Stolen cookies: XSS attack results
cookie 受窃:XSS攻击的后果
An XSS attack leads to undesirable effects.
XSS攻击会导致不良后果。
It's now almost impossible to have an accidental XSS attack.
现在偶然出现一个XSS攻击已经不太可能了。
Listing 10 demonstrates how the form could print the results, allowing an XSS attack.
清单10演示了允许XSS攻击的表单如何输出结果。
At the core of a traditional XSS attack lies a vulnerable script in the vulnerable site.
传统的XSS攻击的核心处位于脆弱的站点中的脆弱的脚本。
Use Regular Expression to validate input to protect from XSS attack below is Snapshot.
下图使用正则表达式来验证输入,从而预防XSS攻击。
Unlike those, the XSS attack involves three parties: the attacker, the client, and the Web site.
与那些攻击不同的是,XSS攻击同时涉及三个群体:黑客、客户端和Web站点。
The following examples are intended to help you recognize the areas that are vulnerable to XSS attack.
下面的例子可以帮助您识别易受XSS攻击的领域。
If you have a site with a wildcard certificate, and that site has an XSS attack reachable irrespective of Host header.
如果你的站点有一个万用证书,那么无论主机信息头部是什么样,这个站点都极有可能遭受跨站攻击。
So far, we have seen that an XSS attack can take place in a parameter of a GET request that is echoed back to the response by a script.
到此为止,我们已经看到XSS攻击可以出现在用脚本回送响应的GET请求的参数中。
The goal of the XSS attack is to steal the client cookies or any other sensitive information that can identify the client with the Web site.
XSS攻击的目的是盗走客户端cookies,或者任何可以用于在Web站点确定客户身份的其他敏感信息。
Since attackers are usually trying to add malicious scripts, this particular variation is called a "cross-site scripting attack" (XSS attack).
由于攻击者通常是试图添加恶意的脚本,因些这种变化被称为“交叉站点脚本攻击” (XSS攻击)。
A reflected XSS attack exploits vulnerable Web applications that display input parameters back to the browser without checking for the presence of active content in them.
reflectedXSS攻击利用了Web应用程序安全性低的弱点,该应用程序在浏览器中显示输入参数而不对其中是否存在活动内容进行检查。
In this case, it is first necessary to "escape" to the free context, and then to append the XSS attack. For example, if the data is injected as a default value of an HTML form field.
在这种情况下,首先必要的是“逃”到自由的环境中,然后附加XSS攻击。
When this tag is placed with an XSS attack - which are the most common of the documented attacks - users can easily do something with their credentials without knowing it - thus, the forgery.
当此标记与XSS攻击结合在一起时—在已归档的攻击中最常见—用户可以在不知情的情况下轻松地对其凭证执行一些操作—因此是伪造的。
When an attacker introduces a malicious script to a dynamic form submitted by the user, a cross-site scripting (XSS) attack then occurs.
当攻击者向用户提交的动态表单引入恶意脚本时,就会产生跨站点脚本(XSS)攻击。
Now he knows that the site is prone to an XSS-style attack.
现在他知道这个站点容易受xss类型的攻击。
In the next scenario, the hypothetical Web site ensures that the generated pages are properly encoded by using the XSS custom tag library and is able to protect itself from the attack.
在下一个方案中,这个虚拟网站确保生成的页面是通过使用xss定制标记库正确编码的,并且能避免攻击。
A user can help reduce his susceptibility to an XSS-style attack in five significant ways
用户可以通过5 个有效手段来减少XSS 类型的攻击
XSS is an attack on the privacy of clients of a particular Web site, which can lead to a total breach of security when customer details are stolen or manipulated.
XSS是针对特殊Web站点的客户隐私的攻击,当客户详细信息失窃或受控时可能引发彻底的安全威胁。
XSS is an attack on the privacy of clients of a particular Web site, which can lead to a total breach of security when customer details are stolen or manipulated.
XSS是针对特殊Web站点的客户隐私的攻击,当客户详细信息失窃或受控时可能引发彻底的安全威胁。
应用推荐