[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH-88Z7hVkOtsyjgTr7hmEccsWOJHlDmMUDUqhSe7ez0":3},{"answer":4,"createTime":5,"id":6,"options":7,"origin":13,"question":20,"related":21,"source":32,"type":111},[],"2024-07-02 10:53:01",143441962,[8,9,10,11,12],"经过数据库","是针对web前端的攻击方式","经过web后端","经过浏览器","是针对数据库的攻击方式",{"count":14,"courseId":15,"courseImg":16,"courseName":17,"workId":18,"workName":19},33,"d865483b7fc6811c6bd8a1d36d128571","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F59d71c300dff6ba7fa49e1ad37a4ae2d.jpg","web安全与渗透测试","work_35004274","XSS漏洞-理论检测","下列有关存储型XSS攻击流程描述正确的是( )",[22,34,44,53,62,72,81,90,99,108],{"answer":23,"createTime":24,"id":25,"options":26,"question":31,"source":32,"type":33},[],"2024-07-02 10:53:00",143441031,[27,28,29,30],"存储型XSS又称作持久型XSS","恶意脚本是事先被攻击者上传至数据库或服务器中的","此类XSS不需要用户单击特定URL就能执行脚本","攻击用户cookie必须通过存储型XSS漏洞实现","关于存储型XSS,叙述错误的是( )","v1",0,{"answer":35,"createTime":36,"id":37,"options":38,"question":43,"source":32,"type":33},[],"2024-05-14 11:47:17",143441032,[39,40,41,42],"盗取合法用户会话信息","执行script代码","上传蠕虫","跳专到原本不可达的内网地址","以下哪项不是XSS漏洞利用的场景( )",{"answer":45,"createTime":24,"id":46,"options":47,"question":52,"source":32,"type":33},[],143441033,[48,49,50,51],"引诱用户点击虚假网络链接的一种攻击方法","一种非常强大的木马攻击手段","构造精妙的关系数据库的结构化查询语言对数据库进行非法访问","将恶意代码嵌入到用户浏览的Web页面中,从而达到的恶意目的","下列对跨站脚本攻击(XSS)的解释最准确的一项是( )",{"answer":54,"createTime":24,"id":55,"options":56,"question":61,"source":32,"type":33},[],143441034,[57,58,59,60],"反射型XSS","存储型XSS","DOM型XSS","二阶注入","XSS是Web应用程序中常见的安全漏洞,受害者被诱导打开一个用恶意脚本编程的URL偷取敏感信息,这种跨站攻击是( )类型",{"answer":63,"createTime":64,"id":65,"options":66,"question":71,"source":32,"type":33},[],"2024-05-14 11:37:17",143441035,[67,68,69,70],"网站未对用户下的敏感操作进行二次校验","网站存在可供用户输入的交互模式","网站对用户输入的数据未作过滤","网站对输出的数据未做处理","下列不是网站存在XSS漏洞的原因是( )",{"answer":73,"createTime":24,"id":74,"options":75,"question":80,"source":32,"type":33},[],143441036,[76,77,78,79],"反射型XSS具有很大危害,可以攻击到平台大量用户","反射型XSS也称作持久型跨站脚本","反射型XSS主要用于将恶意脚本附加到URL地址参数中","反射型XSS漏洞原理与存诸型XSS&mdash;致","关于反射型XSS的描述,叙述正确的是( )",{"answer":82,"createTime":24,"id":83,"options":84,"question":89,"source":32,"type":33},[],143441037,[85,86,87,88],"Cascading Style Sheet","X-cross Site Script","X-cascading Style Sheet","Cross Site Script","跨站脚本的英文缩写为XSS,其英文全称是什么",{"answer":91,"createTime":24,"id":92,"options":93,"question":98,"source":32,"type":33},[],143441038,[94,95,96,97],"输入过滤、输出编码","减少使用数据库","不要点击未知链接","禁止用户输入","防御XSS漏洞的核心思想为( )",{"answer":100,"createTime":24,"id":101,"options":102,"question":107,"source":32,"type":33},[],143441961,[103,104,105,106],"order by语句","1' and 1=1 语句","magic_quotes_gpc=on","UNION SELECT语句","如果攻击者通过实施对MySQL的SQL注入攻击,可利用其自身存在的函数或语句,下列( )不是危险的攻击利用方法",{"answer":109,"createTime":5,"id":6,"options":110,"question":20,"source":32,"type":111},[],[8,9,10,11,12],1]