[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faeRU9KPK5Ym4B7Ja64K90Ih0Gp8Jxm7JmqJo39xD8TQ":3},{"answer":4,"createTime":5,"id":6,"options":7,"origin":12,"question":19,"related":20,"source":24,"type":25},[],"2024-07-02 10:53:00",143441031,[8,9,10,11],"存储型XSS又称作持久型XSS","恶意脚本是事先被攻击者上传至数据库或服务器中的","此类XSS不需要用户单击特定URL就能执行脚本","攻击用户cookie必须通过存储型XSS漏洞实现",{"count":13,"courseId":14,"courseImg":15,"courseName":16,"workId":17,"workName":18},33,"d865483b7fc6811c6bd8a1d36d128571","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F59d71c300dff6ba7fa49e1ad37a4ae2d.jpg","web安全与渗透测试","work_35004274","XSS漏洞-理论检测","关于存储型XSS,叙述错误的是( )",[21,26,36,45,54,64,73,82,91,100],{"answer":22,"createTime":5,"id":6,"options":23,"question":19,"source":24,"type":25},[],[8,9,10,11],"v1",0,{"answer":27,"createTime":28,"id":29,"options":30,"question":35,"source":24,"type":25},[],"2024-05-14 11:47:17",143441032,[31,32,33,34],"盗取合法用户会话信息","执行script代码","上传蠕虫","跳专到原本不可达的内网地址","以下哪项不是XSS漏洞利用的场景( )",{"answer":37,"createTime":5,"id":38,"options":39,"question":44,"source":24,"type":25},[],143441033,[40,41,42,43],"引诱用户点击虚假网络链接的一种攻击方法","一种非常强大的木马攻击手段","构造精妙的关系数据库的结构化查询语言对数据库进行非法访问","将恶意代码嵌入到用户浏览的Web页面中,从而达到的恶意目的","下列对跨站脚本攻击(XSS)的解释最准确的一项是( )",{"answer":46,"createTime":5,"id":47,"options":48,"question":53,"source":24,"type":25},[],143441034,[49,50,51,52],"反射型XSS","存储型XSS","DOM型XSS","二阶注入","XSS是Web应用程序中常见的安全漏洞,受害者被诱导打开一个用恶意脚本编程的URL偷取敏感信息,这种跨站攻击是( )类型",{"answer":55,"createTime":56,"id":57,"options":58,"question":63,"source":24,"type":25},[],"2024-05-14 11:37:17",143441035,[59,60,61,62],"网站未对用户下的敏感操作进行二次校验","网站存在可供用户输入的交互模式","网站对用户输入的数据未作过滤","网站对输出的数据未做处理","下列不是网站存在XSS漏洞的原因是( )",{"answer":65,"createTime":5,"id":66,"options":67,"question":72,"source":24,"type":25},[],143441036,[68,69,70,71],"反射型XSS具有很大危害,可以攻击到平台大量用户","反射型XSS也称作持久型跨站脚本","反射型XSS主要用于将恶意脚本附加到URL地址参数中","反射型XSS漏洞原理与存诸型XSS&mdash;致","关于反射型XSS的描述,叙述正确的是( )",{"answer":74,"createTime":5,"id":75,"options":76,"question":81,"source":24,"type":25},[],143441037,[77,78,79,80],"Cascading Style Sheet","X-cross Site Script","X-cascading Style Sheet","Cross Site Script","跨站脚本的英文缩写为XSS,其英文全称是什么",{"answer":83,"createTime":5,"id":84,"options":85,"question":90,"source":24,"type":25},[],143441038,[86,87,88,89],"输入过滤、输出编码","减少使用数据库","不要点击未知链接","禁止用户输入","防御XSS漏洞的核心思想为( )",{"answer":92,"createTime":5,"id":93,"options":94,"question":99,"source":24,"type":25},[],143441961,[95,96,97,98],"order by语句","1' and 1=1 语句","magic_quotes_gpc=on","UNION SELECT语句","如果攻击者通过实施对MySQL的SQL注入攻击,可利用其自身存在的函数或语句,下列( )不是危险的攻击利用方法",{"answer":101,"createTime":102,"id":103,"options":104,"question":110,"source":24,"type":111},[],"2024-07-02 10:53:01",143441962,[105,106,107,108,109],"经过数据库","是针对web前端的攻击方式","经过web后端","经过浏览器","是针对数据库的攻击方式","下列有关存储型XSS攻击流程描述正确的是( )",1]