XSS detects the client environment and javascript detects the client files and system environment. In future use of xss, you may need to check the client environment, such as the browser version, whether to install 360, anti-virus software, java version, and some system files ...... Javascript can be used to detect these features. Many years ago, webhorse was added to these features to achieve "smart Trojan ...... 1. You can obtain a lot of information from the User-Agent HTTP header. For more information, see the following articles on this site: [CSRF] image-based ( IE 6.0 IPC $: <SC Riptype = "text/javascript"> window. onerror = function () {alert ("nod32 ");} </script> <script src = "\ 127.0.0.1 \ c $ \ Program Files \ ESET NOD32 Antivirus \ egui.exe"> </script> activeX: <script type = "text/javascript"> var Is360; var bFilter360 = false; if (bFilter360) {try {var g; var glworld = new ActiveXObject ("360SafeLive. update ") ;}catch (g) {}; finally {if (g =" [object Error] ") {Is360 =" Not find 360 ";} els E {Is360 = "Find 360"; // window. location = "about: blank ";}}} </script> the navigator object and res protocol of UA and javascript can be used to detect IP addresses, operating systems, browser versions, flash versions, java versions, and whether specific software is installed. Collect the clsid of some common software and then perform javascript testing. Sample programs: JavaScript uses User-Agent to determine the browser type: <HTML> <script language = "JavaScript"> <! -- Function CheckBrowser () {// determines the browser type if (navigator. userAgent. indexOf ("MSIE")> 0) {return "MSIE";} if (isFirefox = navigator. userAgent. indexOf ("Firefox")> 0) {return "Firefox";} if (isSafari = navigator. userAgent. indexOf ("Safari")> 0) {return "Safari";} if (isCamino = navigator. userAgent. indexOf ("Camino")> 0) {return "Camino";} if (isMozilla = navigator. userAgent. indexOf ("Gecko")> 0) {return "Gecko ";}} Document. write ("<font color = # ff0000> your browser type is:" + CheckBrowser () + "</font> <br> "); --> </SCRIPT> www.2cto.com </HTML> use the RES protocol to check whether anti-virus software exists: <HTML> <script language = "JavaScript"> <! -- // Use RES protocol to check whether anti-virus software exists // Microsoft RES protocol effective browser range: IE 4.0 --> IE 6.0 function ErrorSilent () {// shield error return true;} window. onerror = ErrorSilent; // blocked error function CheckSoft () {Soft_List = [// list of software to be detected 'res: // cmd.exe/123456', 'res: // shell32.dll/2/131 ', 'res: // C: \ WINDOWS \ assumer.exe/2/143', 'res: // C: \ Program % 20Files \ Internet % 20Explorer \ Connection % 20Wizard \ icwconn1.exe/2/210 ', 'res: // C: \ Program % 20Files \ QQ Res. dll/2/108 ', 'res: // C: \ 360safe \ 360Safe.exe/GIF/172', 'res: // C: \ 360safe \ safemon \ loadwdui. dll/PNG/100', 'res: // C: \ Program % 20Files \ 130 \ 360Safe \ 360hotfix.exe/GIF/100', 'res: // C: \ Program % 20Files \ 360 \ 360Safe \ 360Safe.exe/GIF/172 ', 'res: // C: \ Program % 20Files \ 360 \ 360Safe \ safemon \ loadwdui. dll/PNG/100', 'res: // C: \ program % 20files \ 360safe \ 360hotfix.exe/GIF/100', 'res: // C: \ program % 20files \ 360 s Afe \ 360Safe.exe/GIF/172 ', 'res: // C: \ program % 20files \ 360safe \ safemon \ loadwdui. dll/PNG/100', 'res: // C: \ Program % 20Files \ Rising \ Rav \ rssafety.exe/PNG/100', 'res: // D: \ 360safe \ 360Safe.exe/GIF/100', 'res: // D: \ 360safe \ safemon \ loadwdui. dll/PNG/100', 'res: // D: \ Program % 20Files \ 130 \ 360Safe \ 360hotfix.exe/GIF/100', 'res: // D: \ Program % 20Files \ 360 \ 360Safe \ 360Safe.exe/GIF/172 ', 'res: // D: \ Program % 20Fi Les \ 360 \ 360Safe \ safemon \ loadwdui. dll/PNG/130 ', 'res: // D: \ program % 20files \ 360safe \ 360hotfix.exe/GIF/172', 'res: // D: \ program % 20files \ 360safe \ 360Safe.exe/GIF/172 ', 'res: // D: \ program % 20files \ 360safe \ safemon \ loadwdui. dll/PNG/130 ', 'res: // D: \ Program % 20Files \ Rising \ Rav \ rssafety.exe/PNG/123', 'res: // E: \ Program % 20Files \ 360 \ 360Safe \ 360hotfix.exe/GIF/172 ', 'res: // E: \ Program % 20Files \ 360 \ 360 Safe \ 360Safe.exe/GIF/172 ', 'res: // E: \ Program % 20Files \ 360 \ 360Safe \ safemon \ loadwdui. dll/PNG/100', 'res: // E: \ program % 20files \ 360safe \ 360Safe.exe/GIF/100', 'res: // E: \ program % 20files \ 360safe \ safemon \ loadwdui. dll/PNG/130 ', 'res: // E: \ Program % 20Files \ Rising \ Rav \ rssafety.exe/PNG/123', 'res: // F: \ Program % 20Files \ 360 \ 360Safe \ 360hotfix.exe/GIF/172 ', 'res: // F: \ Program % 20Files \ 360 \ 360Safe \ 360 S Afe.exe/GIF/100', 'res: // F: \ Program % 20Files \ 172 \ 360Safe \ 360Safe.exe/GIF/100', 'res: // F: \ Program % 20Files \ 360 \ 360Safe \ safemon \ loadwdui. dll/PNG/100', 'res: // F: \ program % 20files \ 360safe \ 360Safe.exe/GIF/100', 'res: // F: \ Program % 20Files \ Rising \ Rav \ rssafety.exe/PNG/123 ']; for (I = 0; I <Soft_List.length; I ++) {SoftExist = 1; // set the initial value Tmp = new Image (); // create an Image object Tmp. src = ""; // initialization address Tmp. onerror = Function () {// object error event SoftExist = 0;} Tmp. src = Soft_List [I]; // set the connection if (SoftExist = 1) {// if the software has document. write ("<font color = # ff0000>" + Soft_List [I] + "√ </font> <br>");} else {document. write ("<font color = # 0000ff>" + Soft_List [I] + "× </font> <br>");} delete Tmp; // Delete the created Image object} return 0;} CheckSoft ();/* if (CheckSoft () = 1) {// soft document is detected. write ("detected to kill soft");} else {// No detected to kill soft document. write ("no soft removal detected");} */--> </SCRIPT> </HTML> JavaScript: <script type = "text/javascript"> // determine whether the Protocol if (document. location. protocol = 'file: ') {alert ("local file! ") ;}</Script>