> <form onsubmit=" return checktagsubmit()" class="form-horizontal" name="edittagForm" action="http://www.shouhuola.com/question/edittag.html" method="post"> <input type="hidden" value="32472" name="qid" /> <p>最多设置5个标签!</p> <div class="inputbox mar-t-1"> <div class=" dongtai "> <div class="tags"></div> <input type="text" autocomplete="off" data-toggle="tooltip" data-placement="bottom" title="" placeholder="检索标签,最多添加5个,添加标签更容易被回答" data-original-title="检索标签,最多添加5个" name="topic_tagset" value="" class="txt_taginput"> <i class="fa fa-search"></i> <div class="tagsearch"></div> </div> <input type="hidden" class="form-control" id="qtags" name="qtags" value="" /> </div> <div class="mar-t-1"> <button type="submit" class="btn btn-success">保存</button> <button type="button" class="btn btn-default" data-dismiss="modal">关闭</button> </div> </form> </div> </div> </div> </div><!-- 举报 --> <div class="modal fade panel-report" id="dialog_inform"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title">举报内容</h4> </div> <div class="modal-body"> <form id="rp_form" class="rp_form" action="http://www.shouhuola.com/inform/add.html" method="post"> <input value="" type="hidden" name="qid" id="myqid"> <input value="" type="hidden" name="aid" id="myaid"> <input value="" type="hidden" name="qtitle" id="myqtitle"> <div class="js-group-type group group-2"> <h4>检举类型</h4> <ul> <li class="js-report-con"><label><input type="radio" name="group-type" value="1"><span>检举内容</span></label></li> <li class="js-report-user"><label><input type="radio" name="group-type" value="2"><span>检举用户</span></label></li> </ul> </div> <div class="group group-2"> <h4>检举原因</h4> <div class="list"> <ul> <li><label class="reason-btn"><input type="radio" name="type" value="4"><span>广告推广</span></label></li> <li><label class="reason-btn"><input type="radio" name="type" value="5"><span>恶意灌水</span></label></li> <li><label class="reason-btn"><input type="radio" name="type" value="6"><span>回答内容与提问无关</span> </label></li> <li><label class="copy-ans-btn"><input type="radio" name="type" value="7"><span>抄袭答案</span></label></li> <li><label class="reason-btn"><input type="radio" name="type" value="8"><span>其他</span></label></li> </ul> </div> </div> <div class="group group-3"> <h4>检举说明(必填)</h4> <div class="textarea"> <ul class="anslist" style="display: none; line-height: 20px; overflow: auto; height: 171px;"> </ul> <textarea name="content" maxlength="200" placeholder="请输入描述200个字以内"> </textarea> </div> </div> <div class="mar-t-1"> <button type="submit" id="btninform" class="btn btn-success">提交</button> <button type="button" class="btn btn-default mar-ly-1" data-dismiss="modal">关闭</button> </div> </form> </div> </div> </div> </div> <!-- 微信分享 --> <div class="modal share-wechat animated" style="display: none;"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" data-dismiss="modal" class="close">×</button> </div> <div class="modal-body"> <h5>打开微信“扫一扫”,打开网页后点击屏幕右上角分享按钮</h5> <div data-url="http://www.shouhuola.com/q-32472.html" class="qrcode" title="http://www.shouhuola.com/q-32472.html"> <canvas width="170" height="170" style="display: none;"></canvas> <div id="qr_wxcode"></div> </div> </div> <div class="modal-footer"></div> </div> </div> </div> <!-- 设置付费金额 --> <div class="modal pay-money animated" style="display: none;"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" data-dismiss="modal" class="close">×</button> </div> <div class="modal-body"> <h5>付费偷看金额在0.1-10元之间</h5> <div class="mar-t-1"> <input type="number" value="0" id="chakanjine" class="form-control" /> </div> <button id="comfirm_pay" class="btn btn-success mar-t-1">确定</button> </div> <div class="modal-footer"></div> </div> </div> </div> <!-- 邀请回答 --> <div class="modal fade" id="dialog_invate"> <div class="modal-dialog" style="width: 700px; top: 10px;"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title"></h4> <div class="m_invateinfo"> <span class="m_i_text""> 您已邀请<span class="m_i_persionnum">15</span>人回答 </span> <span data-toggle="popover" data-tip-class="popover-info" data-html="ture" data-placement="bottom" data-content="" title="我的邀请列表" class="m_i_view">查看邀请</span> <div class="m_i_warrper"> <input data-qid="32472" type="text" id="m_i_searchusertxt" class="m_i_search" placeholder="搜索你想邀请的人"> <i class="fa fa-search"></i> </div> </div> </div> <div class="modal-body"> <!-- 邀请回答 --> <ul class="trigger-menu m_invate_tab" data-pjax-container="#list-container"> <li class="active" data-qid="32472" data-item="1"><a href="javascript:">擅长该话题的人</a></li> <li class="" data-qid="32472" data-item="2"><a href="javascript:"> 回答过该话题的人</a></li> <li class="" data-qid="32472" data-item="3"><a href="javascript:">我关注的人</a></li> </ul> <!-- 邀请回答列表 --> <div class="m_invatelist"></div> </div> </div> </div> </div> <script> getquestioncaozuo(1,32472); getquestioncaozuo(2,32472); getquestioncaozuo(3,32472); getquestioncaozuo(4,32472); getquestioncaozuo(8,32472); $(".btnshowall").click(function(){ $(".shortquestioncontent").toggle(); $(".hidequestioncontent").toggle(); }); $("#normal-comment-list .answercontent").each(function(){ if($(this).height()>150){ $(this).parent().find(".readmore").show(); }else{ $(this).parent().find(".readmore").hide(); } }); // $(".readmore").click(function(){ // if($.trim($(this).html())=="查看更多"){ // $(this).parent().find(".answercontent").css("max-height","100000px").css("overflow","visible"); // $(this).html("收起"); // }else{ // $(this).parent().find(".answercontent").css("max-height","200px").css("overflow","hidden"); // $(this).html("查看更多"); // } // }); var needcode=0; var g_id = 6; var qid = 32472; function listertext(){ var _content=$("#anscontent").val(); if(_content.length>0&&g_id!=1){ $(".code_hint").show(); }else{ $(".code_hint").hide(); } } var mobile_localyuyin=1; // var userAgent = window.navigator.userAgent.toLowerCase(); // $.browser.msie8 = $.browser.msie && /msie 8\.0/i.test(userAgent); // if($.browser.msie8==true){ // var mobile_localyuyin=0; // } var targetplay=null; function checktagsubmit(){ if(gettagsnum()<=0){ alert("请设置标签"); return false; } if(gettagsnum()>5){ alert("最多添加5个标签"); return false; } var _tagstr=gettaglist(); $("#qtags").val(_tagstr); } $(".txt_taginput").on(" input propertychange",function(){ var _txtval=$(this).val(); if(_txtval.length>1){ //检索标签信息 var _data={tagname:_txtval}; var _url="http://www.shouhuola.com/tags/ajaxsearch.html"; function success(result){ console.log(result) if(result.code==200){ console.log(_txtval) $(".tagsearch").html(""); for(var i=0;i<result.taglist.length;i++){ var _msg=result.taglist[i].tagname $(".tagsearch").append('<div class="tagitem" tagid="'+result.taglist[i].id+'">'+_msg+'</div>'); } $(".tagsearch").show(); $(".tagsearch .tagitem").click(function(){ var _tagname=$.trim($(this).html()); var _tagid=$.trim($(this).attr("tagid")); if(gettagsnum()>=5){ alert("标签最多添加5个"); return false; } if(checktag(_tagname)){ alert("标签已存在"); return false; } $(".dongtai .tags").append('<div class="tag"><span tagid="'+_tagid+'">'+_tagname+"</span><i class='fa fa-close'></i></div>"); $(".dongtai .tags .tag .fa-close").click(function(){ $(this).parent().remove(); }); $(".tagsearch").html(""); $(".tagsearch").hide(); $(".txt_taginput").val(""); }); } } ajaxpost(_url,_data,success); }else{ $(".tagsearch").html(""); $(".tagsearch").hide(); } }) function checktag(_tagname){ var tagrepeat=false; $(".dongtai .tags .tag span").each(function(index,item){ var _tagnametmp=$.trim($(this).html()); if(_tagnametmp==_tagname){ tagrepeat=true; } }) return tagrepeat; } function gettaglist(){ var taglist=''; $(".dongtai .tags .tag span").each(function(index,item){ var _tagnametmp=$.trim($(this).attr("tagid")); taglist=taglist+_tagnametmp+","; }) taglist=taglist.substring(0,taglist.length-1); return taglist; } function gettagsnum(){ return $(".dongtai .tags .tag").length; } $(".tagsearch .tagitem").click(function(){ var _tagname=$.trim($(this).html()); if(gettagsnum()>=5){ alert("标签最多添加5个"); return false; } if(checktag(_tagname)){ alert("标签已存在"); return false; } $(".dongtai .tags").append('<div class="tag"><span>'+_tagname+"</span><i class='fa fa-close'></i></div>"); $(".dongtai .tags .tag .fa-close").click(function(){ $(this).parent().remove(); }); $(".tagsearch").html(""); $(".tagsearch").hide(); $(".txt_taginput").val(""); }); $(".dongtai .tags .tag .fa-close").click(function(){ $(this).parent().remove(); }); $(".yuyinplay").click(function(){ targetplay=$(this); var _serverid=targetplay.attr("id"); if(_serverid == '') { alert('语音文件丢失'); return; } $(".wtip").html("免费偷听"); targetplay.find(".wtip").html("播放中.."); if(mobile_localyuyin==1){ $(".htmlview").removeClass("hide"); $(".ieview").addClass("hide"); var myAudio =targetplay.find("#voiceaudio")[0]; // myAudio.pause(); //myAudio.play(); if(myAudio.paused){ targetplay.find(".wtip").html("播放中.."); myAudio.play(); }else{ targetplay.find(".wtip").html("暂停.."); myAudio.pause(); } function endfun(){ targetplay.find(".wtip").html("播放结束");alert("播放结束!")