Cross-site scripting(XSS)
https://en.wikipedia.org/wiki/Cross-site_scripting
Definition
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications.
XSS enables attackers to inject client-side scripts into web pages viewed by other users.
A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1]
Bug bounty company HackerOne in 2017 reported that XSS is still a major threat vector.[2]
XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
Types
There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of XSS flaws: non-persistent and persistent.
Some sources further divide these two groups into traditional (caused by server-side code flaws) and DOM-based (in client-side code).
Non-persistent (reflected)
Persistent (or stored)
Server-side versus DOM-based vulnerabilities
Self-XSS
Mutated XSS (mXSS)
Example
https://www.owasp.org/images/2/22/20110412-aspnet_viewstate_security-alexandre.pdf
最新文章
- 根据ip判断返回城市名称查询当地天气
- [译]Writing Custom Middleware in ASP.NET Core 1.0
- div文字超出
- Java多线程编程核心技术---对象及变量的并发访问(一)
- Maven中手动引用第三方jar包
- eclipse汉化过程
- tornado的cookie和secure cookie
- 【JS】Intermediate2:Events and Callbacks
- G - Island Transport - hdu 4280(最大流)
- Mysql主从原理
- 【HNOI2004】宠物收养所(splay)
- 加密传输:每位数字+6,然后用除以9的余数代替该数字, 在把第一位和第四位交换,第二位和第三位交换,例如3276->;3840
- python基础学习之文件操作&;函数
- 快速开发工具:Servoy
- hadoop2.4.0伪分布式搭建以及分布式关机重启后datanode没起来的解决办法
- mybatis通用mapper源码解析(二)
- Java Singleton Implementation
- 火狐FireFox57不支持Tab Mix Plus插件的问题
- 用js取1-100的随机数
- day 57 Bootstrap 第一天