douxian5076 2012-04-08 03:15
浏览 77
已采纳

如何定位特定的XSS孔?

Recently i have noticed some strange stuff. In every public JavaScript file on my website there has been added redirect script at the end of every file.

I have access to access.logs and all that stuff.

How to locate trough what method did people insert this stuff?

How did they been able to access write permission on all my JavaScript files?

  • 写回答

1条回答 默认 最新

  • doulan4939 2012-04-08 03:27
    关注

    Since your JavaScript file has been changed, I don't think that's a XSS vulnerability.

    I think they have hacked in your web server, maybe your web application has some upload vulnerability, or your web server has some 0-day vulnerabilities.

    There are lots of ways to do that.

    Check your web server's file system, what's the time stamp that the JavaScript files have been modified? And which user had the permission to access those files?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?