zoukankan      html  css  js  c++  java
  • 【XSS技巧拓展】————21、Location Based Payloads – Part IIII

    Document Properties Scheme

    location.protocol

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    location.hostname

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    location.pathname

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    location.search

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    previousSibling.nodeValue, document.body.textContent*

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    tagName, nodeName

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    outerHTML

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    innerHTML**, textContent**, nextSibling.nodeValue**, firstChild.nodeValue**, lastChild.nodeValue**

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    location.hash

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    URL, documentURI

    protocol://domain/path/page?p= text1 <tag handler=code> text2 # text3

    —– x —–

    To make it easy to replace one property by another in case of blacklist or something, here we have them grouped  by position:

    Before

    previousSibling.nodeValue, document.body.textContent*

    Itself

    location.search, tagName, nodeName, outerHTML

    After**

    textContent, nextSibling.nodeValue, firstChild.nodeValue, lastChild.nodeValue, innerHTML

    Hash

    location.hash

    * comes with source content (body)

    ** may need to close the injected tag

    So when building a location based payload using document properties to avoid filtered chars and/or in filtered sequences (like after on*=), this may help to choose the right ones for the injection.

    #hack2learn

    总会有不期而遇的温暖. 和生生不息的希望。
  • 相关阅读:
    WPF(ContentControl和ItemsControl)
    WPF(x:Key 使用)
    WPF(Binding集合对象数据源)
    WPF(x:Type的使用)
    WPF(初识DataTemplate)
    Asp.net 全局错误处理
    给年轻程序员的建议(转自csdn)
    在.net中未能用trycatch捕获到的异常处理(转载)
    c#语音读取文字
    IIS 7.0 和 IIS 7.5 中的 HTTP 状态代码
  • 原文地址:https://www.cnblogs.com/devi1/p/13486394.html
Copyright © 2011-2022 走看看