Home  >  Article  >  Backend Development  >  Complete explanation of PHP vulnerabilities (4)-xss cross-site scripting attack

Complete explanation of PHP vulnerabilities (4)-xss cross-site scripting attack

黄舟
黄舟Original
2016-12-22 09:22:331393browse

XSS (Cross Site Scripting) means cross-site scripting attack. In order to distinguish it from CSS (Cascading Style Sheet), it is abbreviated as XSS

Cross-site scripting is mainly used by attackers to read website users’ cookies or other personal information. Once the attacker obtains this data, he can pretend to be this user to log in to the website and obtain this user's permissions.

General steps of cross-site scripting attack:

1. The attacker sends the xss http link to the target user in some way

2. The target user logs in to this website and opens the xss link sent by the attacker during the login process

3. The website executes this

When a program with a cross-site vulnerability appears, the attacker can construct a cross-site script similar to http://www.sectop.com/search.php?key= " method="POST">

InsertedComplete explanation of PHP vulnerabilities (4)-xss cross-site scripting attack

The defense method is to use htmlspecialchars to filter the output variables, or use the form submitted to your own file

This directly avoids the $_SERVER["PHP_SELF"] variable being cross-site

The above is PHP Full explanation of vulnerabilities (4) - xss cross-site scripting attack content, please pay attention to the PHP Chinese website (www.php.cn) for more related content

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn