Cross-site scripting vulnerability detection method and device based on file object model

Abstract

Disclosed are a method, apparatus, and terminal for detecting a document object model-based cross-site scripting attack vulnerability. The method comprises: obtaining a set of parameter value pairs in the original URL of a webpage, the set of parameter value pairs including at least one parameter value pair; replacing parameter values of the parameter pairs with a feature script to form a test URL of the webpage, the feature script being malicious codes that contain malicious characters and can be uniquely identified in a document object model tree of the webpage; obtaining the page content corresponding to the test URL; converting the page content into the document object model tree; and detecting whether the cross-site scripting attack vulnerabilities are in the parameter value pairs according to the document object model tree and the feature script. By using the above solution, DOM XSS vulnerabilities can be effectively found only through searching the inserted feature script in the converted DOM tree and without triggering the execution of the feature script, thus greatly improving the ability of vulnerability discovery and the detection efficiency.

Description

technical field [0001] The present invention relates to the field of network technology, in particular to a method, device and terminal for detecting cross-site scripting (Cross Site Script, XSS) vulnerabilities based on a Document Object Model (Document Object Model, DOM). Background technique [0002] XSS vulnerability is the most common vulnerability on the Internet today, and it can be triggered in various browsers such as IE, Chrome, and FireFox, causing great harm. [0003] Usually, XSS is that malicious attackers add malicious codes to webpages and induce users to visit. When visitors browse the webpages, malicious codes will be executed on the user's machine, resulting in malicious attackers stealing user information, or Carry out a hanging horse attack on the machine and remotely gain control of the user's machine. Ordinary reflective XSS has obvious echo characteristics in the source code of the returned page, which is relatively easy to detect. DOM XSS is a DOM ...

AI Technical Summary

Problems solved by technology

[0004] In the process of realizing the present invention, the inventor has found that the prior art has at least the following problems: the existing DOM XSS vulnerability detection scheme needs to trigger the execution of the inserted characteristic JS script to find the XSS vulnerability, and only when the inserted characteristic JS script It is possible to trigger the execution of characteristic JS scripts only when they fully match the context syntax of dynamic web content, which results in the need to try enough types of characteristic JS scripts, and it takes a lot of time to try to execute JS scripts each time, which greatly reduces the vulnerability Discovery capability and detection efficiency

Images