} var is_playFinish = setInterval(function(){ if( myAudio.ended){ endfun(); window.clearInterval(is_playFinish); } }, 10); }else{ $(".ieview").removeClass("hide"); $(".htmlview").addClass("hide"); } }) function deleteanswer(current_aid){ if(confirm("是否删除此回答?")){ window.location.href=g_site_url + "index.php" + query + "question/deleteanswer/"+current_aid+"/32472"; } } function adoptanswer(aid) { $("#adopt_answer").val(aid); $('#dialogadopt').modal('show'); } //编辑标签 function edittag() { $('#dialog_tag').modal('show'); } if(typeof($(".show-content").find("img").attr("data-original"))!="undefined"){ var imgurl=$(".show-content").find("img").attr("data-original"); $(".show-content").find("img").attr("src",imgurl); } $(".show-content,.answercontent").find("img").attr("data-toggle","lightbox").attr("data-lightbox-group",Date.parse( new Date() ).toString()); var category1 = [["15","Web前端"],["16","Java"],["17","Python"],["18","UI/UE设计"],["19","云计算"],["20","软件测试"],["21","大数据"],["23","网络安全"],["26","认证考试"],["28","职业发展"],["14","营销运营"],["22","游戏开发"],["24","三维室内设计"],["27","办公效率"],["29","兴趣生活"]]; var category2 = [["14","30","SEO优化"],["15","40","HTML/CSS"],["16","53","基础入门"],["17","58","Python核心编程"],["18","62","视觉设计基础"],["19","66","网络基础"],["20","71","功能测试"],["21","75","Java主流框架"],["22","79","C#语言基础"],["23","83","网络安全基础"],["24","88","模型与效果图"],["26","92","软考"],["27","101","Word"],["28","108","简历指导"],["29","113","前沿技术"],["28","115","职场困惑"],["27","117","工具资源"],["14","31","SEM推广"],["15","41","HTML5"],["16","54","算法分析"],["17","59","网络爬虫"],["18","63","品牌视觉设计"],["19","67","linux基础"],["20","72","自动化测试"],["21","76","Hadoop"],["22","80","Unity引擎"],["23","84","Web安全漏洞"],["24","89","Q版模型"],["26","93","PMP"],["27","102","Excel"],["28","109","面试礼仪"],["29","114","生活常识"],["28","116","行业前景"],["14","32","信息流"],["15","42","CSS3"],["16","55","微服务框架"],["17","60","人工智能"],["18","64","电商设计"],["19","68","linux运维自动化"],["20","73","接口测试"],["21","77","Spark"],["22","81","游戏策划"],["23","85","WAF安全测试"],["24","90","次世代模型"],["26","94","华为认证"],["27","103","PPT"],["28","110","面试问题"],["14","33","模板建站"],["15","43","JavaScript"],["16","56","数据库"],["17","61","全栈开发"],["18","65","UI交互设计"],["19","69","数据库运维管理"],["20","74","性能测试"],["21","78","机器学习"],["22","82","VR/AR"],["23","86","自动化安全检测"],["24","91","引擎地编"],["26","95","思科认证"],["27","104","WPS"],["14","34","新媒体运营"],["15","44","Vue.js"],["16","57","链接池"],["19","70","云架构管理"],["23","87","渗透测试"],["26","96","红帽认证"],["27","105","project"],["14","35","淘宝天猫"],["15","45","React.JS"],["26","97","微软认证"],["27","106","思维导图"],["14","36","京东运营"],["15","46","Angular"],["26","98","H3C认证"],["27","107","电脑基础"],["14","37","拼多多运营"],["15","47","Node.js"],["26","99","百度认证"],["14","38","短视频直播"],["15","48","jQuery"],["26","100","计算机等级考试"],["15","49","Bootstrap"],["15","50","Sass/Less"],["15","51","WebApp"],["15","52","小程序"]]; var category3 = []; var selectedcid = "23,0,0"; //修改分类 function change_category() { var category1 = $("#category1 option:selected").val(); var category2 = $("#category2 option:selected").val(); var category3 = $("#category3 option:selected").val(); if (category1 > 0) { $("#categoryid").val(category1); } if (category2 > 0) { $("#categoryid").val(category2); } if (category3 > 0) { $("#categoryid").val(category3); } $("#catedialog").model("hide"); $("form[name='editcategoryForm']").submit(); } //投诉 function openinform(qid ,qtitle,aid) { $("#myqid").val(qid); $("#myqtitle").val(qtitle); $("#myaid").val(aid); $('#dialog_inform').modal('show'); } $(".showcommentid").each(function(){ var dataid=$(this).attr("data-id"); show_comment(dataid); }); function show_comment(answerid) { if ($("#comment_" + answerid).css("display") === "none") { load_comment(answerid); $("#comment_" + answerid).slideDown(); } else { $("#comment_" + answerid).slideUp(); } } //添加评论 function addcomment(answerid) { var content = $("#comment_" + answerid + " input[name='content']").val(); var replyauthor = $("#comment_" + answerid + " input[name='replyauthor']").val(); console.log(g_uid); if (g_uid == 0){ login(); return false; } if (bytes($.trim(content)) < 5){ alert("评论内容不能少于5字"); return false; } $.ajax({ type: "POST", url: "http://www.shouhuola.com/answer/addcomment.html", data: "content=" + content + "&answerid=" + answerid+"&replyauthor="+replyauthor, success: function(status) { if (status == '1') { $("#comment_" + answerid + " input[name='content']").val(""); load_comment(answerid); }else{ if(status == '-2'){ alert("问题已经关闭,无法评论"); } } } }); } //删除评论 function deletecomment(commentid, answerid) { if (!confirm("确认删除该评论?")) { return false; } $.ajax({ type: "POST", url: "http://www.shouhuola.com/answer/deletecomment.html", data: "commentid=" + commentid + "&answerid=" + answerid, success: function(status) { if (status == '1') { load_comment(answerid); }else{ alert(status); } } }); } //加载评论 function load_comment(answerid){ $.ajax({ type: "GET", cache:false, url: "http://www.shouhuola.com/index.php?answer/ajaxviewcomment/" + answerid, success: function(comments) { $("#comment_" + answerid + " .my-comments-list").html(comments); } }); } function replycomment(commentauthorid,answerid){ var comment_author = $("#comment_author_"+commentauthorid).attr("title"); $("#comment_"+answerid+" .comment-input").focus(); $("#comment_"+answerid+" .comment-input").val("回复 "+comment_author+" :"); $("#comment_" + answerid + " input[name='replyauthor']").val(commentauthorid); } $(function(){ initcategory(category1); fillcategory(category2, $("#category1 option:selected").val(), "category2"); fillcategory(category3, $("#category2 option:selected").val(), "category3"); var qrurl="http://www.shouhuola.com/q-32472.html"; //微信二维码生成 $('#qr_wxcode').qrcode(qrurl); //显示微信二维码 $(".share-weixin").click(function(){ $(".share-wechat").show(); }); //关闭微信二维码 $(".close").click(function(){ $(".share-wechat").hide(); $(".pay-money").hide(); }); }) </script> <link rel="stylesheet" type="text/css" href="http://www.shouhuola.com/static/js/neweditor/code/styles/tomorrow-night-eighties.css"> <script src="http://www.shouhuola.com/static/js/neweditor/code/highlight.pack.js" type="text/javascript"></script> <script>hljs.initHighlightingOnLoad();</script> <script src="http://www.shouhuola.com/static/js/jquery.lazyload.min.js" type="text/javascript"></script> <script> $("img.lazy").lazyload({effect: "fadeIn" }); </script> <div class="side-tool" id="to_top"><ul><li data-placement="left" data-toggle="tooltip" data-container="body" data-original-title="回到顶部" > <a href="#" class="function-button"><i class="fa fa-angle-up"></i></a> </li> </ul></div> <script> window.onload = function(){ $(".edui-upload-video").attr("preload",""); var oTop = document.getElementById("to_top"); var screenw = document.documentElement.clientWidth || document.body.clientWidth; var screenh = document.documentElement.clientHeight || document.body.clientHeight; window.onscroll = function(){ var scrolltop = document.documentElement.scrollTop || document.body.scrollTop; if(scrolltop<=screenh){ oTop.style.display="none"; }else{ oTop.style.display="block"; } if(scrolltop>30){ $(".scrollshow").show(); }else{ $(".scrollshow").hide(); } } oTop.onclick = function(){ document.documentElement.scrollTop = document.body.scrollTop =0; } } </script> <footer id="footer"> <div class="copyrigth-wrap small"> <div class="content copyrigth"> <i style=" display: block;width: 685px; background: #d2d2d2; color: #fff; padding: 5px; margin: 0 0 10px 0;" >收获啦作为免费、公开信息平台,用户进行的所有活动由其自身承担法律责任。如您发现不良信息、侵权内容,请立即联系我们。</i> Copyright © 2020 收获啦! <a href="http://beian.miit.gov.cn" target="_blank">京ICP备10005032号-11</a> <a target="_blank" href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010802031459">京公网安备11010802031459号</a> <a href='https://zzlz.gsxt.gov.cn/businessCheck/verifKey.do?showType=p&serial=911101087861894810-SAIC_SHOW_1000009111010878618948101600759758300&signData=MEQCIBOfIClgLS82gBPNpbDSMQhpzy42b5sfm4qyBuPQk4TpAiDoaOjIBVY0sy0SMhlipCFi89IoHcQ++mrnvyaJqJXz9Q==' target="_blank" rel="nofollow">电子营业执照</a> <a href="http://www.shouhuola.com/article-52509.html" target="_blank">使用协议|免责声明</a> <a > </a> <span class="ilblk dblj"> <a href="http://www.shouhuola.com/article-52508.html" target="_blank">联系我们</a> | <a href="/tags/default.html" target="_blank">标签大全</a> | <a href="/note/list.html" target="_blank">站内公告</a> | <a href="/rule/index.html" target="_blank">财富规则</a><!-- | <a href="/gift/default.html" target="_blank">礼品商店</a> | <a href="/about/contact.html" target="_blank">联系我们</a>--> </span> </div> </div> </footer> </body> </html>
< style class=" list-paddingleft-2">
其他标签:、<div>、<link></span></p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">DOM对象,篡改页面内容 //文本对象模型,是一种标准,通过调用api调用html中的元素、标签。</p></li></ul><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><br></h3><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important"><span style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important;font-size: 20px">5.攻击参与方</span></strong></h3><ul style="padding: 0px 0px 0px 2.2em;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;text-align: justify;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important" class=" list-paddingleft-2"><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">攻击者</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">被攻击者</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">漏洞站点</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">第三方站点(攻击目标、攻击参与站),比如服务端下发js,众多客户端访问正常的网站,而变向去访问另一个网站,导致ddos</p></li></ul><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><br></h3><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important"><span style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important;font-size: 20px">6.漏洞形成的根源</span></strong></h3><ul style="padding: 0px 0px 0px 2.2em;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;text-align: justify;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important" class=" list-paddingleft-2"><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">服务器对用户提交数据过滤不严</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">提交给服务器的脚本被直接返回给其他客户端执行</p></li><li><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;text-align: left;box-sizing: border-box !important;overflow-wrap: break-word !important">脚本在客户端执行恶意操作</p></li></ul><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><br></h3><h3 style=";padding: 0px;font-weight: 400;font-size: 16px;max-width: 100%;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important"><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important"><span style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important;font-size: 20px">7.XSS漏洞类型</span></strong></h3><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important">反射型(非持久):正常情况下,黑客在请求服务器时发送js,服务器由于没有过滤,不执行此代码而是直接立刻返回给黑客的浏览器,此时只是在黑客电脑上执行,不会有什么问题,但如果黑客通过诱使(如邮件)被攻击者点击恶意链接访问,执行了包含的js,服务端原封不动的返回,并在浏览器上执行此js,而可能导致cookie的窃取,被安装键盘记录器等。</p><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important">存储型(持久型):JavaScript在服务器端保存,每个客户在请求服务器时,服务端保存的js会返回,并在浏览器中直接执行。<br><strong style=";padding: 0px;max-width: 100%;box-sizing: border-box !important;overflow-wrap: break-word !important">若向服务器提交的片段中,被服务器原封不动的返回,则很有可能存在XSS漏洞</strong></p><p style="margin-top: 0px;margin-bottom: 0px;padding: 0px;max-width: 100%;clear: both;min-height: 1em;color: rgb(51, 51, 51);font-family: -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;font-size: 17px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);box-sizing: border-box !important;overflow-wrap: break-word !important">DOM型:在本地执行,不去向浏览器去发送请求</p><p><br></p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92731"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92731); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92731"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92731);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div id="comment-92755" class="comment"> <div> <div class="author"> <a href="http://www.shouhuola.com/u-732.html" target="_self" class="avatar"> <img src="http://www.shouhuola.com/data/avatar/000/00/07/small_000000732.jpg"> </a> <div class="info"> <a href="http://www.shouhuola.com/u-732.html" target="_self" class="name"> 茄子酱 </a> <!----> <div class="meta"> <span>3楼 · 2021-01-05 10:12</span> </div> </div> </div> <div class="comment-wrap art-content"> <div class="answercontent"> <p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; font-family: -apple-system, ">跨站脚本攻击(Cross Site Scripting),简称XSS, 是指:由于网站程序对用户输入过滤不足,致使攻击者利用输入可以显示在页面上对其他用户造成影响的代码来盗取用户资料、利用用户身份进行某种动作或者对访问者进行病毒侵害的一种攻击方式。<br>直白点:恶意攻击者往Web页面里插入恶意Script代码,当用户浏览该页之时,嵌入其中Web里面的Script代码会被执行,从而达到恶意攻击用户的目的。</p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; font-family: -apple-system, ">不同于大多数攻击(一般只涉及攻击者和受害者),XSS涉及到三方,即攻击者、客户端与网站。XSS的攻击目标是为了盗取客户端的cookie或者其他网站用于识别客户端身份的敏感信息。获取到合法用户的信息后,攻击者甚至可以假冒最终用户与网站进行交互。</p><p><br></p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92755"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92755); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92755"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92755);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div id="comment-92770" class="comment"> <div> <div class="author"> <a href="http://www.shouhuola.com/u-997.html" target="_self" class="avatar"> <img src="http://www.shouhuola.com/data/avatar/000/00/09/small_000000997.jpg"> </a> <div class="info"> <a href="http://www.shouhuola.com/u-997.html" target="_self" class="name"> 浅浅77 </a> <!----> <div class="meta"> <span>4楼 · 2021-01-05 10:28</span> </div> </div> </div> <div class="comment-wrap art-content"> <div class="answercontent"> <h4>反射型xss攻击</h4><p> 又称为非持久性跨站点脚本攻击,它是最常见的类型的XSS。漏洞产生的原因是攻击者注入的数据反映在响应中。一个典型的非持久性XSS包含一个带XSS攻击向量的链接(即每次攻击需要用户的点击)。</p><p>简单例子</p><p>正常发送消息:</p><p>http://www.test.com/message.php?send=Hello,World!</p><p>接收者将会接收信息并显示Hello,Word</p><p>非正常发送消息:</p><p>http://www.test.com/message.php?send=[removed]alert(‘foolish!’)[removed]!</p><p>接收者接收消息显示的时候将会弹出警告窗口</p><h4>存贮型xss攻击</h4><p> 又称为持久型跨站点脚本,它一般发生在XSS攻击向量(一般指XSS攻击代码)存储在网站数据库,当一个页面被用户打开的时候执行。每当用户打开浏览器,脚本执行。持久的XSS相比非持久性XSS攻击危害性更大,因为每当用户打开页面,查看内容时脚本将自动执行。谷歌的orkut曾经就遭受到XSS。</p><p>简单例子:</p><p>从名字就可了解到存储型XSS攻击就是将攻击代码存入数据库中,然后客户端打开时就执行这些攻击代码。例如留言板</p><p>留言板表单中的表单域:<input type=“text” name=“content” value=“这里是用户填写的数据”></p><p>正常操作:</p><p>用户是提交相应留言信息;将数据存储到数据库;其他用户访问留言板,应用去数据并显示。</p><p>非正常操作:</p><p>攻击者在value填写[removed]alert(‘foolish!’)[removed]【或者html其他标签(破坏样式。。。)、一段攻击型代码】;</p><p>将数据存储到数据库中;</p><p>其他用户取出数据显示的时候,将会执行这些攻击性代码</p><h4>DOMBasedXSS(基于dom的跨站点脚本攻击)</h4><p> 基于DOM的XSS有时也称为type0XSS。当用户能够通过交互修改浏览器页面中的DOM(DocumentObjectModel)并显示在浏览器上时,就有可能产生这种漏洞,从效果上来说它也是反射型XSS。</p><p> 通过修改页面的DOM节点形成的XSS,称之为DOMBasedXSS。</p><p> 前提是易受攻击的网站有一个HTML页面采用不安全的方式从[removed] 或document.URL 或 document.referrer获取数据(或者任何其他攻击者可以修改的对象)。</p><p>简单例子</p><p> 1 <HTML> 2 <TITLE>Welcome!</TITLE> 3 Hi 4 [removed] 5 var pos=document.URL.indexOf("name=")+5; 6 [removed](document.URL.substring(pos,document.URL.length)); 7 [removed] 8 <BR> 9 Welcome to our system10 …11 </HTML></p><p>这个例子是个欢迎页面,name是截取URL中get过来的name参数</p><p>正常操作:</p><p>http://www.vulnerable.site/welcome.html?name=Joe</p><p>非正常操作:</p><p>http://www.vulnerable.site/welcome.html?name=[removed]alert([removed])[removed]</p><p> 将产生xss条件。让我们看看为什么:受害者的浏览器接收到这个链接,发送HTTP请求到www.vulnerable.site并且接受到上面的HTML页。