什么是XSS攻击&XSS攻击应用场景

XSS攻击

什么是XSS攻击手段

XSS攻击使用Javascript脚本注入进行攻击

例如在提交表单后，展示到另一个页面，可能会受到XSS脚本注入，读取本地cookie远程发送给黑客服务器端。

 

对应html源代码: <script>alert('sss')</script>

最好使用火狐浏览器演示效果

package com.learn.controller;

import javax.servlet.http.HttpServletRequest;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class IndexController {

	// 转发到index页面
	@RequestMapping("/index")
	public String index() {
		return "index";
	}

	// 接受頁面 參數
	@RequestMapping("/postIndex")
	public String postIndex(HttpServletRequest request) {

		request.setAttribute("name", request.getParameter("name"));
		return "forward";
	}

}

spring.mvc.view.prefix=/WEB-INF/jsp/
spring.mvc.view.suffix=.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>







	
	

		输入内容:  
 
	

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>








${name}

  4.0.0
  com.learn
  springboot-web
  0.0.1-SNAPSHOT
	war

	
		org.springframework.boot
		spring-boot-starter-parent
		1.5.12.RELEASE
	
	

		
			org.mybatis.spring.boot
			mybatis-spring-boot-starter
			1.1.1
		
		
		
			mysql
			mysql-connector-java
		

		
		
			org.projectlombok
			lombok
		

		
		
			org.springframework.boot
			spring-boot-starter-web
		
		
			org.springframework.boot
			spring-boot-starter-tomcat
		
		
		
			org.apache.tomcat.embed
			tomcat-embed-jasper
		

		
		
			org.springframework.boot
			spring-boot-starter-log4j
			1.3.8.RELEASE
		
		
		
			org.springframework.boot
			spring-boot-starter-aop
		
		
		
			commons-lang
			commons-lang
			2.6