Unlock instant, AI-driven research and patent intelligence for your innovation.

Cross-site scripting attack vulnerability detection method and device based on document object model

A technology of document object model and cross-site scripting attack, which is applied in the network field, can solve the problems of reducing vulnerability discovery ability and detection efficiency, and spending a lot of time, and achieve the effect of improving vulnerability discovery ability and detection efficiency

Active Publication Date: 2018-04-27
TENCENT TECH (SHENZHEN) CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of realizing the present invention, the inventor has found that the prior art has at least the following problems: the existing DOM XSS vulnerability detection scheme needs to trigger the execution of the inserted characteristic JS script to find the XSS vulnerability, and only when the inserted characteristic JS script It is possible to trigger the execution of characteristic JS scripts only when they fully match the context syntax of dynamic web content, which results in the need to try enough types of characteristic JS scripts, and it takes a lot of time to try to execute JS scripts each time, which greatly reduces the vulnerability Discovery capability and detection efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site scripting attack vulnerability detection method and device based on document object model
  • Cross-site scripting attack vulnerability detection method and device based on document object model
  • Cross-site scripting attack vulnerability detection method and device based on document object model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0029] figure 1 It is a flowchart of a DOM XSS vulnerability detection method provided by an embodiment of the present invention. That is, the document object model (Document Object Model, DOM)-based cross-site scripting (Cross Site Script, XSS) vulnerability detection method of this embodiment is directly referred to as the DOM XSS vulnerability detection method for short. Such as figure 1 As shown, the DOM XSS vulnerability detection method of the present embodiment may specifically include the following steps:

[0030] 100. Obtain a set of parameter value pairs in the original URL of the webpage to be detected;

[0031] The set of parameter value pairs in this embodiment includes at least one parameter value pair.

[0032] In th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cross-site scripting attack vulnerability detection method, device and terminal based on a document object model. The method includes: obtaining a set of parameter value pairs in the original URL of the webpage to be detected, the set of parameter value pairs including at least one parameter value pair; for each parameter value pair in the set of parameter value pairs, using a feature script to replace the parameter value Form the test URL of the webpage to be detected; the characteristic script is malicious code that contains malicious characters and can be uniquely identified in the document object model tree of the webpage to be detected; obtain the page content of the test website; convert the page content into a document object model tree; According to the document object model tree and the characteristic script, detect whether there is a cross-site scripting attack vulnerability in the current parameter value pair. By adopting the above scheme, the present invention can effectively find DOM XSS loopholes only by looking for inserted feature scripts in the converted DOM tree without triggering execution of the feature scripts, which greatly improves loophole discovery capabilities and detection efficiency.

Description

technical field [0001] The present invention relates to the field of network technology, in particular to a method, device and terminal for detecting a cross-site scripting attack (Cross Site Script, XSS) vulnerability based on a Document Object Model (Document ObjectModel, DOM). Background technique [0002] XSS vulnerability is the most common vulnerability on the Internet today, and it can be triggered in various browsers such as IE, Chrome, and FireFox, causing great harm. [0003] Usually, XSS is that malicious attackers add malicious codes to webpages and induce users to visit. When visitors browse the webpages, malicious codes will be executed on the user's machine, resulting in malicious attackers stealing user information, or Carry out a hanging horse attack on the machine and remotely gain control of the user's machine. Ordinary reflective XSS has obvious echo characteristics in the source code of the returned page, which is relatively easy to detect. DOM XSS is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/577G06F21/554G06F2221/033G06F2221/2119
Inventor 翁家才
Owner TENCENT TECH (SHENZHEN) CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com