Home > Article > Backend Development > Complete explanation of PHP vulnerabilities (4)-xss cross-site scripting attack
XSS (Cross Site Scripting) means cross-site scripting attack. In order to distinguish it from CSS (Cascading Style Sheet), it is abbreviated as XSS
Cross-site scripting is mainly used by attackers to read website users’ cookies or other personal information. Once the attacker obtains this data, he can pretend to be this user to log in to the website and obtain this user's permissions.
General steps of cross-site scripting attack:
1. The attacker sends the xss http link to the target user in some way
2. The target user logs in to this website and opens the xss link sent by the attacker during the login process
3. The website executes this
When a program with a cross-site vulnerability appears, the attacker can construct a cross-site script similar to http://www.sectop.com/search.php?key= " method="POST">
Inserted
The defense method is to use htmlspecialchars to filter the output variables, or use the form submitted to your own fileThis directly avoids the $_SERVER["PHP_SELF"] variable being cross-site
The above is PHP Full explanation of vulnerabilities (4) - xss cross-site scripting attack content, please pay attention to the PHP Chinese website (www.php.cn) for more related content