存储型XSS攻击向量自动化生成技术

doi:10.7523/j.issn.2095-6134.2012.6.014

中国科学院大学学报 ›› 2012, Vol. ›› Issue (6): 815-820.DOI: 10.7523/j.issn.2095-6134.2012.6.014

存储型XSS攻击向量自动化生成技术

陈景峰¹, 王一丁¹, 张玉清², 刘奇旭²

1. 北方工业大学信息工程学院, 北京 100041;
2. 中国科学院研究生院国家计算机网络入侵防范中心, 北京 100049

收稿日期:2011-10-13 修回日期:2011-12-19 发布日期:2012-11-15
通讯作者: 陈景峰
基金资助:
国家自然科学基金(60970140)资助

Automatic generation of attack vectors for stored-XSS

CHEN Jing-Feng¹, WANG Yi-Ding¹, ZHANG Yu-Qing², LIU Qi-Xu²

1. North China University of Technology, Beijing 100144, China;
2. National Computer Network Instrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China

Received:2011-10-13 Revised:2011-12-19 Published:2012-11-15

摘要/Abstract

摘要： 针对危害性最为严重的存储型XSS漏洞的特点及其触发方式,设计并实现了一款自动生成存储型XSS攻击向量的工具.使用该工具对中国2个大型视频分享网站的日志发布系统进行测试,发现6类导致存储型XSS漏洞的攻击向量.实验结果验证了该方法及测试工具的有效性,并说明中国视频网站仍存在着较大安全隐患.

关键词: 存储型XSS, 攻击向量, Web安全, 漏洞挖掘

Abstract: The stored-XSS (cross-site scripting) is generally more serious than the other modalities of XSS. We study the characteristics and trigger mechanism of stored-XSS, propose an generation method of attack vectors for stored-XSS, and accomplish a tool which can generate the attack vectors automatically. After we used this tool in testing the blog systems of two popular video-sharing sites in China, we found 6 types of attcak vectors which can trigger stored-XSS. The results of the testing experiments show the effectiveness of our method and also show the potential security risk in the video-sharing sites.

Key words: stored-XSS, attack vector, Web security, vulnerability discovery

中图分类号:

TP393

陈景峰, 王一丁, 张玉清, 刘奇旭. 存储型XSS攻击向量自动化生成技术[J]. 中国科学院大学学报, 2012, (6): 815-820.

CHEN Jing-Feng, WANG Yi-Ding, ZHANG Yu-Qing, LIU Qi-Xu. Automatic generation of attack vectors for stored-XSS[J]. , 2012, (6): 815-820.

参考文献

[1] 新浪微博XSS攻击事件分析 [EB/OL](2011-08-30) [2011-09-22]. http://netsecurity.51cto.com/art/201108/287982.htm
[2] Galn E, Alcaide A, Orfila A, et al. A multi-agent scanner to detect stored-XSS vulnerabilities [C]//IEEE Internet Technology and Secured Transactions (ICITST). London, 2010: 1-6.
[3] Kieyzun A, Guo P J, Jayaraman K, et al. Ernst automatic creation of SQL injection and cross-site scripting attacks [C]//IEEE ICSE, Vancouver. Canada, 2009:199-209.
[4] Chen J Q, Zhang Y Q. Design and realization of web cross-site scripting vulnerability detection tool[J]. Computer Engineering, 2010, 36(6):152-157(in Chinese). 陈建青,张玉清. Web跨站脚本漏洞检测工具的设计与实现[J]. 计算机工程,2010,36(6):152-157.
[5] XSS (cross site scripting) cheat sheet [DB/OL]. [2011-09-02]. http://ha.ckers.org/xss.html.
[6] Tang Z S, Zhu H J, Cao Z F, et al. L-WMxD: lexical based Webmail XSS discoverer [C]//IEEE Computer Communications Workshops (INFOCOM WKSHPS). Shanghai, 2011:976-981.
[7] Qiu Y J. Study on techniques of cross-site scripting attack and defense [D]. Beijing: Beijing Jiaotong University, 2010(in Chinese). 邱勇杰. 跨站脚本攻击与防御技术研究 [D]. 北京:北京交通大学,2010.
[8] Gebre MT, Lhee K, Hong M. A robust defense against content-sniffing XSS attacks [C]//IEEE Multimedia Technology and its Applications (IDC). Barcelona, 2010:315-320.
[9] HTML4.0事件属性 [EB/OL]. [2011-09-20]. http://www.w3school.com.cn/html/html_eventattributes.asp.
[10] Stuttard D, Pinto M. The web application Hacker's handbook: discovering and exploiting security flaws[M]. America: Wiley Publishing Inc, 2008:406-410.
[11] Sutton M, Greene A, Amini P. Fuzzing brute force vulnerability discovery[M]. America: Pearson Education Inc, 2007:140-144.

存储型XSS攻击向量自动化生成技术

Automatic generation of attack vectors for stored-XSS

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	董颖, 张玉清, 乐洪舟. Joomla内容管理系统漏洞利用技术[J]. 中国科学院大学学报, 2015, 32(6): 825-835.
[2]	罗成, 张玉清, 王龙, 刘奇旭. 基于符号表达式的未知协议格式分析及漏洞挖掘[J]. 中国科学院大学学报, 2013, 30(2): 278-284.
[3]	王夏莉, 张玉清. 一种基于行为的XSS客户端防范方法[J]. 中国科学院大学学报, 2011, 28(5): 668-675.