摘要
[目的/意义]随着互联网技术的发展,网络黑客利用跨站脚本攻击漏洞实施犯罪的方式广泛存在,且蔓延发展现状形势相当严峻,犯罪对象不仅针对个人用户,而且还涉及到企业、政府、组织机构等目标.这种攻击手段的隐蔽性和灵活性,使得网络黑客能够窃取敏感信息、篡改网站内容、传播恶意软件等,给公安机关侦查工作带来了新的挑战.[方法/过程]以剖析黑客犯罪生态为切入点,具体分析了上下游产业链的情况,在深度总结跨站脚本攻击漏洞黑客犯罪的特点、代码分析之后,依据调查研究和工作经验,得出针对跨站脚本攻击漏洞黑客犯罪的侦查打击和取证要点.[结果/结论]提出了对跨站脚本攻击漏洞黑客犯罪现场,以严格规范控制现场及针对性开展电子数据取证方法.
[Purpose/Significance]With the development of internet technology,the widespread occurrence of network hackers utilizing Cross-Site scripting(XSS)vulnerabilities to commit crimes presents a significant and urgent challenge.The targets of these criminal activities extend beyond individual users to include enterprises,government institutions,and various organizations.The covert and adaptable nature of these attack methods enables hackers to steal sensitive information,manipulate website content,and distribute malicious software,posing new challenges to law enforcement agencies.[Method/Process]Taking the analysis of the hacker crime ecosystem as a starting point,this paper specifically examines the situation of the upstream and downstream industry chains.After a comprehensive summary of the characteristics of Cross-Site Scripting vulnerability exploitation in hacking crimes and code analysis,based on investigative research and work experience,key points for investigating,combating,and collecting evidence against cross-site scripting vulnerability exploitation in hacking crimes are derived.[Results/Conclusion]Proposals are made to strictly regulate and control the crime scene of Cross-Site Scripting vulnerability exploitation in hacking crimes and to carry out targeted methods for electronic data forensics.
作者
王祥瑞
Wang Xiangrui(People's Public Security University of China,Beijing 100038)
出处
《网络空间安全》
2023年第6期11-16,共6页
Cyberspace Security
关键词
跨站脚本攻击漏洞
XSS漏洞
侦查打击
犯罪现场
黑客犯罪
Cross-Site Scripting vulnerability
XXS vulnerability
investigation and crackdown
crime scene
hacker crime
