当前位置：网站首页>Public testing, exclusive, penetration testing, picking up ragged tips

Public testing, exclusive, penetration testing, picking up ragged tips

2022-04-22 01:00:00 【Guapi Chen】

0x00 Preface

About public testing 、 How to pick up leaks in exclusive xss hole , hydrological , hydrological , hydrological ！！！

0x01

Daily boring test site , When you're doing penetration testing , Found some html The tag calls the... Of the image in the server , And it's the kind to join the server ip Address of the , You can try to modify host Head fuzz once , Detect the presence of xss.
Insert picture description here

Insert picture description here
Seeing this situation, we can roughly guess , The latter part of the code may look like the following ：

<img src="<?php echo "http://{$_SERVER['HTTP_HOST']}/"?>xxx/aaa.png" />

So it seems very simple , Modify the... In the request package host Can cause xss Slightly .
Insert picture description here

Successful pop-up
Insert picture description here

Pick up rags tips The end , Hydrology is good .

版权声明
本文为[Guapi Chen]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/04/202204211645261612.html

当前位置：网站首页>Public testing, exclusive, penetration testing, picking up ragged tips

Public testing, exclusive, penetration testing, picking up ragged tips

0x00 Preface

0x01

边栏推荐

猜你喜欢

随机推荐