我发现 Google 存在 XSS 漏洞.我编写了一个脚本，用于重写公开的 Google 页面，使其看起来与实际的 Google 登录完全相同.我的虚假页面提交给第三方服务器，然后重定向回真实页面.我得到了 Google 帐户密码，但用户不知道发生了什么，Google 也不知道发生了什么.XSS 作为 CSRF 的平台(据说确实发生过)XSS as a platform for CSRF (this supposedly actually happened)亚马逊存在 CSRF 漏洞，其中始终保持登录状态"cookie 允许您将条目标记为具有攻击性.我在一个高流量网站上发现了一个 XSS 漏洞.我编写了一个 JavaScript，它会点击 URL 以将所有男/女同性恋作者在亚马逊上撰写的书籍标记为具有攻击性.对于亚马逊来说，他们使用真实的auth cookie 从真实的浏览器中获取有效请求.一夜之间，所有书籍都从网站上消失了.互联网太可怕了.Amazon has a CSRF vulnerability where a "always keep me logged in" cookie allows you to flag an entry as offensive.I find an XSS vulnerability on a high traffic site.I write a JavaScript that hits up the URLs to mark all books written by gay/lesbian authors on Amazon as offensive.To Amazon, they are getting valid requests from real browsers with real auth cookies. All the books disappear off the site overnight.The internet freaks the hell out.XSS 作为会话固定攻击的平台我发现一个电子商务网站在登录后不会重置会话(就像任何 ASP.NET 网站一样)，能够通过查询字符串或 cookie 传递会话 ID，并将身份验证信息存储在会话中(很常见).我在该站点的页面上发现了 XSS 漏洞.我编写了一个脚本，将会话 ID 设置为我控制的 ID.有人点击了那个页面，然后进入了我的会话.他们登录.我现在可以像他们一样做任何我想做的事情，包括使用保存的卡片购买产品.I find an e-commerce site that does not reset their session after a login (like any ASP.NET site), have the ability to pass session id in via query string or via cookie, and stores auth info in the session (pretty common).I find an XSS vulnerability on a page on that site.I write a script that sets the session ID to the one I control.Someone hits that page, and is bumped into my session.They log in.I now have the ability to do anything I want as them, including buying products with saved cards.这三个是最大的.XSS、CSRF 和会话固定攻击的问题在于，它们很难被追踪和修复，而且很容易被允许，尤其是在开发人员不太了解它们的情况下.Those three are the big ones. The problem with XSS, CSRF, and Session Fixation attacks are that they are very, very hard to track down and fix, and are really simple to allow, especially if a developer doesn't know much about them. 这篇关于XSS 背后的一般概念是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！