three main kinds of XSS
There are three main kinds of XSS:
- Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser.
- Type 2: Stored XSS (or Persistent) - The application stores dangerous data in a database, message forum, visitor log, or other trusted data store. At a later time, the dangerous data is subsequently read back into the application and included in dynamic content. From an attacker's perspective, the optimal place to inject malicious content is in an area that is displayed to either many users or particularly interesting users. Interesting users typically have elevated privileges in the application or interact with sensitive data that is valuable to the attacker. If one of these users executes malicious content, the attacker may be able to perform privileged operations on behalf of the user or gain access to sensitive data belonging to the user. For example, the attacker might inject XSS into a log message, which might not be handled properly when an administrator views the logs.
- Type 0: DOM-Based XSS - In DOM-based XSS, the client performs the injection of XSS into the page; in the other types, the server performs the injection. DOM-based XSS generally involves server-controlled, trusted script that is sent to the client, such as Javascript that performs sanity checks on a form before the user submits it. If the server-supplied script processes user-supplied data and then injects it back into the web page (such as with dynamic HTML), then DOM-based XSS is possible.
XSS有三种主要类型:
类型1:反射XSS(或非持久)-服务器直接从HTTP请求读取数据,并在HTTP响应中反射回来。当攻击者导致受害者向易受攻击的web应用程序提供危险内容时,就会发生反射式XSS攻击,然后这些内容会反射回受害者并由web浏览器执行。传递恶意内容的最常见机制是将其作为参数包含在公开发布或通过电子邮件直接发送给受害者的URL中。以这种方式构建的URL构成了许多网络钓鱼方案的核心,攻击者借此说服受害者访问指向易受攻击站点的URL。网站将攻击者的内容反射回受害者后,受害者的浏览器将执行该内容。
类型2:存储XSS(或持久性)-应用程序将危险数据存储在数据库、消息论坛、访客日志或其他受信任的数据存储中。稍后,危险数据会被读回应用程序并包含在动态内容中。从攻击者的角度来看,注入恶意内容的最佳位置是向许多用户或特别感兴趣的用户显示的区域。感兴趣的用户通常在应用程序中拥有更高的权限,或者与对攻击者有价值的敏感数据进行交互。如果其中一个用户执行恶意内容,攻击者可能会代表该用户执行特权操作,或访问属于该用户的敏感数据。例如,攻击者可能会将XSS注入日志消息,管理员查看日志时可能无法正确处理该消息。
类型0:基于DOM的XSS——在基于DOM的XSS中,客户端将XSS注入页面;在其他类型中,服务器执行注入。基于DOM的XSS通常涉及服务器控制的、受信任的脚本,这些脚本被发送到客户端,比如Javascript,它在用户提交表单之前对表单执行健全性检查。如果服务器提供的脚本处理用户提供的数据,然后将其注入网页(例如使用动态HTML),那么基于DOM的XSS是可能的。