当前位置:theitroad>javascript 谁能解释一下这些 XSS 测试字符串?

javascript 谁能解释一下这些 XSS 测试字符串?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/25461418/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-28 04:32:34  来源:igfitidea点击:

Could anyone explain these XSS test strings?

javascriptxss

提问by tonix

recently I found this tutorial about XSS and web application security -> https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator

最近我发现了这个关于 XSS 和 Web 应用程序安全的教程 -> https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator

At the start there are some strings to inject in order to test that a site is vulnerable to xss or not. These strings are:

一开始需要注入一些字符串来测试站点是否容易受到 xss 的攻击。这些字符串是:

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

and

'';!--"<XSS>=&{()}

I know the basic concepts of XSS, but here I can't understand why there's that repetition of 'alert(String.fromCharCode(88,83,83))' in the first string and why those //';//";//-->comments are needed for (do they mean something special when used in such a way whilesearching for xss bugs?). And in the second string, what is the purpose of the &{()} sequence?

我知道 XSS 的基本概念,但在这里我不明白为什么在第一个字符串中重复 'alert(String.fromCharCode(88,83,83))' 以及为什么那些//'; //"; //-->需要注释(在搜索 xss 错误时以这种方式使用它们是否意味着特殊的东西?)。在第二个字符串中,&{()} 序列的目的是什么?

Could anyone exlain me with concrete exampleshow this two strings should work in order to retrieve an xss bug inside a web app? Cause on the site I linked no explanation is given...

谁能用具体的例子解释一下这两个字符串应该如何工作以检索网络应用程序中的 xss 错误?因为在我链接的网站上没有给出任何解释......

回答by Caleb Brinkman

This looks like it's trying several different injections, so I'll try and break them down one at a time:

这看起来像是在尝试几种不同的注入,所以我会尝试一次分解它们:

The First Injection

第一次注射

';alert(String.fromCharCode(88,83,83))//

This injection attempts to terminate a JavaScript string literal (using '), then terminate the statement (with ;) and makes a call to alert(String.fromCharCode(88,83,83))which will cause a popup box containing "XSS". The following //is an attempt to "comment out" the rest of the statement, so that a syntax error will not occur and the script will execute.

此注入尝试终止 JavaScript 字符串文字(使用'),然后终止语句(使用;)并调用alert(String.fromCharCode(88,83,83))将导致包含“XSS”的弹出框。下面//是尝试“注释掉”语句的其余部分,这样就不会出现语法错误并且脚本会执行。

The Second Injection

第二次注射

";alert(String.fromCharCode(88,83,83))//

Like the first injection, but it uses "in an attempt to terminate a JavaScript string literal.

与第一次注入类似,但它用于"尝试终止 JavaScript 字符串文字。

The Third Injection

第三次注射

--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

This attempts to do the following things:

这试图做以下事情:

  1. Terminate an HTML (or XML) comment (with -->)
  2. Terminate an existing <SCRIPT>tag using </SCRIPT>
    • This is done to prevent the injected script causing a syntax error, which would prevent the injected script from executing.
  3. Terminate an HTML attribute and tag, using ">
  4. Terminate an HTML attribute and tag, using '>
  5. Inject JavaScript using <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  1. 终止 HTML(或 XML)注释(使用-->
  2. 使用终止现有<SCRIPT>标签</SCRIPT>
    • 这样做是为了防止注入的脚本导致语法错误,从而阻止注入的脚本执行。
  3. 终止 HTML 属性和标签,使用 ">
  4. 终止 HTML 属性和标签,使用 '>
  5. 使用注入 JavaScript <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

The Fourth Injection

第四次注射

'';!--"<XSS>=&{()}

This is a common string used to test what, if any, filters and/or encoding are being used on user input. Typically, the source of the page after this injection will contain either &lt;XSSor <XSS. If the second is found, the application is most likely not filtering user input (as it allowed the addition of an arbitrary tag) and is likely vulnerable to XSS.

这是一个常用字符串,用于测试在用户输入上使用了哪些过滤器和/或编码(如果有)。通常,此注入后的页面源将包含&lt;XSS<XSS。如果找到第二个,应用程序很可能没有过滤用户输入(因为它允许添加任意标签)并且很可能容易受到 XSS 的攻击。

To answer your more direct questions:

要回答您更直接的问题:

why there's that repetition of 'alert(String.fromCharCode(88,83,83))'

为什么会重复 'alert(String.fromCharCode(88,83,83))'

This is a common "Proof of Concept" function, that will cause a popup box to appear containing "XSS". If this occurs, the injected JavaScript was executed.

这是一个常见的“概念证明”功能,它会导致一个包含“XSS”的弹出框出现。如果发生这种情况,则执行注入的 JavaScript。

why there's that repetition of 'alert(String.fromCharCode(88,83,83))' in the first string and why those //'; //"; //-->

为什么在第一个字符串中有重复的 'alert(String.fromCharCode(88,83,83))' 以及为什么那些 //'; //"; //-->

These are used to prevent syntax errors, which can cause the injected JavaScript to fail to execute.

这些用于防止语法错误,这可能导致注入的 JavaScript 无法执行。

相关推荐

javascript jQuery:按 id 删除元素

javascript jQuery:按 id 删除元素

javascript 我可以在 Highcharts 图表中添加一条“平均”线吗?

javascript 我可以在 Highcharts 图表中添加一条“平均”线吗?

javascript Wow.js 不会加载延迟超过 1 秒的动画。为什么?

javascript Wow.js 不会加载延迟超过 1 秒的动画。为什么?

javascript throw Error 和 console.error 有什么区别

javascript throw Error 和 console.error 有什么区别

相关推荐
最近更新
标签