Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what is the Dom-type XSS attack principle of Web network security vulnerabilities". In daily operation, I believe that many people have doubts about the Dom-type XSS attack principle of Web network security vulnerabilities. I have consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "what is the Dom-type XSS attack principle of Web network security vulnerabilities"! Next, please follow the editor to study!

Dom type XSS attack

The function of the Dom-type XSS attack page is to enter information in the "input" box. When you click the "replace" button, the page will replace the "input here" with the input information. For example, when entering "11", the page will replace "what will be displayed here" with "11", as shown in figures 75 and 76.

Figure 75 HTML page

Figure 76 replace function

When entering

Click the replace button, and the page pops up a message box, as shown in figure 77.

Figure 77 DOM XSS

As you can see from the HTML source code, there is the JS function tihuan (), which modifies the content of the element id1 (output location) to the content of the element dom_input (input location) through the DOM operation.

Code Analysis of Dom XSS

The Dom-type XSS program only has HTML code, and there is no server-side code, so the program does not interact with the server side, as shown below.

Test function tihuan () {document.getElementById ("id1") [xss_clean] = document.getElementById ("dom_input") .value;} the input is displayed here

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.