Unlock instant, AI-driven research and patent intelligence for your innovation.

Storage type cross-site scripting attack vulnerability detection method, device and equipment and storage medium

A cross-site scripting attack and vulnerability detection technology, which is applied in the field of information security and can solve the problems of low accuracy of stored XSS vulnerabilities and inability to detect stored XSS vulnerabilities.

Pending Publication Date: 2022-01-21
SHANGHAI JUNZHENG NETWORK TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of the above-mentioned defects of the prior art, the technical problem to be solved by the present invention is that the existing black box scanner cannot detect cross-interface or cross-system stored XSS vulnerabilities, resulting in low accuracy of stored XSS vulnerability detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Storage type cross-site scripting attack vulnerability detection method, device and equipment and storage medium
  • Storage type cross-site scripting attack vulnerability detection method, device and equipment and storage medium
  • Storage type cross-site scripting attack vulnerability detection method, device and equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] Embodiments of the present invention are described below through specific examples, and those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this specification. The present invention can also be implemented or applied through other different specific implementation modes, and various modifications or changes can be made to the details in this specification based on different viewpoints and applications without departing from the spirit of the present invention. It should be noted that, in the case of no conflict, the following embodiments and features in the embodiments can be combined with each other.

[0031] It should be noted that the diagrams provided in the following embodiments are only schematically illustrating the basic ideas of the present invention, and only the components related to the present invention are shown in the diagrams rather than the number, shape and number of comp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a storage type cross-site scripting attack vulnerability detection method, device and equipment and a storage medium, and the detection method comprises the steps that a payload is written into a database corresponding to a to-be-detected webpage program through a first system interface, and the payload carries malicious codes of cross-site scripting attacks; detecting a second system interface in butt joint with the to-be-detected webpage program to read an execution statement of the second system interface; the execution statement is adjusted to be a target statement used for reading the effective load; judging whether the effective load follows the target statement and returns to the browser for rendering or not; and if yes, determining that the storage type cross-site scripting attack vulnerability exists in the to-be-detected webpage program. According to the method, the execution statements of different interfaces can be detected, and whether the execution statements render and display the pop-up box with the XSS or not is judged, so that the XSS problem caused by other interface requests is effectively detected, accurate detection of XSS vulnerabilities is realized, and cross-interface and cross-system XSS vulnerability detection is realized.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a storage type cross-site scripting attack vulnerability detection method, device, equipment and storage medium. Background technique [0002] A black box scanner is a program that automatically detects security weaknesses of local or remote hosts. It can quickly and accurately discover the vulnerabilities of the scanning target and provide the scanning results to the user. The working principle of the black box scanner is that the scanner sends data packets to the target computer, and then judges sensitive information such as the operating system type, development port, and services provided by the other party based on the information fed back by the other party. [0003] Stored cross-site scripting (XSS) vulnerability is that the attacker uploads or stores malicious code in the vulnerable server in advance, and the malicious code will be executed as long as...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 杨磊张何钫
Owner SHANGHAI JUNZHENG NETWORK TECH CO LTD