Question

Let’s start with cross-site scripting ( XSS ) , one of the most common bugs reported to bug bounty programs. It’s so prevalent that, year after year, it shows up in OWASP’s list of the top 10 vulnerabilities threatening web applications. It’s also HackerOne’s most reported vulnerability, with more than $4 million paid out in 2020 alone.

让我们从跨站脚本攻击（XSS）开始，这是报告给赏金计划的最常见的漏洞之一。它如此普遍，以至于它每年都出现在 OWASP 列出的威胁 Web 应用程序的前 10 个漏洞中。它也是 HackerOne 最常见的漏洞之一，仅 2020 年就支付了超过 400 万美元的报酬。

An XSS vulnerability occurs when attackers can execute custom scripts on a victim’s browser. If an application fails to distinguish between user input and the legitimate code that makes up a web page, attackers can inject their own code into pages viewed by other users. The victim’s browser will then execute the malicious script, which might steal cookies, leak personal information, change site contents, or redirect the user to a malicious site. These malicious scripts are often JavaScript code but can also be HTML, Flash, VBScript, or anything written in a language that the browser can execute.

XSS 漏洞会在攻击者可以在受害者的浏览器上执行自定义脚本时发生。如果应用程序无法区分用户输入和组成网页的合法代码，则攻击者可以将自己的代码注入其他用户查看的页面中。然后，受害者的浏览器将执行恶意脚本，可能窃取 cookie，泄露个人信息，更改站点内容或重定向用户到恶意站点。这些恶意脚本通常是 JavaScript 代码，但也可以是 HTML、Flash、VBScript 或使用浏览器可以执行的任何语言编写的脚本。

In this chapter, we’ll dive into what XSS vulnerabilities are, how to exploit them, and how to bypass common protections. We’ll also discuss how to escalate XSS vulnerabilities when you find one.

本章将深入探讨什么是 XSS 漏洞，如何利用它们以及如何绕过常见保护措施。我们还将讨论在发现 XSS 漏洞时如何升级它们。