实验
一、 xss跨站脚本实验
XSS全称(cross site scripting)跨站脚本攻击,是web程序最常见的漏洞。指攻击者在网页嵌入客户端脚本如javascript,当用户浏览网页时,脚本就会在用户的浏览器上执行,从而达到攻击者的目的。比如获取cookkie,导航到恶意网站等,主要原因就是页面输入的数据变成了代码导致的攻击。
本次实验使用javaweb编写的简单程序测试一下代码如下:
java页面:
package servlet;
import java.io.IOException;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class XSSServlet extends HttpServlet {
private static final long serialVersionUID = -8953308985918560500L;
@Override
protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Map<String, String[]> map = request.getParameterMap();
Set<String> keySet = map.keySet();
// 将接收参数一一传递到页面
for(String key : keySet){
Object obj = map.get(key);
if(obj instanceof String[]){
String[] strs = (String[])obj;
if(strs.length >= 1){
request.setAttribute(key, strs[0]);
}
}
}
request.getRequestDispatcher("/xss.jsp").forward(request, response);
}
}
Jsp页面:
<%@ page pageEncoding="UTF-8"%>
<%String path = request.getContextPath(); String basePath = request.getScheme()+"://"
+request.getServerName()+":"+request.getServerPort()+path+"/";%>
<!DOCTYPE HTML><html> <head> <base href="<%=basePath%>">
<title>XSS跨站脚本测试</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
</head>
<body style="${bodyStyle }">
<form action="<%=path %>/xss.do" method="post">
背景颜色:<input name="bodyStyle" type="input" value="${bodyStyle }" />
<br />
<input type="submit" value="改变" />
</form>
</body>
</html>
Web.xml:
</welcome-file-list>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>servlet.XSSServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/xss.do</url-pattern>
</servlet-mapping>
测试如下:
访问地址:http://localhost:8080/class/xss.do 填写参数:background:red
效果:点击按钮之后页面背景会变成红色
如图:
访问地址:http://127.0.0.1:8080/class/xss.do?bodyStyle=background:blue
效果:页面直接变成蓝色,不需要点击按钮
如图:
攻击测试:在文本框输入:" onload='alert(/hello/)' "
效果:页面弹出对话框
测试输入:" onload="window.location.href='http://www.baidu.com' " "
效果:直接跳转到百度首页
使用扫描器扫描结果如下: