码迷,mamicode.com
首页 > 编程语言 > 详细

Python Ethical Hacking - VULNERABILITY SCANNER(5)

时间:2019-10-20 17:44:06      阅读:97      评论:0      收藏:0      [点我收藏+]

标签:one   main   exe   图片   hack   java   its   parameter   orm   

EXPLOITATION - XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

  • Allow an attacker to inject javascript code into the page.
  • The code is executed when the page loads.
  • The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS.

2. Reflected XSS.

3.DOM-based XSS

 

DISCOVERING XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    •   http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL
    •   http://target.com/page.php?something=<script>altert("XSS")</script>

技术图片

 

 

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

技术图片

 

Python Ethical Hacking - VULNERABILITY SCANNER(5)

标签:one   main   exe   图片   hack   java   its   parameter   orm   

原文地址:https://www.cnblogs.com/keepmoving1113/p/11708049.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!