Security issues in JavaScript

mingzhi61 2022-02-13 05:09:33 阅读数:870

security issues javascript

For more penetration courses, you can click on my avatar to watch my video , You can also click on the link below

web The most complete practical course of penetration testing -- Penetration testing video tutorial - Information security -CSDN Programmer Institute

JavaScript Introduce

JavaScript( abbreviation “JS”) It is a kind of lightweight with function priority , Interpreted or just in time compiled programming languages . That's the scripting language .

image-20211112104356563

JavaScript and Java What's the difference ?JavaScript and Java It doesn't matter , Two different languages .

image-20211112104501658

JavaScript effect

JavaScript Widely used Web application development , Used to add various dynamic functions to web pages , Provide users with more smooth and beautiful browsing effect .

Embed dynamic text in HTML page .

Respond to browser Events .

Reading and writing HTML Elements .

Validate data before it is submitted to the server .

Check the browser information of visitors .

control cookies, Including creation and modification .

View... In the web site JavaScript

browser --> development tool (F12)

image-20211112105829813

take Js Turn into html Format , Look at the above. Js Very nonstandard , Click... In the lower left corner of the middle box {} You can standardize its format

image-20211112110034691

JavaScript The code analysis

1、 Find more attack surfaces (URL、 domain name 、 Path, etc )

Test station 、 Backstage path 、 Unpublished path 、api Address, etc.

2、 Discover sensitive information ( Hard coded account password 、API secret key 、 Annotations, etc. )

Hard coded account can log in 、 The test account can be logged in 、 Key disclosure 、 Development information in comments, etc

3、 Find dangerous code (eval、dangerouslySetInnerHTML wait )

XSS Loophole 、 Template Injection

4、 Understand the functions of the website

Analysis method

Search keywords :

$.ajax(

$.get(

$.post(

method:"get

http.get(“

path:"

route:"

For the current page js Do a global search :

firefox -->F12--> The debugger -->Ctrl+Shift+F

image-20211115232942598

Webpack Pack the front end js

webpack It is currently the most popular front-end resource modular management and packaging tool .

image-20211117111635288

There is .map file

image-20211117111749892

• Use reverse-sourcemap Tools

•reverse-sourcemap -v app.3c8aa9676f686b3a7caf.js.map -o sourcecode

image-20211117112348891

Analysis after restore , Test data found :

image-20211117112050581

Log in and access with test data , Successfully logged in

image-20211117112137192

dynamic analysis

The debugger of the developer tools of each browser is assisted by the package capture tool at the same time

image-20211117113759951

Found website packet encryption , Then look for the logic to submit the login , Go to the next breakpoint , Then step through the debugging

image-20211117114048646

Trace encryption function :

image-20211117114110621

Search encryption function call method aesUtil.encryptAES()

image-20211117114129884

Guess the packet decryption method aesUtil.decryptAES()

image-20211117145833687

Encrypt and decrypt the data packet through the console , structure sql Injection of statements , Find a place SQLServer Of SQL Inject

image-20211117145900600

Further, the data is directly output through encryption and decryption

image-20211117145924878

copyright:author[mingzhi61],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/02/202202130509305869.html