https://q1uf3ng.github.io/jslook/
下载: https://github.com/q1uf3ng/jslook/tree/main
const apiPath = "/api/user";const apiKey = "1234567890abcdef1234567890abcdef";const accessKey = "AKIAIOSFODNN7EXAMPLE";const secretKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";functionfetchUserData() {fetch(apiPath).then(response => response.json()).then(data => {console.log("User Data:", data);}).catch(error => {console.error("Error fetching user data:", error);});}functionpostData() {const url = "/submit/data";const params = { password: "123456", username: "admin" }; // 敏感参数fetch(url, {method: "POST",headers: {"Content-Type": "application/json"},body: JSON.stringify(params)}).then(response => response.json()).then(data => console.log("Response:", data)).catch(error => console.error("Error:", error));}fetchUserData();postData();// 注释部分// 这是一个开发注释/* 这是一个多行开发注释 */eval("console.log('This is eval')");const config = {apikey: "1234567890abcdef1234567890abcdef",access_key: "AKIAIOSFODNN7EXAMPLE",secret_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"};const sensitiveData = {password: "admin123",pass: "admin_pass",passwd: "secret_pass",admin: "admin",name: "admin_user"};fetch("/api/submit", {method: "POST",headers: {"Content-Type": "application/json"},body: JSON.stringify({action: "submit",data: sensitiveData})});
原文始发于微信公众号(秋风的安全之路):一个JS在线审计网页
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论