首页>
外国专利>
METHOD, APPARATUS, TERMINAL AND MEDIA FOR DETECTING DOCUMENT OBJECT MODEL-BASED CROSS-SITE SCRIPTING ATTACK VULNERABILITY
METHOD, APPARATUS, TERMINAL AND MEDIA FOR DETECTING DOCUMENT OBJECT MODEL-BASED CROSS-SITE SCRIPTING ATTACK VULNERABILITY
展开▼
机译:检测基于文档对象模型的跨站脚本攻击易损性的方法,装置,终端和媒体
展开▼
页面导航
摘要
著录项
相似文献
摘要
Disclosed are a method and apparatus for detecting a document object model (DOM) based cross-site scripting (XSS) vulnerability, an apparatus thereof, and a terminal are provided. The method includes: obtaining a set of parameter-value pairs from an original web address of a web page, where the set of parameter-value pairs comprises at least one parameter-value pair; replacing a parameter value in a parameter-value pair with feature code, to form a test web address for the web page, where the feature code comprises malicious code that comprises a malicious character and is uniquely identified in a DOM tree of the web page; obtaining page content corresponding to the test web address; converting the page content, into the DOM tree; and detecting whether a XSS vulnerability exists in the parameter-value pair, based on the DOM tree and the feature code.
展开▼