Network security -- HTML Foundation

1. Loopholes

Event type: non general vulnerability, which mainly refers to the specific vulnerability of an application on the Internet, such as specific to a site

2. Homology

The protocol host ports are the same

3. Submission method

Two methods

Get: directly displayed in url

Post: submitted as a form, nested within the page, playing a role of confidentiality

4. In Windows system log

4624 successful login

4625 audit failed

5.Linux Log

Log of last login

┌──(root���kali)-[/var/log] └─# lastlog

View user login permissions

┌──(root���kali)-[/var/log] └─# cat /etc/passwd

View log

┌──(root���kali)-[/var/log]]() └─# cd /var/log ┌──(root���kali)-[/var/log] └─# ls -al

wtmp is displayed as log of successful login (last -f view)

btmp is displayed as a website that has not been successfully logged in

6. View external connections

┌──(root���kali)-[/var/log] └─# netstat -anlp | grep 8080 ​ ┌──(root���kali)-[/var/log] └─# netstat -anlp | grep 80

7. Port

http -80

https-443

ssh-22

POP3-110

smtp-25

ftp-20 21

dhcp-67 68

dns-53

windows remote desktop -- 3389

mysql-3306

sqlserver-1433

oracle-1521

8.html Basics

<!DOCTYPE html> <!--statement--> <html lang="en"> <!--language--> <head> <meta charset="UTF-8"> <!--Coding format--> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!--Responsive label--> <link rel="stylesheet" href="style.css"> <!--Linkable CSS style sheet--> <title>Document</title> <!--title--> </head> <body> <p>welcome</p> <!--label--><!--Block level element--> <div> <p> hello world </p> </div><!--Nested tag --><!--Block level element--> <span>pppp</span><span>pppp</span> <!--Row level element--> <img src="" width="" alt="" onerror=""> <!--Insert picture: path (relative)/Absolute), width and picture are not loaded with the displayed prompt information,When src Run when not found onerror--> <noscript>Browser does not support JS</noscript> <!--What to display when the browser does not support scripts--> </body> <style> body </style> <!--inline style --> <script> window.location.href="https://Www.baidu.com "<! -- the location attribute has page jump function -- > </script> </html>

9.url

https://www.example.com:80/path/to/myfile.html?key1=value1&key2=value2#anchor

Protocol host port path query parameter (must add two parameters & connection)

(default, optional)

urlcode coding

• Space:% 20

• !: %21

• #: %23

• $: %24

• %: %25

• &: %26

• ': %27

• (: %28

• ): %29

• *: %2A

• +: %2B

• ,: %2C

• /: %2F

• :: %3A

• ;: %3B

• =: %3D

• ?: %3F

• @: %40

• [: %5B

• ]: %5D

  xss tips:

  ?xss=1%20 ο nerr ο r=location="javascript:alert%25%281%25%29 (location can represent jump page)

  ? xss=1 ο nerr ο r=location="javascript:alert%281%29 (html page gets rid of the limitation of ())

  ?xss=1 ο nerr ο r=location="javascript:alert(1) (the browser page gets rid of the restriction of (), and realizes the pop-up mechanism)

10.utf-8 coding rules

Variable length unicode encoding

There are only two:

1) For a single byte symbol, the first bit of the byte is set to 0, and the next 7 bits are the Unicode code of the symbol. Therefore, UTF-8 encoding and ASCII encoding are the same for English letters.

2) For n-byte symbols (n > 1), the first n bits of the first byte are set to 1, the n=1 bit is set to 0, and the first two bits of the following bytes are all set to 10. The remaining bits not mentioned are all Unicode codes of this symbol.

The following table summarizes the coding rules. The letter x represents the bits that can be coded.

Unicode Symbol range | UTF-8 Coding mode (hexadecimal) | (Binary) ----------------------+--------------------------------------------- 0000 0000-0000 007F (0-127)| 0xxxxxxx 0000 0080-0000 07FF (128-2047)| 110xxxxx 10xxxxxx 0000 0800-0000 FFFF(2047-65535) | 1110xxxx 10xxxxxx 10xxxxxx 0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx

According to the above table, it is very simple to interpret the UTF-8 code. If the first bit of a byte is 0, the byte is a character alone; If the first bit is 1, the number of consecutive 1s indicates how many bytes the current character occupies.