受害者的浏览器开始解析这个HTML为DOM,DOM包含一个对象叫document,document里面有个URL属性,这个属性里填充着当前页面的URL。当解析器到达javascript代码,它会执行它并且修改你的HTML页面。倘若代码中引用了document.URL,那么,这部分字符串将会在解析时嵌入到HTML中,然后立即解析,同时,javascript代码会找到(alert(…))并且在同一个页面执行它,这就产生了xss的条件。</p><p>注意:</p><p> 1. 恶意程序脚本在任何时候不会嵌入到处于自然状态下的HTML页面(这和其他种类的xss不太一样)。</p><p> 2.这个攻击只有在浏览器没有修改URL字符时起作用。 当url不是直接在地址栏输入,Mozilla.会自动转换在document.URL中字符<和>(转化为< 和 >),因此在就不会受到上面示例那样的攻击了,在IE6下没有转换<和>,因此他很容易受到攻击。</p><p> 当然,直接嵌入到HTML只是攻击的一个挂载点,有很多脚本不需要依赖<和>漏洞,因此Mozilla通常也是无法阻止这些攻击的。</p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92770"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92770); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92770"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92770);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div id="comment-92833" class="comment"> <div> <div class="author"> <a href="http://www.shouhuola.com/u-236.html" target="_self" class="avatar"> <img src="http://www.shouhuola.com/data/avatar/000/00/02/small_000000236.jpg"> </a> <div class="info"> <a href="http://www.shouhuola.com/u-236.html" target="_self" class="name"> 小磊子 </a> <!----> <div class="meta"> <span>5楼 · 2021-01-05 11:00</span> </div> </div> </div> <div class="comment-wrap art-content"> <div class="answercontent"> <p></p><p><article><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">一、简介</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">什么是XSS?</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><a style='color:#2f2f2f;cursor:pointer;' href='http://www.baidu.com'>百度</a>百科的解释: XSS又叫CSS (Cross Site Script) ,跨站脚本攻击。它指的是恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意用户的特殊目的。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">它与SQL注入攻击类似,SQL注入攻击中以SQL语句作为用户输入,从而达到查询/修改/删除数据的目的,而在xss攻击中,通过插入恶意脚本,实现对用户游览器的控制,获取用户的一些信息。</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">二、分类</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">xss攻击可以分成两种类型:</span><br><br>1.非持久型攻击<br>2.持久型攻击<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">非持久型xss攻击:顾名思义,非持久型xss攻击是一次性的,仅对当次的页面访问产生影响。非持久型xss攻击要求用户访问一个被攻击者篡改后的链接,用户访问该链接时,被植入的攻击脚本被用户游览器执行,从而达到攻击目的。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">持久型xss攻击:<span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">持久型xss,</span>会把攻击者的数据存储在服务器端,攻击行为将伴随着攻击数据一直存在。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">也可以分成三类:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">反射型:经过后端,不经过数据库<br><br>存储型:经过后端,经过数据库<br><br>DOM:不经过后端,DOM—based XSS漏洞是基于文档对象模型Document Objeet Model,DOM)的一种漏洞,dom - xss是通过url传入参数去控制触发的。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">三、原理</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">1.反射型</span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">新建一个xss.php文件并加入以下代码:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"></span></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);">\\XSS反射演示<form action="" method="get"><input type="text" name="xss"/><input type="submit" value="test"/></form><?php$xss = @$_GET['xss'];if($xss!==null){ echo $xss;}</pre><p><br><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 18px;">这段代码中首先包含一个表单,用于向页面自己发送 GET 请求,带一个名为xss的参数。 然后 PHP 会读取该参数,如果不为空,则直接打印出来,这里不存在任何过滤。也就是说,如果xss中存在 HTML 结构性的内容,打印之后会直接解释为 HTML 元素。</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">部署好这个文件,访问http://localhost/xss.php,</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">直接输入一个js代码,比如[removed]alert('hack')[removed],</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227121447473" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">之后点击test:</span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227121516583" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">我们输入的HTML代码被执行了。用Firebug查看,我们输出的内容直接插入到了页面中,解释为[removed]标签。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227122040887" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">反射型 XSS 的数据流向是:浏览器 -> 后端 -> 浏览器。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">2.存储型</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">把xss.php内容改为(同时数据库中需要配置相应的表):<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);">\\存储XSS演示<form action="" method="post"><input type="text" name="xss"/><input type="submit" value="test"/></form><?php$xss=@$_POST['xss'];mysql_connect("localhost","root","123");mysql_select_db("xss");if($xss!==null){ $sql="insert into temp(id,payload) values('1','$xss')"; $result=mysql_query($sql); echo $result;}</pre><p><br><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">用户输入的内容还是没有过滤,但是不直接显示在页面中,而是插入到了数据库。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">新建show.php,内容为:<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"></span></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);">mysql_connect("localhost","root","root");mysql_select_db("xss");$sql="select payload from temp where id=1";$result=mysql_query($sql);while($row=mysql_fetch_array($result)){echo $row['payload'];}</pre><p><br><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 18px;">该代码从数据库读取了之前插入的内容,并将其显示出来。</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">先创建一个数据库xss,创建temp表</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227133124544" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">然后访问xss.php,像之前一样输入 HTML 代码</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227135717332" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击test,</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击之后却发现没有任何动静,但事实上,我们的数据已经插入到了数据库中。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227135826942" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">当我们访问show.php查询这个值的时候,代码就会被执行。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227135930117" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">存储型 XSS 的执行位置通常不同于输入位置。我们可以看出,存储行 XSS 的数据流向是:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">浏览器 -> 后端 -> 数据库 -> 后端 -> 浏览器。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">3.dom-xss</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">把xss.php内容改为</span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"></span></p><pre style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 24px; padding: 8px; position: relative; white-space: pre-wrap; overflow-wrap: break-word; overflow-x: auto; font-family: Consolas, Inconsolata, Courier, monospace; font-size: 14px; line-height: 22px; color: rgb(0, 0, 0);"><?phperror_reporting(0); //禁用错误报告$name = $_GET["name"];?><input id="text" type="text" value="<?php echo $name;?>" /><div id="print"></div>[removed]var text = document.getElementById("text");var print = document.getElementById("print");print[removed] = text.value; // 获取 text的值,并且输出在print内。这里是导致xss的主要原因。[removed]</pre><p><br><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227141714142" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">DOM-XSS 的数据流向是:</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">URL-->浏览器 </span><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">总结: 在易用上,存储型XSS > DOM - XSS > 反射型 XSS。</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">注:反射型xss和dom-xss都需要在url加入js代码才能够触发。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word; font-size: 24px;"><span style="box-sizing: border-box; outline: 0px; font-weight: 700; overflow-wrap: break-word;">四、利用</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">通过 XSS 来获得用户 Cookie 或其他有用信息,利用平台负责接收并保存这些信息。XSS利用平台有很多种如XSS Shell, BeEF, Anehta, CAL9000。这里使用xsser.me、搭建过程可参考这:http://blog.csdn.net/u011781521/article/details/53895363</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">进入搭建好的xsser.me平台首页输入用户名与密码进行登录</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163124497" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">成功之后会显示主界面,左边是模块列表,右边是项目列表: </span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163230593" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">我们点击左边“我的项目”旁边的“创建”按钮:</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227163420908" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">名称和描述可以随便取,不影响使用。输入时候点击“下一步”按钮。