ModSecurity 针对 XSS 类型 0 攻击和影响的防护
基于 DOM(类型 0)的 XSS 不需要向服务器发送恶意代码,因此它们也可以使用静态 HTML 页面作为攻击媒介。这里的虚拟攻击字符串的示例如下:
http://www.xssed.edu/home.html#<script>alert("XSS")</script>
我很熟悉 ModSecurity 提供针对 PDF 中的 XSS 攻击的保护,这些攻击被视为类型 0 攻击,但是我的问题是 ModSecurity 是否通常可以防止这种类型的 XSS 攻击,并且在 PDF 中也可以防止这种类型的 XSS 攻击。您认为此类漏洞会产生什么影响。
DOM-based (type 0) XSS do not require sending malicious code to the server and thus they can also use static HTML pages as an attack vector. An example of a dummy attack string here would be the following:
http://www.xssed.edu/home.html#<script>alert("XSS")</script>
I am familiar that ModSecurity offers protection against XSS attacks in PDFs which are considered type 0 attacks, however my question is if ModSecurity does in general prevent against this type of XSS and also in your opinion what are the impacts of such a vulnerability.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
每个 Web 应用程序防火墙都使用攻击签名来工作。 0 型 XSS 生成与反射 XSS 相同的签名,因此任何 WAF 都可能阻止这种情况。由于服务器站点代码漏洞,不会发生 Type-0 XSS,但请求显然是在页面加载过程中到达服务器的。
唯一可以阻止 WAF 阻止此类攻击的问题是文件的扩展名,但我相信在您的示例中这可能会被阻止。
Every web application firewall is working using signatures of attacks. Type-0 XSS generates the same signature as reflected XSS so this would probably be stopped by any WAF. Type-0 XSS does not occur due to server site code vulnerability but the request obviously reaches the server in the process of the page loading.
The only issue that could prevent the WAF from stopping this kind of attack is the extension of the file, but I believe that in your example this would probably be stopped.
如果您重写规则主体,这实际上是可能的。
让我们举两个例子,eval 和innerHTML sink,它们容易受到DOM XSS 的攻击。我们所要做的就是重写输出的主体。
It is actually possible if you were to rewrite the body of the rules.
Lets take two example, eval and innerHTML sink which are vulnerable to DOM XSS. All we have to do is the rewrite the body of the output.