Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Storage cross-site attack script vulnerability detection method, device and system

A vulnerability detection and scripting technology, which is applied in transmission systems, computer security devices, instruments, etc., can solve the problems of no automatic detection tools, storage of XSS vulnerability attack web pages without direct echo features, etc., and achieve high detection efficiency and accuracy Effect

Active Publication Date: 2015-05-27
TENCENT TECH (SHENZHEN) CO LTD +1
View PDF7 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Since the attack method of the stored XSS vulnerability is very hidden and there is no direct echo feature on the attacking web page, there is no effective automatic detection tool in the industry at present.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Storage cross-site attack script vulnerability detection method, device and system
  • Storage cross-site attack script vulnerability detection method, device and system
  • Storage cross-site attack script vulnerability detection method, device and system

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0026] This embodiment provides a stored cross-site attack script vulnerability detection method, refer to Figure 4 , the above method includes the following steps:

[0027] Step S110, acquiring parameters to be detected of the target webpage.

[0028] The target webpage refers to a webpage corresponding to a URL (Uniform Resource Locator, URL), such as "http: / / www.test.com / publish.php". It can be understood that a webpage is generated by one or more scripts in the website server (such as the website server 200 ) and returned to the client (such as the vulnerability detection server 100 ). In order to interact with the web server, the front-end webpage will have multiple parameters, which can be submitted to the web server through POST or GET. Specifically, the parameters and their values ​​may be submitted to the website server through a Javascript script or a form (Form). After receiving the request, the web server will process these parameters, and the values ​​of some ...

no. 2 example

[0049] The present embodiment provides a stored cross-site attack script vulnerability detection method, which is used to detect possible XSS vulnerabilities in a website to be detected. refer to Figure 5 , the above method includes the following steps:

[0050] Step S210, acquiring the target webpage.

[0051] Initially, the target webpage may be, for example, an entrance webpage of the website to be detected. For the entry page, it should contain links to other pages within the site. After the detection of the portal webpage is completed, the webpages pointed to by these links may be detected again, and the webpages pointed to by these links may be called sub-webpages of the current webpage. For example, the entrance page of the website www.test.com is www.test.com / index.php, and the entrance page contains three links: www.test.com / channel1.php, www.test.com / channel2.php, and www.test.com / channel3.php. It can be understood that the sub-webpage still includes the link o...

no. 3 example

[0080] The present embodiment provides a stored cross-site attack script vulnerability detection method, which is used to detect possible XSS vulnerabilities on one or more websites to be detected. refer to Figure 7 , the above method includes the following steps:

[0081] Step S310, submitting the feature string.

[0082] Specifically, obtain the webpages to be detected from one or more websites, obtain the parameters to be detected for each webpage, generate feature strings for each parameter to be detected, and submit the generated feature strings to the corresponding web server. The specific process can also refer to the foregoing embodiments.

[0083] The submitted feature string contains characters that can trigger a stored cross-site scripting attack. If the corresponding website has an XSS vulnerability, part of the content of the above feature string, such as the unique identifier, will be stored in the database.

[0084] Step S320, after waiting for a predetermi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a storage cross-site attack script vulnerability detection method, device and system. According to an embodiment, the storage cross-site attack script vulnerability detection method comprises obtaining a parameter to be detected and of a target webpage; constructing a characteristic character string which comprises a character and a unique identifier, wherein a storage cross-site script attack can be triggered by the character; serving the characteristic character string as a value of the parameter to be detected to be submitted to the target webpage; traversing webpages from which the parameter value might be output and determining whether the webpages comprise the unique identifier or not; recording that the storage cross-site attack script vulnerability exists in the parameter to be detected if yes. According to the storage cross-site attack script vulnerability detection method, device and system, the efficiency and the accuracy of the XSS (Cross-Site Script) vulnerability detection can be improved.

Description

technical field [0001] The invention relates to computer security technology, in particular to a storage cross-site attack script vulnerability detection method, device and system. Background technique [0002] Cross Site Scripting (Cross Site Script, XSS) is a malicious attacker adding malicious code to a web page and luring users to visit. When the visitor browses the web page, the malicious code will be executed on the user's machine, resulting in the malicious attacker stealing User information, or mount a Trojan horse attack on the user's machine and remotely gain control of the user's machine. XSS is divided into ordinary reflected XSS and stored XSS. The malicious code of stored XSS is directly stored on the server of the target website, so it is more harmful than ordinary reflected XSS and has a wider impact. [0003] Since the attack method of the stored XSS vulnerability is very hidden and there is no direct echo feature on the attacking web page, there is current...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56H04L29/06
CPCG06F21/56G06F21/561G06F21/566G06F21/577G06F2221/033
Inventor 翁家才
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com