之后会出现“配置代码”界面:<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163600144" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163648051" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击下一步、就会看到这个项目的一些信息</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227163822811" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">点击完成。</span><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">然后我们会在首页看到我们的新项目,点击这个项目:</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227163924320" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">之后点击项目,进入一个页面再点击右上方的查看代码</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><img src="https://img-blog.csdn.net/20161227164047010" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">就可以看到使用方法:</span><br></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227164414468" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">下面就演示下怎么利用</span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">把[removed][removed]注入到反射型 XSS 的演示页面中。<br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227222339670" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">上面的src="xxxx"是我另外创建的一个项目的地址,把你创建好的那个项目,提供的那个地址放进去,就可以了,虽然这个页面没反应,但是<span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;">xsser.me那个项目就收到消息了。</span></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><br></span></p><p style="box-sizing: border-box; outline: 0px; margin-top: 0px; margin-bottom: 16px; padding: 0px; font-size: 18px; color: rgb(77, 77, 77); overflow: auto hidden; overflow-wrap: break-word; line-height: 26px !important;"><span style="box-sizing: border-box; outline: 0px; margin: 0px; padding: 0px; overflow-wrap: break-word;"><img src="https://img-blog.csdn.net/20161227222912537" alt="" style="box-sizing: border-box; outline: none; border: 0px; height: auto; overflow-wrap: break-word; cursor: zoom-in;"><br></span></p></article></p><p></p><p><br></p><p><br></p> <div class="appendcontent"> </div> </div> <!-- <div class="readmore"> 查看更多 </div> --> <div class="tool-group"> <!-- cdn节点 回答操作 --> <div class="cdn_question_answer92833"></div> <script type="text/javascript"> getquestioncaozuo(5,32472,92833); </script> </div> </div> </div> <div class="comments-mod " style="display: none; float: none; padding-top: 10px;" id="comment_92833"> <div class="areabox clearfix"> <div class="input-group"> <input type="text" placeholder="请输入评论内容,不少于5个字" AUTOCOMPLETE="off" class="comment-input form-control" name="content" /> <input type='hidden' value='0' name='replyauthor' /> <span class="input-group-btn"><input type="button" value="评论" class="btn btn-green" name="submit" onclick="addcomment(92833);" /> </span> </div> </div> <ul class="my-comments-list nav"> <li class="loading text-left"><img src='http://www.shouhuola.com/static/css/default/loading.gif' align='absmiddle' /> 加载中...</li> </ul> </div> </div> <div class="pages"></div> </div> </div> <div></div> </div> <!-- cdn 问答邀请 --> <div class="cdn_question_invate"></div> <script type="text/javascript"> getquestioncaozuo(7,32472); </script> <!-- 相关问题推荐 --> <div class="new_xgwt"> <h3>相关问题推荐</h3> <!-- 15条-20条左右 具体联系需求 --> <ul><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-13733.html" target="_blank">网络安全和软件测试那个相对简单好学一些?</a><i>2020-05-21 18:08</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>6</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">这个还是因人而异吧,看你自己对哪方面感兴趣,兴趣是最好的老师,感兴趣了才愿意钻研学习下去,简单说一下这两个学习知识方面的不同吧:软件测试岗位虽然对于从业者的知识基础要求不高,但是软件测试岗位所涉及到的知识面还是比较广的,所以软件测试人员也需...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-33489.html" target="_blank">【网络安全】sql注入漏洞的危害有哪些</a><i>2021-02-01 10:48</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>5</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">SQL注入漏洞的危害:1、数据库中存储的用户隐私信息泄漏;2、通过操作数据库对某些网页进行篡改;3、修改数据库一些字段的值,嵌入网马链接,进行挂马攻击;4、数据库服务器被恶意操作,系统管理员帐户被窜改;5、数据库服务器提供的操作系统支持,让黑客得以...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36967.html" target="_blank">从事网络安全工作有哪些证书是必须考的,哪些证书可以</a><i>2021-09-09 18:21</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>16</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">一、CISP(Certified Information Security Professional)证书中文叫注册信息安全专业人员,由中国信息安全产品测评认证中心实施的国家认证。可以说,这是目前国内对于个人来说认可度最高的信息安全人员资质,堪称最权威、最专业、最系统。根据实际岗位的不...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36553.html" target="_blank">网络安全中渗透是什么意思,有什么具体的作用吗?</a><i>2021-06-21 09:56</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>14</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">渗透测试(也称为pentest)是测试移动应用程序漏洞的过程。此测试的主要目的是确保外部人员的重要数据.通过模拟黑客的思维和攻击手段,对计算机业务系统的弱点、技术缺陷和漏洞进行探查评估。经过客户授权后,在不影响业务系统正常运行的条件下,渗透人员在黑...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-2753.html" target="_blank">网络安全主要是做什么事情的?</a><i>2020-04-01 13:53</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>1</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">网络安全是指网络系统的硬件、软件及其系统中的数据受到保护,不因偶然的或者恶意的原因而遭受到破坏、更改、泄露,系统连续可靠正常地运行,网络服务不中断。主要涉及到的有:1、物理措施:例如,保护网络关键设备(如交换机、大型计算机等),制定严格的网络...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36897.html" target="_blank">学习网络安全都学什么啊,计算机专业的可以不,薪资多</a><i>2021-08-20 11:16</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>33</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p"> 网络安全工程师学习内容: 1、计算机应用、计算机网络、通信、信息安全等相关专业本科学历,三年以上网络安全领域工作经验; 2、精通网络安全技术:包括端口、服务漏洞扫描、程序漏洞分析检测、权限管理、入侵和攻击分析追踪、网站渗透、病毒木马防...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36846.html" target="_blank">网络安全好学吗?现在大专学习好就业吗?</a><i>2021-08-16 16:01</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>26</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p"> 学历不是问题,技术才是硬道理!只要你的技术过硬的话,你完全可以进国家安全部门去工作的。比如公安局里的网监工作,大都是九零后的电脑方面的精英。未必都是本科生。还有从社会上特招进去的。所以说,现在是拿技术说话,不是靠学历吃饭的时代了。 网...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-30553.html" target="_blank">自学网络信息安全难不难?</a><i>2020-10-22 10:19</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>16</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">网络安全的知识是比较简单的,比较好入门,好多知识理论,大家都是可以听懂的,这是完全没有问题的。网络安全最终的则是实战的应用,怎么把这些理论知识运用到事件中,这些才是重中之重。所以在选择培训机构的时候,也需要尽量去找这些实践操作多的培训机构。...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36966.html" target="_blank">网络安全如何选择自己的工作方向?</a><i>2021-09-09 18:20</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>22</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p"> 能够胜任的岗位主要有:渗透测试工程师、大数据安全工程师、信息安全工程师、安全测试工程师、安全服务工程师、安全运维工程师、系统安全工程师、服务器安全工程师、云计算安全工程师、网络安全工程师、安全分析师、渗透讲师等; 按照web渗透、内网渗透...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36934.html" target="_blank">网络安全学习需要有计算机基础吗?就业怎么样?</a><i>2021-09-03 10:13</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>23</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">一些典型的网络安全问题,可以来梳理一下:IP安全:主要的攻击方式有被动攻击的网络窃听,主动攻击的IP欺骗(copy报文伪造、篡改)和路由攻击(中间人攻击);2. DNS安全:这个大家应该比较熟悉,修改DNS的映射表,误导用户的访问流量;3. DoS攻击:单一攻击...</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36932.html" target="_blank">网络运维和网络安全有什么区别?</a><i>2021-09-03 10:00</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>19</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">运维一般是设备或者环境的搭建和维护,网络安全可以看做是防火墙</p> </div> </li><li> <div class="new_xgwt_top clearfix"> <a href="http://www.shouhuola.com/q-36528.html" target="_blank">网络运维与网络安全有什么区别,主要从事的方向有什么</a><i>2021-06-18 09:23</i> </div> <div class="new_xgwt_bt clearfix"> <div class="new_xgwt_bt_ans">回答 <span>12</span></div> <div class="new_xgwt_bt_get"></div> <p class="new_xgwt_bt_p">先说说运维工程师和网络工程师的区别。运维工程师是泛指,网络工程师为特指,所以不能这么对比。你应该这么理解,网络工程师是一个人(也可以是理解成一个岗位),而运维则是他的工作内容。从工作内容上来说,运维可细分为桌面运维、网络运维、服务器运维三大...</p> </div> </li></ul> <div class="notSolve">没有解决我的问题,<a href="http://www.shouhuola.com/question/add.html">去提问</a></div> </div> </div> </div> </div> </div> <div class="col-md-7 aside "> <div class="standing"> <div class="positions bb" id="rankScroll"> <h3 class="title">等你来答</h3> <ul><li class="no-video"> <a href="http://www.shouhuola.com/q-13733.html" title="网络安全和软件测试那个相对简单好学一些?"> 网络安全和软件测试那个相对简单好学一些? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-13733.html" class="anum">6 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-33489.html" title="【网络安全】sql注入漏洞的危害有哪些"> 【网络安全】sql注入漏洞的危害有哪些 </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-33489.html" class="anum">5 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36967.html" title="从事网络安全工作有哪些证书是必须考的,哪些证书可以挂靠赚钱?"