Method and device for detecting permanent type cross site scripting vulnerability

The invention provides a method for detecting a permanent type cross site scripting vulnerability. The method comprises the following steps: sending a test request packet including a test scripting code to a webpage server; storing the test scripting code in the webpage server in a manner of corresp...

Full description

Saved in:
Bibliographic Details
Main Author ZHU YANGJUN
Format Patent
LanguageEnglish
Published 29.04.2015
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:The invention provides a method for detecting a permanent type cross site scripting vulnerability. The method comprises the following steps: sending a test request packet including a test scripting code to a webpage server; storing the test scripting code in the webpage server in a manner of corresponding to a webpage; sending an access request for accessing the webpage to the webpage server; receiving an access response packet returned by the webpage server according to the access request; if the access response packet includes the test scripting code, executing the test scripting code, and sending vulnerability information according to the test scripting code. According to the method provided by the invention, if the access response packet includes the test scripting code, the permanent type cross site scripting vulnerability exists, and the test scripting code is executed, so that the vulnerability information can be sent according to the test scripting code. The whole detection process is automatically realized, and the detection efficiency is high. The invention further provides a device for detecting the permanent type cross site scripting vulnerability.
Bibliography:Application Number: CN20131468933