当前位置：网站首页>Restricted character bypass

Restricted character bypass

2022-07-31 00:14:00 【Miracle_ze】

Character Short Domain Bypass

One, bypass method
Second, limit the length of the short-character short domain name bypass
- 2.1 xss_clean filter statement
- 2.2
Three, kali beef installation

I. Bypass method

1.1 rewrite, use short tags

insert image description here
Add result:

It can be seen from the above figure that the injection failed after being filtered by xss_clean.
For this we remove xss_clean to test if it is filtered because of it
insert image description here
The result indicates that xss_clean is filtered because xss_clean
It is worth noting that svg is ignored in the current xss_clean version, for this we can use svg injection

insert image description here
Refresh the page again to display

2.2

When looking at the front-end reference file, I found that jQuery was used
insert image description here
Therefore, you can use to inject, and use the teacher's telsr.co domain, which is shortened to 5 characters.But this website is an external network provided by the teacher. I don't have a VPN, so I chose my own.So modify the character limit in length