{"id":476483,"date":"2023-08-09T07:29:55","date_gmt":"2023-08-09T07:29:55","guid":{"rendered":""},"modified":"2023-09-05T11:12:51","modified_gmt":"2023-09-05T11:12:51","slug":"cross-site-scripting-xss","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/cross-site-scripting-xss\/","title":{"rendered":"XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)"},"content":{"rendered":"<p>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\ub294 \uacf5\uaca9\uc790\uac00 \ub2e4\ub978 \uc0ac\uc6a9\uc790\uac00 \ubcf4\ub294 \uc6f9 \ud398\uc774\uc9c0\uc5d0 \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc0bd\uc785\ud560 \uc218 \uc788\ub3c4\ub85d \ud5c8\uc6a9\ud558\ub294 \uc6f9 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc5d0\uc11c \ud754\ud788 \ubc1c\uacac\ub418\ub294 \ubcf4\uc548 \ucde8\uc57d\uc810 \uc720\ud615\uc785\ub2c8\ub2e4. \uadf8\ub7f0 \ub2e4\uc74c \uc774\ub7ec\ud55c \uc2a4\ud06c\ub9bd\ud2b8\ub294 \uc758\uc2ec\ud558\uc9c0 \uc54a\ub294 \uc0ac\uc6a9\uc790\uc758 \ube0c\ub77c\uc6b0\uc800\uc5d0 \uc758\ud574 \uc2e4\ud589\ub418\uc5b4 \ubb34\ub2e8 \uc561\uc138\uc2a4, \ub370\uc774\ud130 \ub3c4\uc6a9 \ub610\ub294 \uae30\ud0c0 \uc720\ud574\ud55c \uc791\uc5c5\uc73c\ub85c \uc774\uc5b4\uc9d1\ub2c8\ub2e4. XSS\ub294 \uac00\uc7a5 \ub110\ub9ac \ud37c\uc838 \uc788\uace0 \uc704\ud5d8\ud55c \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \uacb0\ud568 \uc911 \ud558\ub098\ub85c \uac04\uc8fc\ub418\uc5b4 \uc0ac\uc6a9\uc790\uc640 \uc6f9 \uc0ac\uc774\ud2b8 \uc18c\uc720\uc790 \ubaa8\ub450\uc5d0\uac8c \uc2ec\uac01\ud55c \uc704\ud5d8\uc744 \ucd08\ub798\ud569\ub2c8\ub2e4.<\/p>\n<h2>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc758 \uc720\ub798\uc640 \ucd5c\ucd08 \uc5b8\uae09\uc758 \uc5ed\uc0ac<\/h2>\n<p>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc758 \uac1c\ub150\uc740 \uc6f9\uc774 \uc544\uc9c1 \ucd08\uae30 \ub2e8\uacc4\uc600\ub358 1990\ub144\ub300 \uc911\ubc18\uc73c\ub85c \uac70\uc2ac\ub7ec \uc62c\ub77c\uac11\ub2c8\ub2e4. \uc774 \ucde8\uc57d\uc810\uc5d0 \ub300\ud55c \uccab \ubc88\uc9f8 \uc5b8\uae09\uc740 1996\ub144 \ubcf4\uc548 \uba54\uc77c\ub9c1 \ub9ac\uc2a4\ud2b8\ub85c \uac70\uc2ac\ub7ec \uc62c\ub77c\uac11\ub2c8\ub2e4. RSnake\ub294 \uc0ac\uc6a9\uc790\uac00 \ud544\ud130\ub9c1\ub418\uc9c0 \uc54a\uc740 \uc785\ub825\uc744 \uc6f9\uc0ac\uc774\ud2b8\uc5d0 \uc81c\ucd9c\ud558\ub3c4\ub85d \ud5c8\uc6a9\ud558\uba74 \ud53c\ud574\uc790\uc758 \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c \uc545\uc131 \ucf54\ub4dc\uac00 \uc2e4\ud589\ub420 \uc218 \uc788\ub2e4\ub294 \uc704\ud5d8\uc744 \uac15\uc870\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \uc815\ubcf4\uc785\ub2c8\ub2e4. XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305) \uc8fc\uc81c \ud655\uc7a5<\/h2>\n<p>\ud06c\ub85c\uc2a4 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305\uc740 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \uc801\uc808\ud558\uac8c \uc0ad\uc81c\ud558\uace0 \uc720\ud6a8\uc131\uc744 \uac80\uc0ac\ud558\uc9c0 \ubabb\ud560 \ub54c \ubc1c\uc0dd\ud558\ubbc0\ub85c \uacf5\uaca9\uc790\uac00 \ub2e4\ub978 \uc0ac\uc6a9\uc790\uac00 \ubcf4\ub294 \uc6f9 \ud398\uc774\uc9c0\uc5d0 \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc0bd\uc785\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. XSS \uacf5\uaca9\uc5d0\ub294 \uc138 \uac00\uc9c0 \uc8fc\uc694 \uc720\ud615\uc774 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc800\uc7a5\ub41c XSS:<\/strong> \uc774\ub7ec\ud55c \uc720\ud615\uc758 \uacf5\uaca9\uc5d0\uc11c \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub294 \ub300\uc0c1 \uc11c\ubc84(\uc8fc\ub85c \ub370\uc774\ud130\ubca0\uc774\uc2a4)\uc5d0 \uc601\uad6c\uc801\uc73c\ub85c \uc800\uc7a5\ub418\uba70 \uc601\ud5a5\uc744 \ubc1b\ub294 \uc6f9 \ud398\uc774\uc9c0\uc5d0 \uc561\uc138\uc2a4\ud558\ub294 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uc81c\uacf5\ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubc18\uc601\ub41c XSS:<\/strong> \uc5ec\uae30\uc11c \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub294 URL\uc774\ub098 \uae30\ud0c0 \uc785\ub825\uc5d0 \ud3ec\ud568\ub418\uc5b4 \uc788\uc73c\uba70 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 \uc774\ub97c \uc801\uc808\ud55c \uac80\uc99d \uc5c6\uc774 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ub2e4\uc2dc \ubc18\uc601\ud569\ub2c8\ub2e4. \ud53c\ud574\uc790\ub294 \uc870\uc791\ub41c \ub9c1\ud06c\ub97c \ud074\ub9ad\ud558\uba74 \uc790\uc2e0\ub3c4 \ubaa8\ub974\uac8c \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>DOM \uae30\ubc18 XSS:<\/strong> \uc774\ub7ec\ud55c \uc720\ud615\uc758 XSS \uacf5\uaca9\uc740 \uc6f9 \ud398\uc774\uc9c0\uc758 DOM(\ubb38\uc11c \uac1c\uccb4 \ubaa8\ub378)\uc744 \uc870\uc791\ud569\ub2c8\ub2e4. \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub294 \uc11c\ubc84\uc5d0 \uc9c1\uc811 \uc800\uc7a5\ub418\uac70\ub098 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \ubc18\uc601\ub418\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. \ub300\uc2e0 \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21 \uc2a4\ud06c\ub9bd\ud305\uc758 \uacb0\ud568\uc73c\ub85c \uc778\ud574 \ud53c\ud574\uc790\uc758 \ube0c\ub77c\uc6b0\uc800 \ub0b4\uc5d0\uc11c \uc2e4\ud589\ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc758 \ub0b4\ubd80 \uad6c\uc870\uc785\ub2c8\ub2e4. XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305) \uc791\ub3d9 \ubc29\uc2dd<\/h2>\n<p>XSS\uc758 \uc791\ub3d9 \ubc29\uc2dd\uc744 \uc774\ud574\ud558\uae30 \uc704\ud574 \uc77c\ubc18\uc801\uc778 XSS \uacf5\uaca9\uc758 \ub0b4\ubd80 \uad6c\uc870\ub97c \ubd84\uc11d\ud574 \ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc8fc\uc785\uc810:<\/strong> \uacf5\uaca9\uc790\ub294 \uc0ac\uc6a9\uc790 \uc785\ub825\uc774 \uc801\uc808\ud558\uac8c \uc0ad\uc81c\ub418\uac70\ub098 \uac80\uc99d\ub418\uc9c0 \uc54a\ub294 \ub300\uc0c1 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \ucde8\uc57d\ud55c \uc9c0\uc810\uc744 \uc2dd\ubcc4\ud569\ub2c8\ub2e4. \uc77c\ubc18\uc801\uc778 \uc8fc\uc785 \uc9c0\uc810\uc5d0\ub294 \uc785\ub825 \ud544\ub4dc, URL \ubc0f HTTP \ud5e4\ub354\uac00 \ud3ec\ud568\ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc545\uc131 \ud398\uc774\ub85c\ub4dc:<\/strong> \uacf5\uaca9\uc790\ub294 \uc77c\ubc18\uc801\uc73c\ub85c JavaScript\ub85c \uc138\uc158 \ucfe0\ud0a4\ub97c \ud6d4\uce58\uac70\ub098 \uc0ac\uc6a9\uc790\ub97c \ud53c\uc2f1 \uc0ac\uc774\ud2b8\ub85c \ub9ac\ub514\ub809\uc158\ud558\ub294 \ub4f1 \uc6d0\ud558\ub294 \uc545\uc758\uc801\uc778 \uc791\uc5c5\uc744 \uc218\ud589\ud558\ub294 \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc791\uc131\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc2e4\ud589:<\/strong> \uadf8\ub7f0 \ub2e4\uc74c \uc81c\uc791\ub41c \uc2a4\ud06c\ub9bd\ud2b8\ub294 \uc8fc\uc785 \uc9c0\uc810\uc744 \ud1b5\ud574 \ucde8\uc57d\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc8fc\uc785\ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc0ac\uc6a9\uc790 \uc0c1\ud638\uc791\uc6a9:<\/strong> \uc758\uc2ec\ud558\uc9c0 \uc54a\ub294 \uc0ac\uc6a9\uc790\uac00 \uc190\uc0c1\ub41c \uc6f9 \ud398\uc774\uc9c0\uc640 \uc0c1\ud638 \uc791\uc6a9\ud558\uba74 \ud574\ub2f9 \ube0c\ub77c\uc6b0\uc800 \ub0b4\uc5d0\uc11c \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\uac00 \uc2e4\ud589\ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uacf5\uaca9\uc790\uc758 \ubaa9\ud45c:<\/strong> \uacf5\uaca9\uc758 \uc131\uaca9\uc5d0 \ub530\ub77c \uacf5\uaca9\uc790\uc758 \ubaa9\ud45c\uc5d0\ub294 \ubbfc\uac10\ud55c \uc815\ubcf4 \ub3c4\uc6a9, \uc0ac\uc6a9\uc790 \uc138\uc158 \ud558\uc774\uc7ac\ud0b9, \ub9ec\uc6e8\uc5b4 \ud655\uc0b0 \ub610\ub294 \uc6f9\uc0ac\uc774\ud2b8 \ud6fc\uc190 \ub4f1\uc774 \ud3ec\ud568\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc758 \uc8fc\uc694 \uae30\ub2a5 \ubd84\uc11d<\/h2>\n<p>\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305\uc758 \uc8fc\uc694 \uae30\ub2a5\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\ud074\ub77c\uc774\uc5b8\ud2b8 \uce21 \uacf5\uaca9:<\/strong> XSS \uacf5\uaca9\uc740 \uc8fc\ub85c \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21\uc744 \ub300\uc0c1\uc73c\ub85c \ud558\uba70 \uc0ac\uc6a9\uc790\uc758 \uc6f9 \ube0c\ub77c\uc6b0\uc800\ub97c \ud65c\uc6a9\ud558\uc5ec \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ub2e4\uc591\ud55c \uc545\uc6a9 \ubca1\ud130:<\/strong> XSS\ub294 \uc591\uc2dd, \uac80\uc0c9\ucc3d, \ub313\uae00 \uc139\uc158, URL \ub4f1 \ub2e4\uc591\ud55c \ubca1\ud130\ub97c \ud1b5\ud574 \uc2e4\ud589\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc2ec\uac01\ub3c4 \uc218\uc900:<\/strong> XSS \uacf5\uaca9\uc758 \uc601\ud5a5\uc740 \uc57d\uac04 \uc9dc\uc99d\ub098\ub294 \ud31d\uc5c5\ubd80\ud130 \ub370\uc774\ud130 \uc720\ucd9c \ubc0f \uae08\uc804\uc801 \uc190\uc2e4\uacfc \uac19\uc740 \uc2ec\uac01\ud55c \uacb0\uacfc\uae4c\uc9c0 \ub2e4\uc591\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc0ac\uc6a9\uc790 \uc2e0\ub8b0\uc5d0 \ub300\ud55c \uc758\uc874\uc131:<\/strong> \uc0bd\uc785\ub41c \uc2a4\ud06c\ub9bd\ud2b8\uac00 \ud569\ubc95\uc801\uc778 \uc18c\uc2a4\uc5d0\uc11c \ub098\uc628 \uac83\ucc98\ub7fc \ubcf4\uc774\uae30 \ub54c\ubb38\uc5d0 XSS\ub294 \uc0ac\uc6a9\uc790\uac00 \ubc29\ubb38\ud558\ub294 \uc6f9 \uc0ac\uc774\ud2b8\uc5d0 \ub300\ud55c \uc2e0\ub8b0\ub97c \uc545\uc6a9\ud558\ub294 \uacbd\uc6b0\uac00 \ub9ce\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc0c1\ud669 \uae30\ubc18 \ucde8\uc57d\uc810:<\/strong> HTML, JavaScript, CSS\uc640 \uac19\uc740 \ub2e4\uc591\ud55c \ucee8\ud14d\uc2a4\ud2b8\uc5d0\ub294 \uace0\uc720\ud55c \uc774\uc2a4\ucf00\uc774\ud504 \uc694\uad6c \uc0ac\ud56d\uc774 \uc788\uc73c\ubbc0\ub85c \uc801\uc808\ud55c \uc785\ub825 \uc720\ud6a8\uc131 \uac80\uc0ac\uac00 \uc911\uc694\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305) \uc720\ud615<\/h2>\n<p>XSS \uacf5\uaca9\uc740 \uc2e4\ud589 \ubc29\ubc95\uacfc \uc601\ud5a5\uc5d0 \ub530\ub77c \uc138 \uac00\uc9c0 \uc720\ud615\uc73c\ub85c \ubd84\ub958\ub429\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th><strong>\uc720\ud615<\/strong><\/th>\n<th><strong>\uc124\uba85<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\uc800\uc7a5\ub41c XSS<\/td>\n<td>\uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub294 \uc11c\ubc84\uc5d0 \uc800\uc7a5\ub418\uba70 \uc190\uc0c1\ub41c \uc6f9 \ud398\uc774\uc9c0\uc758 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uc81c\uacf5\ub429\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\ubc18\uc0ac\ub41c XSS<\/td>\n<td>\uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub294 URL\uc774\ub098 \uae30\ud0c0 \uc785\ub825\uc5d0 \ud3ec\ud568\ub418\uc5b4 \uc774\ub97c \uc0ac\uc6a9\uc790\uc5d0\uac8c \ub2e4\uc2dc \ubc18\uc601\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>DOM \uae30\ubc18 XSS<\/td>\n<td>\uacf5\uaca9\uc740 \uc6f9\ud398\uc774\uc9c0\uc758 DOM\uc744 \uc870\uc791\ud558\uc5ec \ube0c\ub77c\uc6b0\uc800 \ub0b4\uc5d0\uc11c \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>XSS(Cross-site scripting) \uc0ac\uc6a9\ubc29\ubc95\uacfc \uc0ac\uc6a9\uc5d0 \ub530\ub978 \ubb38\uc81c\uc810 \ubc0f \ud574\uacb0\ubc29\ubc95<\/h2>\n<p>\uacf5\uaca9\uc790\ub294 \ub2e4\uc74c\uc744 \ud3ec\ud568\ud55c \ub2e4\uc591\ud55c \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c XSS\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc138\uc158 \ud558\uc774\uc7ac\ud0b9:<\/strong> \uacf5\uaca9\uc790\ub294 \uc138\uc158 \ucfe0\ud0a4\ub97c \ud6d4\uccd0 \ud569\ubc95\uc801\uc778 \uc0ac\uc6a9\uc790\ub97c \uac00\uc7a5\ud558\uace0 \ubb34\ub2e8 \uc561\uc138\uc2a4 \uad8c\ud55c\uc744 \uc5bb\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ud53c\uc2f1 \uacf5\uaca9:<\/strong> XSS\ub294 \uc0ac\uc6a9\uc790\ub97c \ud53c\uc2f1 \ud398\uc774\uc9c0\ub85c \ub9ac\ub514\ub809\uc158\ud558\uc5ec \ubbfc\uac10\ud55c \uc815\ubcf4\ub97c \ub178\ucd9c\ud558\ub3c4\ub85d \uc18d\uc774\ub294 \ub370 \uc0ac\uc6a9\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ud0a4\ub85c\uae45:<\/strong> \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub294 \uc0ac\uc6a9\uc790 \ud0a4 \uc785\ub825\uc744 \uae30\ub85d\ud558\uc5ec \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \ucea1\ucc98\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc624\uc190:<\/strong> \uacf5\uaca9\uc790\ub294 \uc798\ubabb\ub41c \uc815\ubcf4\ub97c \ud37c\ub728\ub9ac\uac70\ub098 \ud68c\uc0ac\uc758 \ud3c9\ud310\uc744 \uc190\uc0c1\uc2dc\ud0a4\uae30 \uc704\ud574 \uc6f9\uc0ac\uc774\ud2b8 \ucf58\ud150\uce20\ub97c \uc218\uc815\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc545\uc131 \ucf54\ub4dc \ubc30\ud3ec:<\/strong> XSS\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc758\uc2ec\ud558\uc9c0 \uc54a\ub294 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uc545\uc131 \ucf54\ub4dc\ub97c \ubc30\ud3ec\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<p>XSS \ucde8\uc57d\uc810\uc744 \uc644\ud654\ud558\ub824\uba74 \uc6f9 \uac1c\ubc1c\uc790\ub294 \ubaa8\ubc94 \uc0ac\ub840\ub97c \ub530\ub77c\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc785\ub825 \uac80\uc99d:<\/strong> \uc2a4\ud06c\ub9bd\ud2b8 \uc0bd\uc785\uc744 \ubc29\uc9c0\ud558\uae30 \uc704\ud574 \ubaa8\ub4e0 \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \uc0ad\uc81c\ud558\uace0 \uac80\uc99d\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ucd9c\ub825 \uc778\ucf54\ub529:<\/strong> \uc2a4\ud06c\ub9bd\ud2b8 \uc2e4\ud589\uc744 \ubc29\uc9c0\ud558\ub824\uba74 \ub3d9\uc801 \ucf58\ud150\uce20\ub97c \ub80c\ub354\ub9c1\ud558\uae30 \uc804\uc5d0 \uc778\ucf54\ub529\ud558\uc138\uc694.<\/p>\n<\/li>\n<li>\n<p><strong>HTTP \uc804\uc6a9 \ucfe0\ud0a4:<\/strong> \uc138\uc158 \ud558\uc774\uc7ac\ud0b9 \uacf5\uaca9\uc744 \uc644\ud654\ud558\ub824\uba74 HTTP \uc804\uc6a9 \ucfe0\ud0a4\ub97c \uc0ac\uc6a9\ud558\uc138\uc694.<\/p>\n<\/li>\n<li>\n<p><strong>\ucf58\ud150\uce20 \ubcf4\uc548 \uc815\ucc45(CSP):<\/strong> \uc2e4\ud589 \uac00\ub2a5\ud55c \uc2a4\ud06c\ub9bd\ud2b8\uc758 \uc18c\uc2a4\ub97c \uc81c\ud55c\ud558\ub824\uba74 CSP \ud5e4\ub354\ub97c \uad6c\ud604\ud558\uc138\uc694.<\/p>\n<\/li>\n<li>\n<p><strong>\ubcf4\uc548 \uac1c\ubc1c \uad00\ud589:<\/strong> \uac1c\ubc1c\uc790\uc5d0\uac8c \ubcf4\uc548 \ucf54\ub529 \uad00\ud589\uc5d0 \ub300\ud574 \uad50\uc721\ud558\uace0 \uc815\uae30\uc801\uc778 \ubcf4\uc548 \uac10\uc0ac\ub97c \uc2e4\uc2dc\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>\uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uae30\ud0c0 \uc720\uc0ac\ud55c \uc6a9\uc5b4\uc640\uc758 \ube44\uad50\ub97c \ud45c\uc640 \ubaa9\ub85d \ud615\ud0dc\ub85c \uc81c\uacf5<\/h2>\n<table>\n<thead>\n<tr>\n<th><strong>\ud615\uc9c8<\/strong><\/th>\n<th><strong>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)<\/strong><\/th>\n<th><strong>\uc0ac\uc774\ud2b8 \uac04 \uc694\uccad \uc704\uc870(CSRF)<\/strong><\/th>\n<th><strong>SQL \uc8fc\uc785<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\uacf5\uaca9 \uc720\ud615<\/td>\n<td>\ud074\ub77c\uc774\uc5b8\ud2b8\uce21 \uacf5\uaca9<\/td>\n<td>\uc11c\ubc84\uce21 \uacf5\uaca9<\/td>\n<td>\uc11c\ubc84\uce21 \uacf5\uaca9<\/td>\n<\/tr>\n<tr>\n<td>\uc8fc\uc694 \ud0c0\uac9f<\/td>\n<td>\uc0ac\uc6a9\uc790\uc758 \uc6f9 \ube0c\ub77c\uc6b0\uc800<\/td>\n<td>\uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc0c1\ud0dc \ubcc0\uacbd \uc694\uccad<\/td>\n<td>\uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \ub370\uc774\ud130\ubca0\uc774\uc2a4<\/td>\n<\/tr>\n<tr>\n<td>\uc545\uc6a9\ub41c \ucde8\uc57d\uc810<\/td>\n<td>\ubd80\uc801\uc808\ud55c \uc785\ub825 \ucc98\ub9ac<\/td>\n<td>CSRF \ud1a0\ud070 \ubd80\uc871<\/td>\n<td>\ubd80\uc801\uc808\ud55c \uc785\ub825 \ucc98\ub9ac<\/td>\n<\/tr>\n<tr>\n<td>\uc601\ud5a5 \uc2ec\uac01\ub3c4<\/td>\n<td>\uacbd\uc99d\ubd80\ud130 \uc911\uc99d\uae4c\uc9c0 \ubc94\uc704<\/td>\n<td>\uac70\ub798 \uc6b4\uc601<\/td>\n<td>\ubb34\ub2e8 \ub370\uc774\ud130 \uacf5\uac1c<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>XSS(Cross-site scripting)\uc5d0 \uad00\ud55c \ubbf8\ub798\uc758 \uad00\uc810\uacfc \uae30\uc220<\/h2>\n<p>XSS \uc608\ubc29\uc758 \ubbf8\ub798\ub294 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548\uc758 \ubc1c\uc804\uacfc \ubcf4\uc548 \uac1c\ubc1c \ubc29\uc2dd\uc758 \ucc44\ud0dd\uc5d0 \ub2ec\ub824 \uc788\uc2b5\ub2c8\ub2e4. \uc7a0\uc7ac\uc801\uc778 \uac1c\ubc1c\uc5d0\ub294 \ub2e4\uc74c\uc774 \ud3ec\ud568\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uace0\uae09 \uc785\ub825 \uac80\uc99d:<\/strong> XSS \ucde8\uc57d\uc810\uc744 \ub354 \uc798 \uac10\uc9c0\ud558\uace0 \uc608\ubc29\ud558\uae30 \uc704\ud55c \uc790\ub3d9\ud654\ub41c \ub3c4\uad6c \ubc0f \ud504\ub808\uc784\uc6cc\ud06c\uc785\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>AI \uae30\ubc18 \ubc29\uc5b4:<\/strong> \uc81c\ub85c\ub370\uc774 XSS \uc704\ud611\uc744 \uc0ac\uc804\uc5d0 \uc2dd\ubcc4\ud558\uace0 \uc644\ud654\ud558\ub294 \uc778\uacf5 \uc9c0\ub2a5.<\/p>\n<\/li>\n<li>\n<p><strong>\uc6f9 \ube0c\ub77c\uc6b0\uc800 \ud5a5\uc0c1:<\/strong> XSS \uc704\ud5d8\uc744 \ucd5c\uc18c\ud654\ud558\uae30 \uc704\ud574 \ube0c\ub77c\uc6b0\uc800 \ubcf4\uc548 \uae30\ub2a5\uc774 \ud5a5\uc0c1\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubcf4\uc548 \uad50\uc721:<\/strong> \uac1c\ubc1c\uc790\uc5d0\uac8c \ubcf4\uc548 \uc6b0\uc120 \uc0ac\uace0\ubc29\uc2dd\uc744 \uc2ec\uc5b4\uc8fc\uae30 \uc704\ud55c \ubcf4\ub2e4 \uad11\ubc94\uc704\ud55c \ubcf4\uc548 \uad50\uc721\uc785\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uac70\ub098 XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc640 \uc5f0\uacb0\ud558\ub294 \ubc29\ubc95<\/h2>\n<p>\ud504\ub85d\uc2dc \uc11c\ubc84\ub294 XSS \uc704\ud5d8\uc744 \uc644\ud654\ud558\ub294 \ub370 \uc911\uc694\ud55c \uc5ed\ud560\uc744 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 \uc6f9 \uc11c\ubc84 \uac04\uc758 \uc911\uac1c\uc790 \uc5ed\ud560\uc744 \ud558\uc5ec \ub2e4\uc74c\uc744 \ud3ec\ud568\ud55c \ucd94\uac00 \ubcf4\uc548 \uc870\uce58\ub97c \uad6c\ud604\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\ucf58\ud150\uce20 \ud544\ud130\ub9c1:<\/strong> \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \uc6f9 \ud2b8\ub798\ud53d\uc5d0\uc11c \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uac80\uc0c9\ud558\uace0 \ud074\ub77c\uc774\uc5b8\ud2b8 \ube0c\ub77c\uc6b0\uc800\uc5d0 \ub3c4\ub2ec\ud558\uae30 \uc804\uc5d0 \uc774\ub97c \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>SSL\/TLS \uac80\uc0ac:<\/strong> \ud504\ub85d\uc2dc\ub294 \uc7a0\uc7ac\uc801\uc778 \uc704\ud611\uc774 \uc788\ub294\uc9c0 \uc554\ud638\ud654\ub41c \ud2b8\ub798\ud53d\uc744 \uac80\uc0ac\ud558\uc5ec \uc554\ud638\ud654\ub41c \ucc44\ub110\uc744 \ud65c\uc6a9\ud558\ub294 \uacf5\uaca9\uc744 \ubc29\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc694\uccad \ud544\ud130\ub9c1:<\/strong> \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ub4e4\uc5b4\uc624\ub294 \uc694\uccad\uc744 \ubd84\uc11d\ud558\uace0 XSS \uc2dc\ub3c4\ub85c \ubcf4\uc774\ub294 \uc694\uccad\uc744 \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubc29\ud654\ubcbd(WAF):<\/strong> \ub9ce\uc740 \ud504\ub85d\uc2dc \uc11c\ubc84\uc5d0\ub294 \uc54c\ub824\uc9c4 \ud328\ud134\uc744 \uae30\ubc18\uc73c\ub85c XSS \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\uace0 \ubc29\uc9c0\ud558\uae30 \uc704\ud574 WAF\uac00 \ud1b5\ud569\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc138\uc158 \uad00\ub9ac:<\/strong> \ud504\ub85d\uc2dc\ub294 \uc0ac\uc6a9\uc790 \uc138\uc158\uc744 \uc548\uc804\ud558\uac8c \uad00\ub9ac\ud558\uc5ec \uc138\uc158 \ud558\uc774\uc7ac\ud0b9\uc758 \uc704\ud5d8\uc744 \uc904\uc77c \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc744 \ubcf4\ub824\uba74 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \ubc29\ubb38\ud558\uc138\uc694.<\/p>\n<ol>\n<li><a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\" target=\"_new\" rel=\"noopener nofollow\">OWASP XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305) \ubc29\uc9c0 \uce58\ud2b8 \uc2dc\ud2b8<\/a><\/li>\n<li><a href=\"https:\/\/www.w3schools.com\/js\/js_security.asp\" target=\"_new\" rel=\"noopener nofollow\">W3Schools \u2013 \uc790\ubc14\uc2a4\ud06c\ub9bd\ud2b8 \ubcf4\uc548<\/a><\/li>\n<li><a href=\"https:\/\/developers.google.com\/web\/fundamentals\/security\/csp\" target=\"_new\" rel=\"noopener nofollow\">Google \uc6f9 \uae30\ucd08 - XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305) \ubc29\uc9c0<\/a><\/li>\n<\/ol>\n<p>XSS \uacf5\uaca9\uc758 \uc7a0\uc7ac\uc801 \uc704\ud5d8\uc73c\ub85c\ubd80\ud130 \uc790\uc2e0\uacfc \uc0ac\uc6a9\uc790\ub97c \ubcf4\ud638\ud558\ub824\uba74 \uc6f9 \ubcf4\uc548 \ubaa8\ubc94 \uc0ac\ub840\uc5d0 \ub300\ud55c \ucd5c\uc2e0 \uc815\ubcf4\ub97c \uc5bb\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4. \uac15\ub825\ud55c \ubcf4\uc548 \uc870\uce58\ub97c \uad6c\ud604\ud558\uba74 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \ubcf4\ud638\ud558\uace0 \ubaa8\ub450\uc5d0\uac8c \ubcf4\ub2e4 \uc548\uc804\ud55c \uac80\uc0c9 \uacbd\ud5d8\uc744 \ubcf4\uc7a5\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>","protected":false},"featured_media":468044,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-476483","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Cross-site scripting (XSS)<\/mark>","faq_items":[{"question":"What is Cross-site scripting (XSS)?","answer":"<p>Cross-site scripting (XSS) is a common web application security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts are then executed by the victims' browsers, leading to potential data theft, unauthorized access, or other harmful actions.<\/p>"},{"question":"How did Cross-site scripting (XSS) originate?","answer":"<p>The concept of Cross-site scripting dates back to the mid-1990s, with its first mention in a security mailing list in 1996. RSnake highlighted the risks of allowing users to submit unfiltered input to websites, which could result in the execution of malicious code on the victim's browser.<\/p>"},{"question":"What are the different types of Cross-site scripting (XSS) attacks?","answer":"<p>There are three primary types of XSS attacks:<\/p><ol><li>Stored XSS: The malicious script is permanently stored on the target server and served to users accessing the affected web page.<\/li><li>Reflected XSS: The malicious script is embedded in a URL or other input, and the web application reflects it back to the user without proper validation.<\/li><li>DOM-based XSS: The attack manipulates the Document Object Model (DOM) of a web page, executing the malicious script within the victim's browser due to flawed client-side scripting.<\/li><\/ol>"},{"question":"How does Cross-site scripting (XSS) work?","answer":"<p>XSS attacks occur when web applications fail to properly sanitize and validate user inputs. Attackers identify vulnerable points in the application, inject malicious scripts, and then unsuspecting users execute these scripts within their browsers.<\/p>"},{"question":"What are the key features of Cross-site scripting (XSS)?","answer":"<p>Key features of XSS include:<\/p><ul><li>Client-side exploitation using web browsers.<\/li><li>Diverse exploitation vectors, such as input fields, URLs, and more.<\/li><li>Varying severity levels from annoying pop-ups to serious data breaches.<\/li><li>Dependency on user trust in the compromised website.<\/li><li>Context-based vulnerabilities with unique escaping requirements.<\/li><\/ul>"},{"question":"How can I protect my web applications from Cross-site scripting (XSS) attacks?","answer":"<p>To mitigate XSS vulnerabilities, follow these best practices:<\/p><ul><li>Implement proper input validation and output encoding.<\/li><li>Use HTTP-only cookies to prevent session hijacking.<\/li><li>Employ Content Security Policy (CSP) to restrict executable scripts' sources.<\/li><li>Train developers on secure coding practices and conduct security audits regularly.<\/li><\/ul>"},{"question":"What are some future perspectives related to Cross-site scripting (XSS)?","answer":"<p>The future of XSS prevention lies in advancements in web application security and the adoption of secure development practices. Potential developments may include advanced input validation, AI-driven defenses, improved browser security features, and more extensive security training for developers.<\/p>"},{"question":"How can proxy servers help with Cross-site scripting (XSS) protection?","answer":"<p>Proxy servers can play a significant role in mitigating XSS risks. They can filter content, inspect encrypted traffic, analyze incoming requests, and implement Web Application Firewalls (WAFs) to detect and prevent XSS attacks. Proxy servers can also manage user sessions securely, reducing the risk of session hijacking.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/476483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/476483\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media\/468044"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=476483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}