| 基于动态数据生成缺陷的XSS漏洞挖掘技术 |
| |
| 引用本文: | 潘发益,郭颖,崔宝江. 基于动态数据生成缺陷的XSS漏洞挖掘技术[J]. 信息网络安全, 2012, 0(11): 44-47 |
| |
| 作者姓名: | 潘发益 郭颖 崔宝江 |
| |
| 作者单位: | 北京邮电大学计算机学院;中国信息安全测评中心 |
| |
| 基金项目: | 国家自然科学基金资助项目[61170268、61272493] |
| |
| 摘 要: | XSS漏洞普遍存在于当前Web应用中,而且危害极其严重。随着Web2.0的到来,Web应用日趋大型化和复杂化,进一步为web漏洞的滋生提供了温床。针对大型web应用中复杂的数据组织结构,文章提出一种基于动态数据生成缺陷的XSS漏洞挖掘方法,能快速、高效地挖掘出大型Web应用中存在的XSS漏洞。同时,利用这一挖掘方法对web应用中存在的HTTPResponseSplitting漏洞、URLRedirection漏洞进行挖掘分析,都取得了非常显著的效果。
|
| 关 键 词: | 跨站脚本 HTTP Response Splitting URL Redirection |
Exploiting XSS Vulnerability based on Dynamic Data Generating Flaw |
| |
| PAN Fa-yi,GUO Ying,CUI Bao-jiang. Exploiting XSS Vulnerability based on Dynamic Data Generating Flaw[J]. Netinfo Security, 2012, 0(11): 44-47 |
| |
| Authors: | PAN Fa-yi GUO Ying CUI Bao-jiang |
| |
| Affiliation: | 1(1.School of Computer,Beijing University of Posts and Telecommunications,Beijing 100876,China;2.China Information Technology Security Evaluation Center,Beijing 100085,China) |
| |
| Abstract: | XSS is the most common and seriously harmful vulnerability in current Web applications. With the arrival of Web2.0 technologies, Web applications tend to be much larger and more complex, which provided the hotbed for Web vulnerabilities. According to the complex structure of data organization in large-scale web applications, in this paper we proposed an approach for exploiting XSS vulnerability based on dynamic data generating flaw. It can exploit XSS vulnerability existing in large-scale Web applications quickly and effectively. We also use this method to analysis HTTP Response Splitting vulnerability and URL Redirection vulnerability in Web applications and also achieved significant results. |
| |
| Keywords: | |
| 本文献已被 CNKI 维普 等数据库收录! |
