xsshelp I just wrote a tool to help mine XSS vulnerabilities when I have nothing to do (mainly because I am lazy and want to save trouble, I simply used a tool to implement a relatively easy-to-use idea for digging XSS every time) xsshelp version: 1.0.0“Usage: [-ut] [-u url] [-t thread] [-h help]“Options:` `-h this […]
Tag: xss
Web Vulnerability-XSS Theory and Shooting Range Test (1)
Actual Preliminary Statement The procedures (methods) involved in the article may be offensive and are only for security research and learning purposes. If readers use the information for other purposes, the user shall bear all legal and joint liability. The author of the article does not assume any legal and joint liability. 1. Briefly understand […]
XSS injection analysis of WEB vulnerabilities
XSS injection vulnerability 1. Reflective XSS injection Cause of the vulnerability: There is no reliable input validation for user-submitted content (no filtering of sensitive strings). Next, write a web page with a reflected xss vulnerability a. Write xss vulnerability web page in php Code in xss.php <!DOCTYPE html> <html lang=”en”> <head> <meta charset=”UTF-8″> <meta name=”viewport” […]
Web Security Series – XSS Attack
The article was first published on the public account: Brick mover on Haitian 2nd Road 1. What is XSS attack XSS (Cross-site scripting) attack, that is, cross-site scripting attack. Attackers inject malicious code into the victim’s browser to attack the victim’s login credentials, steal sensitive information, or control the victim’s session. XSS attacks are a […]
Cross Site Scripting (XSS)
Attackers will send suspicious scripts to websites, which can obtain website cookies, session tokens, or other sensitive information saved by the browser, and even rewrite the content of HTML pages. Background There are different types of XSS vulnerabilities. The first ones discovered were stored XSS and reflected XSS. In 2005, Amit Klein discovered DOM-based XSS. […]
Understand XSS from the principles of network security
01. Principles and classifications of XSS Cross-site scripting attack XSS (Cross Site Scripting), in order not to be confused with the abbreviation of Cascading Style Sheets (CSS) Therefore, the cross-site scripting attack is abbreviated as XSS. A malicious attacker inserts malicious Script code into the Web page. When the user browses the page, the Script […]
XSS level-breaking game level 1-8
Shooting range environment setup: Link: https://pan.baidu.com/s/1V_Ij9NfJzRSeYq1alSecew Extraction code: 3333 Open apache and mysql of phpstudy, put the shooting range environment in the www directory, and access 127.0.0.1/filename in the browser Level 1: There is no defensive measure. Enter it directly in the URL and you can directly bypass it. <script>alert(1)</script> Level 2: Looking at the […]
XSS cross-site scripting attack
XSS cross-site scripting attack Cross-site scripting attack, the vulnerability occurs on the user side, which means that unexpected JavaScript code execution occurs during the rendering process. Used to obtain cookies and operate as an attacker. – Reason – The program does not properly process the input and output, causing the characters constructed by the attacker […]
Use SXSSFWorkbook in POI to do excel export and customize template export
1. Introduce dependencies <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-ooxml-schemas</artifactId> <version>4.1.2</version> </dependency> <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi</artifactId> <version>4.1.2</version> </dependency> <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-ooxml</artifactId> <version>4.1.2</version> </dependency> 2. Simple export implementation package cn.sto.station.twin.common.excel; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang3.ArrayUtils; import org.apache.poi.hssf.usermodel.HSSFFont; import org.apache.poi.ss.usermodel.*; import org.apache.poi.util.IOUtils; import org.apache.poi.xssf.streaming.SXSSFSheet; import org.apache.poi.xssf.streaming.SXSSFWorkbook; import java.io.*; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; /** * SXSSFWorkbook export * […]
JAVA code audit-XSS vulnerability analysis
xSS vulnerabilities are not just as simple as pop-up windows. This article will first talk about the form of triggering the vulnerability. In another issue, we will talk about how harmful xSS is! Reflected xSS vulnerability Reflected xSS vulnerabilities occur when an attacker adds malicious code to a web page request, and the request immediately […]