httponly: If you give someone cookie Set up httpOnly attribute , They can't get through JS Script Read the cookie Information about , But Application Manual modification in cookie, So it can only prevent XSS attack , It's not absolutely safe

Although set httponly After that, I can't get cookie, But it still exists xss Cross site statement , It's just the acquisition that's blocked cookie

 You can take the account number and password directly ,cookie Sign in .
The browser did not save the read password : need xss Generated from the login address , Hijacking with forms
The browser saves the account face : Produced in the background XSS, For example, storage type XSS

By hand xss Cross site loopholes :

The first level :

The second level :

 escaped , View the source code .

 There is htmlsecialchars() function :

 Converting symbols into physical labels ,xss Frequent filtering 

The second level :

 Close the front double quotes ,"><script>alert(1)</script>

The third level :

 Or right <> It's escaped , Use the form's mouse click Properties .
'onclick='alert(1)

The fourth level :

The fifth level :

 In keywords onclick Filter ,on_click
With the help of a herf attribute , Create your own javascript Code
"><a href="javascript:alert(1)">

The sixth level :

 Continue with the code for level five , Find out herf Filtered , View the source code .

 Keywords are filtered , Use uppercase instead of 
"><a hRef="javaScript:alert(1)">

The seventh level :

 and upload-labs equally , There's no loop filtering in the code , So you can double write around 

The eighth level :

 Case write , Neither writing nor writing , Replace with unicode code 

The Ninth level :

 This level is almost difficult to complete without looking at the code , The code detects the presence of http://



The tenth level :

&t_sort="type="="type="text"onclick="alert(1)"

 View the source code , The discovery attribute is hidden, It's hidden .

The eleventh level :

 http referer head , Source of detection .
The browser detects this JS Whether the code comes from
CSRF Cross site request script , Source of detection . The administrator is in the login state , The login triggers a string of passwords for adding administrator accounts , An administrator is added . Source of detection , That's the same origin strategy of the browser , See if it's from the same domain , Not the same domain name is not accepted
token Verification will solve this problem This level is referer Head input &t_sort="type="="type="text"onclick="alert(1)"

Pass 12 :

 testing user-agent aizhan There are also cross sites in the Internet
The following levels are also various hidden attributes , It's basically similar , No more records .

twenty-seven :XSS Cross site code and httponly More related articles around

  1. XSS Cross site test code

    '><script>alert(document.cookie)</script>='><script>alert(document.cookie)&l ...

  2. XSS Cross site test code

    '><script>alert(document.cookie)</script>='><script>alert(document.cookie)&l ...

  3. XSS Cross station and utilization

    ( One ) Software testing environment and build Test environment : Local XAMPP 1.7.1 Testing software :PHP168 site v5.0 Software download address http://down2.php168.com/v2008.rar PHP.ini ...

  4. XSS Cross Station attack

    Catalog 1 XSS Introduction to cross site attack 1 1.1 What is? XSS 1 1.2 XSS The classification of 1 1.3 XSS Hazards of 1 2 XSS The attack principle of 1 2.1 Local vulnerability attack 1 2.2 Storage vulnerability attack 2 2.3 ...

  5. Cloud lock Linux Server security software installation and protection webshell、CC、XSS Cross site attack setup

    No matter how we use computers , Or use VPS/ Server time , The biggest concern is whether the server has security problems , Especially when the website server is attacked again, how to get protection . For big For some webmaster users , We might just use the basic environment , If there's a problem ...

  6. XSS Cross Station footstep attack and Prevention

    XSS(Cross Site Script) Cross-site scripting attacks . It refers to a malicious attacker Web Insert... In the page   It means html Code , When users browse the page , Embedded in Web Inside html Code will be executed , So as to achieve the goal of infringing users ...

  7. DVWA Of Xss Cross Station summary

    Xss Cross Station summary Primary protection code Poc:<script>alert(1)</script> The code for the above protection The result of input is the result of output Intermediate protection code Poc:<scri ...

  8. use shell Script batch xss Cross site attack request

    Because of the execution of xss There are too many requests for attack , It is preliminarily estimated that 83 Time , And it has to be done 3 piece , If you do it manually one by one , Say it , Do I deserve to be called master automation : For this reason , Bian plans to write a script for batch execution : And writing short scripts , Not she ...

  9. Repair XSS Cross site loopholes

    XSS The final cause of cross site vulnerability is that there is no strict filtering of input and output . 1. Input and output stay HTML in ,<,>,",',& They all have special significance .HTML label , Attributes are made up of these matches .P ...

  10. useable XSS Cross site statement

    Our common tests XSS Cross site statements are generally alert such as : <script>alert(“sex”)</script> <script>alert(/sex/)</ ...

Random recommendation

  1. Linux Installation of common commands VMware10 Install in CentOS 6.4

    I used Linux The system is now the mainstream enterprise class linu System RedHat Follow CentOS, Here is a brief introduction CentOS 6.4 Installation RedHat and CentOS Not much difference ,CentOS It's based on RedHat  ...

  2. HttpUrlConnection visit Servlet Data transfer

    Build a URL url = new URL("location"); establish httpurlconnection :HttpUrlConnection httpConn = (Htt ...

  3. When using master pages JavaScript The client gets the server control Id

    When using MasterPage.UserControl Wait for the container , To avoid duplicate naming of controls ,asp.net The control in the container will be automatically generated into a ClientID(Control Tree Can be generated in , Otherwise, it will not generate ). J ...

  4. 【BZOJ 1067】 [SCOI2007] rainfall

    Description We often say things like this :“X Year is from Y It's the one with the most rainfall since ”. It means X The annual rainfall does not exceed Y year , And for any Y<Z<X,Z The annual rainfall is strictly less than X year . for example 2002,2003,2 ...

  5. ios Memory details

    IOS as well as Mac os It's all based on Unix/linux Transformed , And in memory management, it also uses Unix/Linux Memory management mechanism . The following is mainly about IOS System , There are many bar friends who like to make trouble. They must have cleaned up the memory of the machine , ...

  6. jquery Extension method case

    ----------------- Extension method : $.extend({ "max": function (a, b) { if (a > b) return a; }, &quo ...

  7. 【SqlServer series 】 Table joins

    1   summary 1.1  The published [SqlServer series ] article [SqlServer series ]MYSQL Installation tutorial [SqlServer series ] Three paradigms of database [SqlServer series ] Form query 1.2  This article ...

  8. iOS Development - Add shadow effect

    UIBezierPath *shadowPath = [UIBezierPath bezierPathWithRect:_backView.bounds]; _backView.layer.masks ...

  9. 【AtCoder】ARC077

    C - pushpush If it's a subscript If it's an even number So \(N,N - 2,N - 4...1,3,5...N - 1\) If it's an odd number \(N,N - 2,N - 4...2,4,6.. ...

  10. How to use Java Self made excellent picture captcha ? such !

    Completely Automated Public Turing test to tell Computers and Humans Apart Fully automatic distinction between computer and human Turing test abbreviation CAPTCH ...