New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dom型xss攻击中，我没有理解具体的危害。输入内容是用户自己控制的，即使他输入恶意内容，又能干些什么呢？能用一个具体的案例，讲下攻击者的什么行为给受害者造成了什么危害吗？ #78

Closed

callmezhenzhen opened this issue Jan 22, 2021 · 1 comment

callmezhenzhen commented Jan 22, 2021

@MillionQW 对于 xss 反射型攻击，主要是诱使用户点击恶意的链接或者访问存在漏洞的内容，可以有如下方式：

攻击者可以将恶意链接直接发送给受信任用户，发送的方式有很多种，比如 email, 网站的私信、评论等
攻击者可以购买存在漏洞网站的广告，将恶意链接插入在广告的链接中

Originally posted by @dwqs in #68 (comment)

dwqs closed this as completed

liuxsen commented Jun 23, 2021

举个例子，如果github是不安全的，我的这条comment具有危险脚本，比如发送你的cookie给我，那么你看到我的评论的时候就已经被攻击了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment