| 基于反过滤规则集和自动爬虫的XSS漏洞深度挖掘技术 |
| |
| 引用本文: | 吴子敬,张宪忠,管磊,胡光俊.基于反过滤规则集和自动爬虫的XSS漏洞深度挖掘技术[J].北京理工大学学报,2012,32(4):395-401. |
| |
| 作者姓名: | 吴子敬 张宪忠 管磊 胡光俊 |
| |
| 作者单位: | 齐齐哈尔大学应用技术学院,黑龙江,齐齐哈尔161006;公安部第一研究所,北京,100048 |
| |
| 基金项目: | 国家自然科学基金资助项目(60873008) |
| |
| 摘 要: | 为解决Web网站跨站脚本攻击(XSS)问题,通过对XSS漏洞特征及过滤方式的分析,提出了通过反过滤规则集转换XSS代码并用自动爬虫程序实现漏洞代码的自动注入和可用性检验的XSS漏洞挖掘技术,依此方法可以获取XSS漏洞代码的转换形式及漏洞的注入入口,以实现对Web跨站漏洞深度挖掘.提出的XSS漏洞挖掘技术在邮箱XSS漏洞挖掘及Web网站XSS漏洞检测方面的实际应用验证了该技术的有效性.
|
| 关 键 词: | 跨站 XSS反过滤 XSS漏洞挖掘 自动爬虫 |
| 收稿时间: | 2011/10/20 0:00:00 |
Technique for Deep Discovering XSS Vulnerability Based on Anti-Filter Rules Set and Automatic Crawler Program |
| |
| WU Zi-jing,ZHANG Xian-zhong,GUAN Lei and HU Guang-jun.Technique for Deep Discovering XSS Vulnerability Based on Anti-Filter Rules Set and Automatic Crawler Program[J].Journal of Beijing Institute of Technology(Natural Science Edition),2012,32(4):395-401. |
| |
| Authors: | WU Zi-jing ZHANG Xian-zhong GUAN Lei and HU Guang-jun |
| |
| Affiliation: | Applied Technology College, Qiqihar University, Qiqihar, Heilongjiang 161006, China;Applied Technology College, Qiqihar University, Qiqihar, Heilongjiang 161006, China;The First Research Institute of Ministry of Public Security, Beijing 100048, China;The First Research Institute of Ministry of Public Security, Beijing 100048, China |
| |
| Abstract: | |
| |
| Keywords: | cross-site anti-XSS rules set XSS vulnerabilities discovery technique automatic crawler |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京理工大学学报》浏览原始摘要信息 |
|
点击此处可从《北京理工大学学报》下载全文 |
|
