Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and a terminal for detecting XSS vulnerabilities

A vulnerability and terminal technology, applied in the field of XSS vulnerability detection, can solve the problems of zero detection ability, difficult to deal with websites, and inability to parse JS scripts, etc., and achieve high accuracy

Active Publication Date: 2019-05-21
FUZHOU BOKE WANGAN INFORMATION TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, as web application technology becomes more and more complex, the form of the webpage text of most websites at this stage is becoming more and more complex, and more and more webpages have scripts embedded in them, such as JS scripts, so this XSS vulnerability detection method has become more difficult to deal with Most websites at this stage, and this XSS vulnerability detection method cannot parse JS scripts in web pages, so the detection ability for XSS vulnerabilities triggered by JS rendering is almost zero

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and a terminal for detecting XSS vulnerabilities
  • A method and a terminal for detecting XSS vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0075] Please refer to figure 1 , a method for detecting XSS vulnerabilities, comprising steps:

[0076] S1. Generate a second character string according to the XSS vulnerability detection rule and the generated first character string;

[0077] Step S1 includes:

[0078] S11. Acquiring the preset identifier in the XSS vulnerability detection rule;

[0079] S12. Generate a first character string, where the first character string is composed of a plurality of randomly generated characters;

[0080] S13. Replace the preset identifier in the XSS vulnerability detection rule with the first character string to obtain a second character string;

[0081] S2. Generate a test link according to the second character string and the link of the webpage to be detected, and send a request to the test link to obtain response information;

[0082] Step S2 includes:

[0083] S21. Obtain the parameter value in the link of the webpage to be detected;

[0084] S22. Add the second character st...

Embodiment 2

[0097] This embodiment will further illustrate how the above-mentioned method for detecting XSS vulnerabilities of the present invention is implemented in combination with specific application scenarios:

[0098] 1. Generate the second string according to the XSS vulnerability detection rules and the generated first string;

[0099] 1.1. Obtain the preset identifier in the XSS vulnerability detection rule;

[0100] 1.2. Generate a first character string, the first character string is composed of a plurality of randomly generated digital characters, the digital characters are generated by second or millisecond level random number seeds, and the first character string preferably includes 9 digit characters ;

[0101] 1.3. Replace the preset identifier in the XSS vulnerability detection rule with the first character string to obtain a second character string;

[0102] 2. Generate a test link according to the second character string and the link of the webpage to be detected, an...

Embodiment 3

[0124] Please refer to figure 2 , a terminal 1 for detecting XSS vulnerabilities, including a memory 2, a processor 3, and a computer program stored on the memory 2 and operable on the processor 3, and the processor 3 implements the first embodiment when executing the program. each step.

[0125] To sum up, the method and terminal for detecting XSS vulnerabilities provided by the present invention generate a second string according to the XSS vulnerability detection rules and the generated first string, and generate a second string according to the second string and the pending Detect the link of the web page to generate a test link, and send a request to the test link, get the response information, perform XSS vulnerability detection according to the response information, and accurately detect the XSS vulnerability existing in the web page embedded with the script, and the accuracy is high, By obtaining the parameter value in the link of the webpage to be detected; add...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a terminal for detecting XSS vulnerabilities. The method comprises the following steps: generating a second character string according to the XSS vulnerability detection rule and a generated first character string, generating a test link according to the second character string and a link of the webpage to be detected, sending a request to the test link to obtain response information, and performing XSS vulnerability detection according to the response information. According to the invention, XSS vulnerabilities existing in the webpage embedded with scriptscan be accurately detected, and accuracy is high.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and terminal for detecting XSS loopholes. Background technique [0002] At present, the XSS vulnerability detection tools in web applications can only perform circular submission tests through fixed and simple XSS test cases to determine whether the returned webpage text contains the corresponding string, and then determine whether there is an XSS vulnerability. This simple test method can only work in some logically simple web pages, and obtain acceptable test results. [0003] However, as web application technology becomes more and more complex, the form of the webpage text of most websites at this stage is becoming more and more complex, and more and more webpages have scripts embedded in them, such as JS scripts, so this XSS vulnerability detection method has become more difficult to deal with Most websites at this stage, and this XSS vulnerability detectio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
Inventor 王琦林子忠庄绍民陈黎强
Owner FUZHOU BOKE WANGAN INFORMATION TECH CO LTD