> 从事网络安全工作有哪些证书是必须考的,哪些证书可以挂靠赚钱? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36967.html" class="anum">16 个回答</a> </div> </li></ul> </div> </div> <div class="standing"> <div class="positions bb" id="rankScroll"> <h3 class="title">热门问答</h3> <ul><li class="no-video"> <a href="http://www.shouhuola.com/q-32791.html" title="xss分为哪三类"> xss分为哪三类 </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-32791.html" class="anum">4 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36528.html" title="网络运维与网络安全有什么区别,主要从事的方向有什么不同吗?"> 网络运维与网络安全有什么区别,主要从事的方向有什么不同吗? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36528.html" class="anum">12 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36932.html" title="网络运维和网络安全有什么区别?"> 网络运维和网络安全有什么区别? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36932.html" class="anum">19 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36431.html" title="网络安全需要学什么编程语言?那种是最常用的?"> 网络安全需要学什么编程语言?那种是最常用的? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36431.html" class="anum">7 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-30798.html" title="网络安全好学吗?听说这个工资很高 "> 网络安全好学吗?听说这个工资很高 </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-30798.html" class="anum">15 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36934.html" title="网络安全学习需要有计算机基础吗?就业怎么样?"> 网络安全学习需要有计算机基础吗?就业怎么样? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36934.html" class="anum">23 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-13579.html" title="网络安全的工资多少钱?好找工作嘛?"> 网络安全的工资多少钱?好找工作嘛? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-13579.html" class="anum">8 个回答</a> </div> </li><li class="no-video"> <a href="http://www.shouhuola.com/q-36223.html" title="如何获取手机的udid?"> 如何获取手机的udid? </a> <div class="num-ask"> <a href="http://www.shouhuola.com/q-36223.html" class="anum">9 个回答</a> </div> </li></ul> </div> </div><div class="standing"> <div class="positions bb" id="rankScroll"> <h3 class="title">相关文章</h3> <ul><li class="no-video"><a href="http://www.shouhuola.com/article-54255.html" title="第三方软件压力测试报告需要哪些资质?大概费用和周期是多少?"> 第三方软件压力测试报告需要哪些资质?大概费用和周期是多少?</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-54255.html" title="第三方软件压力测试报告需要哪些资质?大概费用和周期是多少?" class="anum"> 0个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-53316.html" title="网络——路由进阶与安全"> 网络——路由进阶与安全</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-53316.html" title="网络——路由进阶与安全" class="anum"> 0个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-52493.html" title="gpu香港显卡服务器有什么作用,可应用哪些场景呢"> gpu香港显卡服务器有什么作用,可应用哪些场景呢</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-52493.html" title="gpu香港显卡服务器有什么作用,可应用哪些场景呢" class="anum"> 0个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1633.html" title="早知道安装图纸加密软件,就不会损失300万。"> 早知道安装图纸加密软件,就不会损失300万。</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1633.html" title="早知道安装图纸加密软件,就不会损失300万。" class="anum"> 1个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1626.html" title="网络安全的层次包括哪些"> 网络安全的层次包括哪些</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1626.html" title="网络安全的层次包括哪些" class="anum"> 3个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1624.html" title="有关网络病毒的法律有哪些"> 有关网络病毒的法律有哪些</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1624.html" title="有关网络病毒的法律有哪些" class="anum"> 1个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-1621.html" title="你觉得医院的网络安全吗?"> 你觉得医院的网络安全吗?</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-1621.html" title="你觉得医院的网络安全吗?" class="anum"> 2个评论</a> </div></li> <li class="no-video"><a href="http://www.shouhuola.com/article-986.html" title="网络安全灵魂三问(下)"> 网络安全灵魂三问(下)</a> <div class="num-ask"> <a href="http://www.shouhuola.com/article-986.html" title="网络安全灵魂三问(下)" class="anum"> 0个评论</a> </div></li> </ul> </div> </div><!--广告位5--></div> </div> </div> <div class="modal fade" id="dialogadopt"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title">采纳回答</h4> </div> <div class="modal-body"> <form class="form-horizontal" name="editanswerForm" method="post"> <input type="hidden" value="32472" id="adopt_qid" name="qid" /> <input type="hidden" id="adopt_answer" value="0" name="aid" /> <table class="table "> <tr valign="top"> <td>向帮助了您的网友说句感谢的话吧!</td> </tr> <tr> <td> <div class="inputbox mt15"> <textarea class="form-control" id="adopt_txtcontent" name="content">非常感谢!</textarea> </div> </td> </tr> <tr> <td><button type="button" id="adoptbtn" class="btn btn-success">确 认</button></td> </tr> </table> </form> </div> </div> </div> </div> <script> if(typeof($(".work-show-box").find("img").attr("data-original"))!="undefined"){ var imgurl=$(".work-show-box").find("img").attr("data-original"); $(".work-show-box").find("img").attr("src",imgurl); } $(".work-show-box,.answercontent").find("img").attr("data-toggle","lightbox").attr("data-lightbox-group",Date.parse( new Date() ).toString()); $("#adoptbtn").click(function(){ var data={ content:$("#adopt_txtcontent").val(), qid:$("#adopt_qid").val(), aid:$("#adopt_answer").val() } $.ajax({ //提交数据的类型 POST GET type:"POST", //提交的网址 url:"http://www.shouhuola.com/question/ajaxadopt.html", //提交的数据 data:data, //返回数据的格式 datatype: "json",//"xml", "html", "script", "json", "jsonp", "text". //在请求之前调用的函数 beforeSend:function(){}, //成功返回之后调用的函数 success:function(data){ var data=eval("("+data+")"); if(data.message=='ok'){ new $.zui.Messager('采纳成功!', { type: 'success', close: true, placement: 'center' // 定义显示位置 }).show(); setTimeout(function(){ window.location.reload(); },1500); }else{ new $.zui.Messager(data.message, { close: true, placement: 'center' // 定义显示位置 }).show(); } } , //调用执行后调用的函数 complete: function(XMLHttpRequest, textStatus){ }, //调用出错执行的函数 error: function(){ //请求出错处理 } }); }) </script> </div> <!-- 编辑标签 --> <div class="modal fade" id="dialog_tag"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title">编辑标签</h4> </div> <div class="modal-body"> <form onsubmit=" return checktagsubmit()" class="form-horizontal" name="edittagForm" action="http://www.shouhuola.com/question/edittag.html" method="post"> <input type="hidden" value="32472" name="qid" /> <p>最多设置5个标签!</p> <div class="inputbox mar-t-1"> <div class=" dongtai "> <div class="tags"></div> <input type="text" autocomplete="off" data-toggle="tooltip" data-placement="bottom" title="" placeholder="检索标签,最多添加5个,添加标签更容易被回答" data-original-title="检索标签,最多添加5个" name="topic_tagset" value="" class="txt_taginput"> <i class="fa fa-search"></i> <div class="tagsearch"></div> </div> <input type="hidden" class="form-control" id="qtags" name="qtags" value="" /> </div> <div class="mar-t-1"> <button type="submit" class="btn btn-success">保存</button> <button type="button" class="btn btn-default" data-dismiss="modal">关闭</button> </div> </form> </div> </div> </div> </div><!-- 举报 --> <div class="modal fade panel-report" id="dialog_inform"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title">举报内容</h4> </div> <div class="modal-body"> <form id="rp_form" class="rp_form" action="http://www.shouhuola.com/inform/add.html" method="post"> <input value="" type="hidden" name="qid" id="myqid"> <input value="" type="hidden" name="aid" id="myaid"> <input value="" type="hidden" name="qtitle" id="myqtitle"> <div class="js-group-type group group-2"> <h4>检举类型</h4> <ul> <li class="js-report-con"><label><input type="radio" name="group-type" value="1"><span>检举内容</span></label></li> <li class="js-report-user"><label><input type="radio" name="group-type" value="2"><span>检举用户</span></label></li> </ul> </div> <div class="group group-2"> <h4>检举原因</h4> <div class="list"> <ul> <li><label class="reason-btn"><input type="radio" name="type" value="4"><span>广告推广</span></label></li> <li><label class="reason-btn"><input type="radio" name="type" value="5"><span>恶意灌水</span></label></li> <li><label class="reason-btn"><input type="radio" name="type" value="6"><span>回答内容与提问无关</span> </label></li> <li><label class="copy-ans-btn"><input type="radio" name="type" value="7"><span>抄袭答案</span></label></li> <li><label class="reason-btn"><input type="radio" name="type" value="8"><span>其他</span></label></li> </ul> </div> </div> <div class="group group-3"> <h4>检举说明(必填)</h4> <div class="textarea"> <ul class="anslist" style="display: none; line-height: 20px; overflow: auto; height: 171px;"> </ul> <textarea name="content" maxlength="200" placeholder="请输入描述200个字以内"> </textarea> </div> </div> <div class="mar-t-1"> <button type="submit" id="btninform" class="btn btn-success">提交</button> <button type="button" class="btn btn-default mar-ly-1" data-dismiss="modal">关闭</button> </div> </form> </div> </div> </div> </div> <!