Dab tsi yog qhov txuas txuas mus rau qhov chaw scripting?
Dab tsi yog qhov txuas txuas mus rau qhov chaw scripting?

Video: Dab tsi yog qhov txuas txuas mus rau qhov chaw scripting?

Video: Dab tsi yog qhov txuas txuas mus rau qhov chaw scripting?
Video: Qhia saib yus tus hlub lub xov tooj seb nws kov txog dab tsi thaum yus nyob deb 2024, Hlis ntuj nqeg
Anonim

Cov tsis tu ncua (los yog khaws cia) XSS vulnerability yog ib tug ntau ntsoog variant ntawm a ntoo khaub lig - site scripting flaw: nws tshwm sim thaum cov ntaub ntawv muab los ntawm tus neeg tawm tsam tau txais kev cawmdim los ntawm tus neeg rau zaub mov, thiab tom qab ntawd tso tawm mus tas li ntawm nplooj ntawv "ib txwm" rov qab mus rau lwm tus neeg siv nyob rau hauv chav kawm ntawm kev tshawb nrhiav tsis tu ncua, tsis muaj HTML escaping.

Ib yam li ntawd, tib neeg nug, Cross Site Scripting piv txwv yog dab tsi?

Txheej txheem cej luam. Hla - Site Scripting ( XSS ) kev tawm tsam yog ib hom kev txhaj tshuaj, uas cov ntawv tsis zoo raug txhaj rau hauv lwm yam benign thiab ntseeg tau. cov vev xaib . XSS Kev tawm tsam tshwm sim thaum tus neeg tawm tsam siv lub vev xaib thov xa cov lej tsis zoo, feem ntau nyob rau hauv daim ntawv ntawm tus browser sab sau ntawv, mus rau lwm tus neeg siv kawg.

Ib yam li ntawd, cross site scripting yog dab tsi thiab yuav tiv thaiv li cas? Thawj txoj kev koj ua tau thiab yuav tsum siv tiv thaiv XSS vulnerabilities los ntawm tshwm nyob rau hauv koj daim ntawv thov yog los ntawm escaping neeg siv tswv yim. Los ntawm kev khiav tawm cov neeg siv tswv yim, cov cim tseem ceeb hauv cov ntaub ntawv tau txais los ntawm lub vev xaib paj yuav ua tiv thaiv los ntawm kev txhais nyob rau hauv txhua txoj kev phem.

Tsis tas li nug, qhov txawv ntawm qhov tsis tu ncua thiab tsis tas li ntawm qhov chaw scripting tawm tsam?

Tsis yog - persistent XSS - lub ntsiab txawv yog tias daim ntawv thov lub vev xaib tsis khaws cov tswv yim tsis zoo hauv database. Ib rooj plaub tshwj xeeb ntawm tsis yog - persistent XSS yog hu ua - hom kev tawm tsam no ua tiav yam tsis tau xa ib qho DOM-raws li XSS thov rau lub web server. Tus attacker txhaj JavaScript code ncaj qha.

Cross site scripting ua haujlwm li cas?

Hla - site scripting ua haujlwm los ntawm kev tswj hwm lub vev xaib yooj yim qhov chaw kom nws rov ua phem JavaScript rau cov neeg siv. Thaum lub siab phem code executes nyob rau hauv ib tug neeg raug tsim txom browser, tus attacker muaj peev xwm tag nrho cov cuam tshuam lawv kev sib raug zoo nrog rau daim ntawv thov.

Pom zoo: