Complete explanation of PHP vulnerabilities (4)-xss cross-site scripting attack

XSS (Cross Site Scripting) means cross-site scripting attack. In order to distinguish it from CSS (Cascading Style Sheet), it is abbreviated as XSS

Cross-site scripting is mainly used by attackers to read website users’ cookies or other personal information. Once the attacker obtains this data, he can pretend to be this user to log in to the website and obtain this user's permissions.

General steps of cross-site scripting attack:

1. The attacker sends the xss http link to the target user in some way

2. The target user logs in to this website and opens the xss link sent by the attacker during the login process

3. The website executes this

When a program with a cross-site vulnerability appears, the attacker can construct a cross-site script similar to http://www.sectop.com/search.php?key= " method="POST">

Inserted

The defense method is to use htmlspecialchars to filter the output variables, or use the form submitted to your own file

This directly avoids the $_SERVER["PHP_SELF"] variable being cross-site

The above is PHP Full explanation of vulnerabilities (4) - xss cross-site scripting attack content, please pay attention to the PHP Chinese website (www.php.cn) for more related content