-- 微信分享 --> <div class="modal share-wechat animated" style="display: none;"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" data-dismiss="modal" class="close">×</button> </div> <div class="modal-body"> <h5>打开微信“扫一扫”,打开网页后点击屏幕右上角分享按钮</h5> <div data-url="http://www.shouhuola.com/q-32472.html" class="qrcode" title="http://www.shouhuola.com/q-32472.html"> <canvas width="170" height="170" style="display: none;"></canvas> <div id="qr_wxcode"></div> </div> </div> <div class="modal-footer"></div> </div> </div> </div> <!-- 设置付费金额 --> <div class="modal pay-money animated" style="display: none;"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" data-dismiss="modal" class="close">×</button> </div> <div class="modal-body"> <h5>付费偷看金额在0.1-10元之间</h5> <div class="mar-t-1"> <input type="number" value="0" id="chakanjine" class="form-control" /> </div> <button id="comfirm_pay" class="btn btn-success mar-t-1">确定</button> </div> <div class="modal-footer"></div> </div> </div> </div> <!-- 邀请回答 --> <div class="modal fade" id="dialog_invate"> <div class="modal-dialog" style="width: 700px; top: 10px;"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"> <span aria-hidden="true">×</span><span class="sr-only">关闭</span> </button> <h4 class="modal-title"></h4> <div class="m_invateinfo"> <span class="m_i_text""> 您已邀请<span class="m_i_persionnum">15</span>人回答 </span> <span data-toggle="popover" data-tip-class="popover-info" data-html="ture" data-placement="bottom" data-content="" title="我的邀请列表" class="m_i_view">查看邀请</span> <div class="m_i_warrper"> <input data-qid="32472" type="text" id="m_i_searchusertxt" class="m_i_search" placeholder="搜索你想邀请的人"> <i class="fa fa-search"></i> </div> </div> </div> <div class="modal-body"> <!-- 邀请回答 --> <ul class="trigger-menu m_invate_tab" data-pjax-container="#list-container"> <li class="active" data-qid="32472" data-item="1"><a href="javascript:">擅长该话题的人</a></li> <li class="" data-qid="32472" data-item="2"><a href="javascript:"> 回答过该话题的人</a></li> <li class="" data-qid="32472" data-item="3"><a href="javascript:">我关注的人</a></li> </ul> <!-- 邀请回答列表 --> <div class="m_invatelist"></div> </div> </div> </div> </div> <script> getquestioncaozuo(1,32472); getquestioncaozuo(2,32472); getquestioncaozuo(3,32472); getquestioncaozuo(4,32472); getquestioncaozuo(8,32472); $(".btnshowall").click(function(){ $(".shortquestioncontent").toggle(); $(".hidequestioncontent").toggle(); }); $("#normal-comment-list .answercontent").each(function(){ if($(this).height()>150){ $(this).parent().find(".readmore").show(); }else{ $(this).parent().find(".readmore").hide(); } }); // $(".readmore").click(function(){ // if($.trim($(this).html())=="查看更多"){ // $(this).parent().find(".answercontent").css("max-height","100000px").css("overflow","visible"); // $(this).html("收起"); // }else{ // $(this).parent().find(".answercontent").css("max-height","200px").css("overflow","hidden"); // $(this).html("查看更多"); // } // }); var needcode=0; var g_id = 6; var qid = 32472; function listertext(){ var _content=$("#anscontent").val(); if(_content.length>0&&g_id!=1){ $(".code_hint").show(); }else{ $(".code_hint").hide(); } } var mobile_localyuyin=1; // var userAgent = window.navigator.userAgent.toLowerCase(); // $.browser.msie8 = $.browser.msie && /msie 8\.0/i.test(userAgent); // if($.browser.msie8==true){ // var mobile_localyuyin=0; // } var targetplay=null; function checktagsubmit(){ if(gettagsnum()<=0){ alert("请设置标签"); return false; } if(gettagsnum()>5){ alert("最多添加5个标签"); return false; } var _tagstr=gettaglist(); $("#qtags").val(_tagstr); } $(".txt_taginput").on(" input propertychange",function(){ var _txtval=$(this).val(); if(_txtval.length>1){ //检索标签信息 var _data={tagname:_txtval}; var _url="http://www.shouhuola.com/tags/ajaxsearch.html"; function success(result){ console.log(result) if(result.code==200){ console.log(_txtval) $(".tagsearch").html(""); for(var i=0;i<result.taglist.length;i++){ var _msg=result.taglist[i].tagname $(".tagsearch").append('<div class="tagitem" tagid="'+result.taglist[i].id+'">'+_msg+'</div>'); } $(".tagsearch").show(); $(".tagsearch .tagitem").click(function(){ var _tagname=$.trim($(this).html()); var _tagid=$.trim($(this).attr("tagid")); if(gettagsnum()>=5){ alert("标签最多添加5个"); return false; } if(checktag(_tagname)){ alert("标签已存在"); return false; } $(".dongtai .tags").append('<div class="tag"><span tagid="'+_tagid+'">'+_tagname+"</span><i class='fa fa-close'></i></div>"); $(".dongtai .tags .tag .fa-close").click(function(){ $(this).parent().remove(); }); $(".tagsearch").html(""); $(".tagsearch").hide(); $(".txt_taginput").val(""); }); } } ajaxpost(_url,_data,success); }else{ $(".tagsearch").html(""); $(".tagsearch").hide(); } }) function checktag(_tagname){ var tagrepeat=false; $(".dongtai .tags .tag span").each(function(index,item){ var _tagnametmp=$.trim($(this).html()); if(_tagnametmp==_tagname){ tagrepeat=true; } }) return tagrepeat; } function gettaglist(){ var taglist=''; $(".dongtai .tags .tag span").each(function(index,item){ var _tagnametmp=$.trim($(this).attr("tagid")); taglist=taglist+_tagnametmp+","; }) taglist=taglist.substring(0,taglist.length-1); return taglist; } function gettagsnum(){ return $(".dongtai .tags .tag").length; } $(".tagsearch .tagitem").click(function(){ var _tagname=$.trim($(this).html()); if(gettagsnum()>=5){ alert("标签最多添加5个"); return false; } if(checktag(_tagname)){ alert("标签已存在"); return false; } $(".dongtai .tags").append('<div class="tag"><span>'+_tagname+"</span><i class='fa fa-close'></i></div>"); $(".dongtai .tags .tag .fa-close").click(function(){ $(this).parent().remove(); }); $(".tagsearch").html(""); $(".tagsearch").hide(); $(".txt_taginput").val(""); }); $(".dongtai .tags .tag .fa-close").click(function(){ $(this).parent().remove(); }); $(".yuyinplay").click(function(){ targetplay=$(this); var _serverid=targetplay.attr("id"); if(_serverid == '') { alert('语音文件丢失'); return; } $(".wtip").html("免费偷听"); targetplay.find(".wtip").html("播放中.."); if(mobile_localyuyin==1){ $(".htmlview").removeClass("hide"); $(".ieview").addClass("hide"); var myAudio =targetplay.find("#voiceaudio")[0]; // myAudio.pause(); //myAudio.play(); if(myAudio.paused){ targetplay.find(".wtip").html("播放中.."); myAudio.play(); }else{ targetplay.find(".wtip").html("暂停.."); myAudio.pause(); } function endfun(){ targetplay.find(".wtip").html("播放结束");alert("播放结束!")} var is_playFinish = setInterval(function(){ if( myAudio.ended){ endfun(); window.clearInterval(is_playFinish); } }, 10); }else{ $(".ieview").removeClass("hide"); $(".htmlview").addClass("hide"); } }) function deleteanswer(current_aid){ if(confirm("是否删除此回答?")){ window.location.href=g_site_url + "index.php" + query + "question/deleteanswer/"+current_aid+"/32472"; } } function adoptanswer(aid) { $("#adopt_answer").val(aid); $('#dialogadopt').modal('show'); } //编辑标签 function edittag() { $('#dialog_tag').modal('show'); } if(typeof($(".show-content").find("img").attr("data-original"))!="undefined"){ var imgurl=$(".show-content").find("img").attr("data-original"); $(".show-content").find("img").attr("src",imgurl); } $(".show-content,.answercontent").find("img").attr("data-toggle","lightbox").attr("data-lightbox-group",Date.parse( new Date() ).toString()); var category1 = [["15","Web前端"],["16","Java"],["17","Python"],["18","UI/UE设计"],["19","云计算"],["20","软件测试"],["21","大数据"],["23","网络安全"],["26","认证考试"],["28","职业发展"],["14","营销运营"],["22","游戏开发"],["24","三维室内设计"],["27","办公效率"],["29","兴趣生活"]]; var category2 = [["14","30","SEO优化"],["15","40","HTML/CSS"],["16","53","基础入门"],["17","58","Python核心编程"],["18","62","视觉设计基础"],["19","66","网络基础"],["20","71","功能测试"],["21","75","Java主流框架"],["22","79","C#语言基础"],["23","83","网络安全基础"],["24","88","模型与效果图"],["26","92","软考"],["27","101","Word"],["28","108","简历指导"],["29","113","前沿技术"],["28","115","职场困惑"],["27","117","工具资源"],["14","31","SEM推广"],["15","41","HTML5"],["16","54","算法分析"],["17","59","网络爬虫"],["18","63","品牌视觉设计"],["19","67","linux基础"],["20","72","自动化测试"],["21","76","Hadoop"],["22","80","Unity引擎"],["23","84","Web安全漏洞"],["24","89","Q版模型"],["26","93","PMP"],["27","102","Excel"],["28","109","面试礼仪"],["29","114","生活常识"],["28","116","行业前景"],["14","32","信息流"],["15","42","CSS3"],["16","55","微服务框架"],["17","60","人工智能"],["18","64","电商设计"],["19","68","linux运维自动化"],["20","73","接口测试"],["21","77","Spark"],["22","81","游戏策划"],["23","85","WAF安全测试"],["24","90","次世代模型"],["26","94","华为认证"],["27","103","PPT"],["28","110","面试问题"],["14","33","模板建站"],["15","43","JavaScript"],["16","56","数据库"],["17","61","全栈开发"],["18","65","UI交互设计"],["19","69","数据库运维管理"],["20","74","性能测试"],["21","78","机器学习"],["22","82","VR/AR"],["23","86","自动化安全检测"],["24","91","引擎地编"],["26","95","思科认证"],["27","104","WPS"],["14","34","新媒体运营"],["15","44","Vue.js"],["16","57","链接池"],["19","70","云架构管理"],["23","87","渗透测试"],["26","96","红帽认证"],["27","105","project"],["14","35","淘宝天猫"],["15","45","React.JS"],["26","97","微软认证"],["27","106","思维导图"],["14","36","京东运营"],["15","46","Angular"],["26","98","H3C认证"],["27","107","电脑基础"],["14","37","拼多多运营"],["15","47","Node.js"],["26","99","百度认证"],["14","38","短视频直播"],["15","48","jQuery"],["26","100","计算机等级考试"],["15","49","Bootstrap"],["15","50","Sass/Less"],["15","51","WebApp"],["15","52","小程序"]]; var category3 = []; var selectedcid = "23,0,0"; //修改分类 function change_category() { var category1 = $("#category1 option:selected").val(); var category2 = $("#category2 option:selected").val(); var category3 = $("#category3 option:selected").val(); if (category1 > 0) { $("#categoryid").val(category1); } if (category2 > 0) { $("#categoryid").val(category2); } if (category3 > 0) { $("#categoryid").val(category3); } $("#catedialog").model("hide"); $("form[name='editcategoryForm']").submit(); } //投诉 function openinform(qid ,qtitle,aid) { $("#myqid").val(qid); $("#myqtitle").val(qtitle); $("#myaid").val(aid); $('#dialog_inform').modal('show'); } $(".showcommentid").each(function(){ var dataid=$(this).attr("data-id"); show_comment(dataid); }); function show_comment(answerid) { if ($("#comment_" + answerid).css("display") === "none") { load_comment(answerid); $("#comment_" + answerid).slideDown(); } else { $("#comment_" + answerid).slideUp(); } } //添加评论 function addcomment(answerid) { var content = $("#comment_" + answerid + " input[name='content']").val(); var replyauthor = $("#comment_" + answerid + " input[name='replyauthor']").val(); console.log(g_uid); if (g_uid == 0){ login(); return false; } if (bytes($.trim(content)) < 5){ alert("评论内容不能少于5字"); return false; } $.ajax({ type: "POST", url: "http://www.shouhuola.com/answer/addcomment.html", data: "content=" + content + "&answerid=" + answerid+"&replyauthor="+replyauthor, success: function(status) { if (status == '1') { $("#comment_" + answerid + " input[name='content']").val(""); load_comment(answerid); }else{ if(status == '-2'){ alert("问题已经关闭,无法评论"); } } } }); } //删除评论 function deletecomment(commentid, answerid) { if (!confirm("确认删除该评论?")) { return false; } $.ajax({ type: "POST", url: "http://www.shouhuola.com/answer/deletecomment.html", data: "commentid=" + commentid + "&answerid=" + answerid, success: function(status) { if (status == '1') { load_comment(answerid); }else{ alert(status); } } }); } //加载评论 function load_comment(answerid){ $.ajax({ type: "GET", cache:false, url: "http://www.shouhuola.com/index.php?answer/ajaxviewcomment/" + answerid, success: function(comments) { $("#comment_" + answerid + " .my-comments-list").html(comments); } }); } function replycomment(commentauthorid,answerid){ var comment_author = $("#comment_author_"+commentauthorid).attr("title"); $("#comment_"+answerid+" .comment-input").focus(); $("#comment_"+answerid+" .comment-input").val("回复 "+comment_author+" :"); $("#comment_" + answerid + " input[name='replyauthor']").val(commentauthorid); } $(function(){ initcategory(category1); fillcategory(category2, $("#category1 option:selected").val(), "category2"); fillcategory(category3, $("#category2 option:selected").val(), "category3"); var qrurl="http://www.shouhuola.com/q-32472.html"; //微信二维码生成 $('#qr_wxcode').qrcode(qrurl); //显示微信二维码 $(".share-weixin").click(function(){ $(".share-wechat").show(); }); //关闭微信二维码 $(".close").click(function(){ $(".share-wechat").hide(); $(".pay-money").hide(); }); }) </script> <link rel="stylesheet" type="text/css" href="http://www.shouhuola.com/static/js/neweditor/code/styles/tomorrow-night-eighties.css"> <script src="http://www.shouhuola.com/static/js/neweditor/code/highlight.pack.js" type="text/javascript"></script> <script>hljs.initHighlightingOnLoad();</script> <script src="http://www.shouhuola.com/static/js/jquery.lazyload.min.js" type="text/javascript"></script> <script> $("img.lazy").lazyload({effect: "fadeIn" }); </script> <div class="side-tool" id="to_top"><ul><li data-placement="left" data-toggle="tooltip" data-container="body" data-original-title="回到顶部" > <a href="#" class="function-button"><i class="fa fa-angle-up"></i></a> </li> </ul></div> <script> window.onload = function(){ $(".edui-upload-video").attr("preload",""); var oTop = document.getElementById("to_top"); var screenw = document.documentElement.clientWidth || document.body.clientWidth; var screenh = document.documentElement.clientHeight || document.body.clientHeight; window.onscroll = function(){ var scrolltop = document.documentElement.scrollTop || document.body.scrollTop; if(scrolltop<=screenh){ oTop.style.display="none"; }else{ oTop.style.display="block"; } if(scrolltop>30){ $(".scrollshow").show(); }else{ $(".scrollshow").hide(); } } oTop.onclick = function(){ document.documentElement.scrollTop = document.body.scrollTop =0; } } </script> <footer id="footer"> <div class="copyrigth-wrap small"> <div class="content copyrigth"> <i style=" display: block;width: 685px; background: #d2d2d2; color: #fff; padding: 5px; margin: 0 0 10px 0;" >收获啦作为免费、公开信息平台,用户进行的所有活动由其自身承担法律责任。如您发现不良信息、侵权内容,请立即联系我们。</i> Copyright © 2020 收获啦! <a href="http://beian.miit.gov.cn" target="_blank">京ICP备10005032号-11</a> <a target="_blank" href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010802031459">京公网安备11010802031459号</a> <a href='https://zzlz.gsxt.gov.cn/businessCheck/verifKey.do?showType=p&serial=911101087861894810-SAIC_SHOW_1000009111010878618948101600759758300&signData=MEQCIBOfIClgLS82gBPNpbDSMQhpzy42b5sfm4qyBuPQk4TpAiDoaOjIBVY0sy0SMhlipCFi89IoHcQ++mrnvyaJqJXz9Q==' target="_blank" rel="nofollow">电子营业执照</a> <a href="http://www.shouhuola.com/article-52509.html" target="_blank">使用协议|免责声明</a> <a > </a> <span class="ilblk dblj"> <a href="http://www.shouhuola.com/article-52508.html" target="_blank">联系我们</a> | <a href="/tags/default.html" target="_blank">标签大全</a> | <a href="/note/list.html" target="_blank">站内公告</a> | <a href="/rule/index.html" target="_blank">财富规则</a><!-- | <a href="/gift/default.html" target="_blank">礼品商店</a> | <a href="/about/contact.html" target="_blank">联系我们</a>--> </span> </div> </div> </footer> </body> </html>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','/static/images/logo.png', '推荐 简遇而安 的问题《【web安全】xss跨站脚本攻击有哪些》','http://www.shouhuola.com/q-32472.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
攻击WEB客户端
客户端脚本语言
XSS(cross-site scripting)
使用场景
攻击参与方
漏洞形成的根源
XSS漏洞类型
反射型XSS实验![]()
网页中链接图片/>/>/>/>>< style>
8.1 初试XSS
8.2 基于html事件类型
8.2.1 基于标签超链接
8.2.2 基于
1.攻击WEB客户端
VBScript针对微软的浏览器、ActiveX 、Flash、Javascript客户端执行工具/语言。
2.客户端脚本语言
弹窗告警、广告 //比如输入格式不合格
Javascript
在浏览器中执行
3.XSS(cross-site scripting)
通过WEB站点漏洞,向客户端交付恶意脚本基本代码,实现对客户端的攻击目的
注入客户端脚本代码
盗取cookie
重定向 //本来访问正常站点,但却访问了另一个被黑客伪造的站点,输入了账号、密码
其他客户端脚本:VBScript(仅限于微软自己的浏览器)、ActiveX
4.使用场景
直接嵌入html:
[removed]alert('XSS')[removed]元素标签事件,页面被加载时执行javascript
图片标签。//插入一张图片,默认为图片路径,但也可以是js
其他标签: