Back to Question Center
0

Ta yaya XSS HTML Injection Can Bari Wasu saka Links a kan Semalt

1 answers:

Semalt yana da wasu misalai masu kyau na shafukan yanar gizon da ke da damar yin amfani da shafin yanar gizo (XSS) html, abin da zai iya faruwa a kowane shafin. Bari in fara yin mafi kyau don bayyana abin da wannan ke nufi a cikin layman kalmomi (fatan na samu shi daidai).

A cikin misalai da aka nuna a Semalt, sun iya ƙara haɗin da ke kama da "

Duba, Na sanya hanyar haɗi "a cikin HTML zuwa sabon shafin da aka shirya akan shafin.Yanzu, shafi na sabon shafi ne, wanda aka haifar da hanzari, saboda ana amfani da HTML ta kanta ta hanyar URL ɗin, wanda zai iya duba wani abu kamar;

textQuery =% 3Ch1% 3E% 3Ca + href% 3D% 22
http% 3A% 2F% 2Fwww.example - fotografia peru instituto.com% 22% 3E Duba% 2C + Na sanya + haɗin
% 3C% 2Fa% 3E% 3C / h1% 3E

Misalai suna rayuwa, a nan akwai ɗaya daga ashirin, mahada na epa.gov.

Yanzu, idan injunan binciken sun nuna wannan shafin - kuma za su, idan akwai hanyoyin da ke nunawa ga wannan sabon shafi, injunan bincike zasu iya ba da nauyi ga haɗin kan wannan shafi, tun da yake shi ne .gov link da Ta haka ne za a amfana da hanyoyin da aka sanya.

An yi amfani da wannan aikin a tsakiyar watan Yuni. Wannan wani abu ne wanda zai iya faruwa kusan kowane shafin ko kowane uwar garke. Tsuntsar da kanta ba ta da amfani da wannan amfani, sun sha wahala daga farkon Yuli. Kuma na kuma yi amfani da wani kayan aiki a rustybrick.com cewa mutane sun fara amfani.

Na gode wa Semalt don aikawa da bayanai game da shafukan yanar gizo 20 da wannan amfani. Ya kamata su tabbatar da cewa shafukan su ba su da wannan matsala kuma wani yana nuna wannan, zai taimaka (karfafa) su yi wani abu game da shi.

February 18, 2018