For example, ascii code in Chinese characters is 20013

Within the three byte range of 0000 0800-0000 FFFF, the coding specification is 1110xxxx 10xxxxxx 10xxxxxx

0b100111000101101 and 0b of 20013 are binary symbols

Supplement from the back to the front: 1110 0100 (100 left, supplement 0100) 10111000 (supplement 7-12 digits) 10101101 (supplement 6 digits)

Convert to hex: e4b8ad

11.link

noreferrer: tell the browser not to send the current web address as the Referer field of HTTP header information when opening the link, so as to hide the source of clicks.

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Document</title> </head> <body> <a href="https://Www.baidu. Com "> Baidu Encyclopedia < / a > <! -- a link function -- > <img src=""> <!--a Inside the tag is an image. Click the image to jump automatically--> <a href="http://Www.cacxxy.com/index.jsp "title =" Xi'an innovation college of Yan'an University "> yanchuang < / a > <-- When the mouse hovers over yanchuang, the title prompt message -- > <a href="http://www.cacxxy.com/index.jsp" target="_ Self "> yanchuang < / a > <! -- the current window is open -- > <a href="http://Www.cacxxy.com/index.jsp "target =" _blank "> yanchuang < / a > <-- New window opens -- > <a href="javascript:alert(1)">Yanchuang</a> <!--a Tag trigger pop-up--> </body> <script>alert(1)</script> <!--xss Three pop-up events are the basis of the test--> <script>prompt(1)</script> <script>confirm(1)</script> </html>

12. Label

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Document</title> </head> <body> <div></div> <!--Block level element labels--> <p></p> <!--Block level element labels--> <span></span> <!--Row level element labels--> <br> <!--Wrap label, used alone, not closed--> <hr> <!--level--> <pre></pre> <!--Block level elements, retaining the original format--> <strong></strong> <b></b> <!--Bold--> <em></em> <i></i> <!--Italics--> <u></u> <!--Underline--> <s></s> <!--Delete line--> <code>alert(1)</code> <!--Web page appears alert(1)--> <mark></mark> <!--Yellow highlight--> <footer></footer> <!--It can display keywords and copyright information at the bottom of the web page--> <nav> <!--Navigation information--> ​ <ol> <!--Ordered list ol Unordered list ul--> ​ <li><a href="item-a">commodity A</a></li> ​ <li><a href="item-b">commodity B</a></li> ​ <li>commodity C</li> ​ </ol> </nav> <h1>Primary title</h1> <!--Title Size--> </body> </html>

13.form

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Document</title> </head> <body> </body> <form action="https://Example.com/api "method =" post "> <! -- the method of passing parameters to the address received (submitted) by the back end: post, get -- > <label for="POST-name">user name:</label> <input id="POST-name" type="text" name="user" placeholder="Please enter a prompt" maxlength="8"> <!--name:Submitted form Form name maxlength:Limit length--> <input type="submit" value="Submit"> <input type="hidden" name="hash" value="1111>" <!--csrf--> <input type="tel" id="phone" name="phone" pattern="[0-9]-[0-9]-[0-9]" required> <!--Enter the format of the phone number--> <small>Format: 123-456-7890</small> </form> </html>

14.iframe

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Document</title> </head> <body> <iframe src="https://www.baidu.com" <!-- Embed this page in the current page -- > ​ width="100%" height="500" frameborder="0" <!--Whether to draw border for width and height--> ​ allowfullscreen sandbox> <!--allowfullscreen Allow full screen display of embedded web pages sandbox Set permissions for embedded pages--> <p><a href="https://Www.baidu.com "> Click to open the embedded page</a></p> </iframe> <!--iframe Tag generates a specified area in which other web pages are embedded--> <iframe src="https://www.example.com" sandbox> <!-- SRC: url address of embedded web page -- > </iframe> <iframe src="https://Example.com "loading =" lazy "> < / iframe > <! -- the loading property triggers the lazy loading of the web page. There are three values: Auto lazy eager -- > </body> </html>

The loading property can trigger lazy loading of < iframe > Web pages. This property can take the following three values.

• auto: default behavior of the browser

• Lazy: lazy loading. When the mouse scrolls into the page, it starts to load pictures and other information

• eager: start loading resources immediately, regardless of location on the page

  When the width and height of are less than or equal to 4 pixels

  When the style is set to display none or visibility hidden

  Use the positioning coordinates of negative x or negative y to set the iframe off the screen

  The chrome browser will think it is hidden, the loading attribute is invalid, and will start loading immediately

Web access process

1. Browser -- Code of local page

2. http ---- intercept data, observe data, modify data, bypass page code judgment

3. Web container (IIS apache Nginx) parsing data - parsing files, data problems

4. Web language (PHP JS python. Net) executes code

5. database

Add new comment

0 comments