什么是XSS攻击XSS攻击应用场景
生活随笔
收集整理的這篇文章主要介紹了
什么是XSS攻击XSS攻击应用场景
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
XSS攻擊
什么是XSS攻擊手段
XSS攻擊使用Javascript腳本注入進(jìn)行攻擊
例如在提交表單后,展示到另一個(gè)頁(yè)面,可能會(huì)受到XSS腳本注入,讀取本地cookie遠(yuǎn)程發(fā)送給黑客服務(wù)器端。
?
<script>alert('sss')</script>
<script>window.location.href='http://www.learn.com';</script>
對(duì)應(yīng)html源代碼: <script>alert('sss')</script>
最好使用火狐瀏覽器演示效果
package com.learn.controller;import javax.servlet.http.HttpServletRequest;import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping;@Controller public class IndexController {// 轉(zhuǎn)發(fā)到index頁(yè)面@RequestMapping("/index")public String index() {return "index";}// 接受頁(yè)面 參數(shù)@RequestMapping("/postIndex")public String postIndex(HttpServletRequest request) {request.setAttribute("name", request.getParameter("name"));return "forward";}} spring.mvc.view.prefix=/WEB-INF/jsp/ spring.mvc.view.suffix=.jsp <%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body><form action="postIndex" method="post">輸入內(nèi)容: <input type="text" name="name"> <br> <inputtype="submit"></form> </body> </html> <%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body>${name} </body> </html> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.learn</groupId><artifactId>springboot-web</artifactId><version>0.0.1-SNAPSHOT</version><packaging>war</packaging><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>1.5.12.RELEASE</version></parent><dependencies><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>1.1.1</version></dependency><!-- mysql 依賴 --><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><!-- SpringBoot 對(duì)lombok 支持 --><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency><!-- SpringBoot web 核心組件 --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId></dependency><!-- SpringBoot 外部tomcat支持 --><dependency><groupId>org.apache.tomcat.embed</groupId><artifactId>tomcat-embed-jasper</artifactId></dependency><!-- springboot-log4j --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-log4j</artifactId><version>1.3.8.RELEASE</version></dependency><!-- springboot-aop 技術(shù) --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-aop</artifactId></dependency><!-- https://mvnrepository.com/artifact/commons-lang/commons-lang --><dependency><groupId>commons-lang</groupId><artifactId>commons-lang</artifactId><version>2.6</version></dependency></dependencies> </project>?
總結(jié)
以上是生活随笔為你收集整理的什么是XSS攻击XSS攻击应用场景的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 设置eclipse新建maven项目默认
- 下一篇: [坑] IDEA Unable to i