搜索

[11324] 2017-05-08_通过浏览器缓存来bypassnoncescriptCSP

文档创建者:s7ckTeam
浏览次数:17
最后更新:2025-01-18
2017-05-08_通过浏览器缓存来bypassnoncescriptCSP b y p a s s   n o n c e   s c r i p t   C S P L o R e x x a r   F r e e B u f   2 0 1 7 - 0 5 - 0 8 *   L o R e x x a r F r e e B u f g o o g l e C S P   I s   D e a d ,   L o n g   L i v e   C S P ! c s p g o o g l e n o n c e - { r a n d o m } c s p S e b a s t i a n   c s p h t t p : / / s i r d a r c k c a t . b l o g s p o t . j p / 2 0 1 6 / 1 2 / h o w - t o - b y p a s s - c s p - n o n c e s - w i t h - d o m - x s s . h t m l h t t p : / / p a p e r . s e e b u g . o r g / 1 6 6 / d e m o n o n c e   s c r i p t n o n c e 3   D O M   X S S   p a y l o a d     H T M L     D O M   X S S   f e t c h ( l o c a t i o n . p a t h N a m e ) . t h e n ( r = > r . t e x t ( ) ) . t h e n ( t = > b o d y . i n n e r H T M L = t ) ; X S S   p a y l o a d     l o c a t i o n . h a s h     D O M   X S S     h t t p s : / / v i c t i m / x s s # ! f o o ? p a y l o a d = n o n c e   s c r i p t x s s
i f r a m e i f r a m e < t e x t a r e a > s c r i p t
n o n c e
n o n c e s e s s i o n n o n c e   s c r i p t c s p 使 n o n c e - p w n h u b p w n h u b x s s 便
a d m i n x s s W o w ,   g o o d   g u y s , m a y b e   y o u   w a n t   / a d m i n s h i g e s h a 2 3 3 e 3 3 3 3 / # a d m i n d o m   x s s n o n c e   c s p
l o c a t i o n . h a s h n o n c e   s t r i n g x s s i f r a m e a d m i n n o n c e i f r a m e n o n c e i f r a m e x s s 1 2 c s p x s s f l a g i f r a m e f l a g . p h p i f r a m e
p a y l o a d a d m i n x s s p a y l o a d p a y l o a d
c h r o m e x s s   a u d i t o r n o n c e   s c r i p t   c s p C S P *   L o R e x x a r F r e e B u f

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理