Explain this XSS string, it uses perl_问答_开发者

开发者 https://www.devze.com 2023-02-08 03:40 出处：网络

I am trying to test one of my php sanitization classes against a 开发者_JAVA技巧few xss scripts available on

I am trying to test one of my php sanitization classes against a 开发者_JAVA技巧few xss scripts available on http://ha.ckers.org/xss.html

So one of the scripts in there has perl in it, is this some kind of a perl statement?? And would this execute directly on the server, since perl is a server scripting language.

perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

Is the script that I am trying to work with. I have not tested it yet though, but I want to understand before I use it.

The \0 is a string termination character in the laguage C. Since perl is built on top of C, in the old days you could inject this "poisonous null byte" to make the C part read the line <IMG SRC=java instead of the whole string, and thus maybe allow the whole thing through even though you were trying to strip stuff like SRC=javascript:

Mostly this doesn't work anymore because the higher level languages has gotten pretty good at defeating attacks like this by stripping out stray control chars like \0 before sending the strings on to the lower level routines.

You can read more on the poison nullbyte here: http://insecure.org/news/P55-07.txt or here: http://hakipedia.com/index.php/Poison_Null_Byte

The Perl isn't the attack, it just demonstrates how to generate the attack, since you can't see it in a plain string.

The point is that there is a null character (represented in Perl as \0) in the data.