[英]How to upload file contents into variable Javascript/HTML?
I'm making a script that uploads a script, or "payload" to a site with these steps: 我正在制作一个脚本,该脚本通过以下步骤将脚本或“有效负载”上传到站点:
1. User enters URL with * in place of query
2. User selects payload, which is simply a file with a pre-written JS script.
3. The * is replaced with the contents of the payload.
4. The URL with a script replacing the query is opened in an iframe.
How would I do this? 我该怎么做? My main problem is the file-uploading-into-variable part. 我的主要问题是文件上传到可变部分。 Here's my code so far: 到目前为止,这是我的代码:
<!DOCTYPE html>
<html>
<head>
<title>Slingshot.XSS</title>
</head>
<body style="font-family:monospace;" align="center">
<h2>Slingshot.XSS</h2>
<h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3>
<h4>Please report all issues to <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at keeganjkuhn@gmail.com.</h4>
<a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a>
<br />
<h4>Enter a URL with <b>*</b> in the place of query.</h4>
<h5>Example: https://www.google.com/#q=*</h5>
<input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button>
<p id="demo">No Submitted URL</p>
<h4>Select a payload:</h4>
<input type="text" id="myPayload" placeholder="Enter payload path"> <button onclick="selectPayload()">Submit</button>
<script>
function myFunction() {
var errors = [];
var x = document.getElementById("myText").value;
if ( !x.includes("http://") && !x.includes("https://") ) {
errors.push('missing HTTP or HTTPS in URL');
}
if (!x.includes("*")) {
errors.push('missing * in place of query')
}
// Renders errors
if (errors.length) {
x = 'Error: ' + errors.join(', ') + '!';
}
document.getElementById("demo").innerHTML = x;
}
function selectPayload() {
}
</script>
</body>
</html>
How would I let the user browse through files and then select one and upload it to a variable? 我将如何让用户浏览文件,然后选择一个文件并将其上传到变量?
First, change the type
attribute of your input
tag to be "file"
, eg: 首先,将input
标签的type
属性更改为"file"
,例如:
<input type="file" id="file">
Then create a filereader: 然后创建一个文件阅读器:
var fr = new FileReader();
Since the file will be read asynchronously, you should add a callback to proceed further, eg something like: 由于将异步读取文件,因此您应该添加一个回调以进一步进行处理,例如:
fr.onload = function(){... do something ...};
To read the file call readAsText
(for example, add this to an onclick
event): 要读取文件调用readAsText
(例如,将其添加到onclick
事件中):
fr.readAsText(document.getElementById('file').files[0]);
Once the file has been loaded the content will be a string in fr.result
. 加载文件后,内容将是fr.result
的字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.