如何将文件内容上传到可变的Javascript / HTML中?
[英]How to upload file contents into variable Javascript/HTML?
问题描述
I'm making a script that uploads a script, or "payload" to a site with these steps: 
我正在制作一个脚本,该脚本通过以下步骤将脚本或“有效负载”上传到站点:
1. User enters URL with * in place of query
2. User selects payload, which is simply a file with a pre-written JS script.
3. The * is replaced with the contents of the payload.
4. The URL with a script replacing the query is opened in an iframe.
How would I do this? 我该怎么做? My main problem is the file-uploading-into-variable part. 我的主要问题是文件上传到可变部分。 Here's my code so far: 到目前为止,这是我的代码:
<!DOCTYPE html>
<html>
<head>
<title>Slingshot.XSS</title>
</head>
<body style="font-family:monospace;" align="center">
<h2>Slingshot.XSS</h2>
<h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3>
<h4>Please report all issues to <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at keeganjkuhn@gmail.com.</h4>
<a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a>
<br />
<h4>Enter a URL with <b>*</b> in the place of query.</h4>
<h5>Example: https://www.google.com/#q=*</h5>
<input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button>
<p id="demo">No Submitted URL</p>
<h4>Select a payload:</h4>
<input type="text" id="myPayload" placeholder="Enter payload path"> <button onclick="selectPayload()">Submit</button>
<script>
function myFunction() {
var errors = [];
var x = document.getElementById("myText").value;
if ( !x.includes("http://") && !x.includes("https://") ) {
errors.push('missing HTTP or HTTPS in URL');
}
if (!x.includes("*")) {
errors.push('missing * in place of query')
}
// Renders errors
if (errors.length) {
x = 'Error: ' + errors.join(', ') + '!';
}
document.getElementById("demo").innerHTML = x;
}
function selectPayload() {
}
</script>
</body>
</html>
How would I let the user browse through files and then select one and upload it to a variable? 我将如何让用户浏览文件,然后选择一个文件并将其上传到变量?
1 个解决方案
解决方案1
2 已采纳 2017-04-28 00:35:57
First, change the type attribute of your input tag to be "file" , eg: 首先,将input标签的type属性更改为"file" ,例如:
<input type="file" id="file">
Then create a filereader: 然后创建一个文件阅读器:
var fr = new FileReader();
Since the file will be read asynchronously, you should add a callback to proceed further, eg something like: 由于将异步读取文件,因此您应该添加一个回调以进一步进行处理,例如:
fr.onload = function(){... do something ...};
To read the file call readAsText (for example, add this to an onclick event): 要读取文件调用readAsText (例如,将其添加到onclick事件中):
fr.readAsText(document.getElementById('file').files[0]);
Once the file has been loaded the content will be a string in fr.result . 加载文件后,内容将是fr.result的字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.