堆栈内存溢出
  简体   繁体   English

为什么单击按钮后此警报框没有弹出?

[英]Why is this alert box not popping up when button clicked?

 原文  2017-04-28 19:35:44       javascript/ html/ input/ replace/ alert

问题描述

I've been writing a script to check for reflective XSS vulnerabilities. 我一直在编写脚本来检查反射性XSS漏洞。 So far, it has an input for a URL with * in place of queries and an error checker for malformed URLs. 到目前为止,它具有URL的输入(带有*代替查询)和错误检查器,用于格式错误的URL。 It also has a file uploader for users to upload "payloads". 它还有一个文件上传器,供用户上传“有效载荷”。 However, I recently made a part that replaces * with the contents of the payload, and then for debugging purposes, I made it alert() the variable with the file contents. 但是,我最近制作了一个用有效载荷的内容替换*的部件,然后出于调试目的,我将其具有文件内容的变量alert()了。 However, its not working. 但是,它不起作用。 Here's my code: 这是我的代码: 

 function selectPayload(y) { var fr = new FileReader(); fr.readAsText(document.getElementById('file').files[0]); fr.onload = function() { var dir = fr.result; var payload = y.replace("*", fr.result); alert(payload); }; } function myFunction() { var errors = []; var x = document.getElementById("myText").value; if (!x.includes("http://") && !x.includes("https://")) { errors.push('missing HTTP or HTTPS in URL'); } if (!x.includes("*")) { errors.push('missing * in place of query') } // Renders errors if (errors.length) { x = 'Error: ' + errors.join(', ') + '!'; } document.getElementById("demo").innerHTML = x; selectPayload(x); } 
 <!DOCTYPE html> <html> <head> <title>Slingshot.XSS</title> </head> <body style="font-family:monospace;" align="center"> <h2>Slingshot.XSS</h2> <h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3> <h4>Please report all issues to <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at email@example.com.</h4> <a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a> <br /> <h4>Enter a URL with <b>*</b> in the place of query.</h4> <h5>Example: <code>https://www.google.com/#q=*</code></h5> <input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button> <p id="demo">No Submitted URL</p> <h4>Select a payload:</h4> <h5>Default payloads in <code>payloads</code></h5> <input type="file" id="file"> <button onclick="selectPayload()">Submit</button> </body> </html>

What am I doing wrong? 我究竟做错了什么?

2 个解决方案

解决方案1
 0  2017-04-28 20:36:25

You have the second button calling the wrong function. 您有第二个按钮调用了错误的功能。 Changed to call myFunction() instead of selectPayload() . 更改为调用myFunction()而不是selectPayload() Unless you intended to call selectPayload() with the second button, in which case you neet to pass it an argument like it expects. 除非您打算使用第二个按钮调用selectPayload() ,否则在这种情况下,您无需向其传递期望的参数。 

 function selectPayload(y) { var fr = new FileReader(); fr.readAsText(document.getElementById('file').files[0]); fr.onload = function() { var dir = fr.result; var payload = y.replace("*", fr.result); alert(payload); }; } function myFunction() { var errors = []; var x = document.getElementById("myText").value; if (!x.includes("http://") && !x.includes("https://")) { errors.push('missing HTTP or HTTPS in URL'); } if (!x.includes("*")) { errors.push('missing * in place of query') } // Renders errors if (errors.length) { x = 'Error: ' + errors.join(', ') + '!'; } document.getElementById("demo").innerHTML = x; selectPayload(x); } 
 <!DOCTYPE html> <html> <head> <title>Slingshot.XSS</title> </head> <body style="font-family:monospace;" align="center"> <h2>Slingshot.XSS</h2> <h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3> <h4>Please report all issues to <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at keeganjkuhn@gmail.com.</h4> <a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a> <br /> <h4>Enter a URL with <b>*</b> in the place of query.</h4> <h5>Example: <code>https://www.google.com/#q=*</code></h5> <input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button> <p id="demo">No Submitted URL</p> <h4>Select a payload:</h4> <h5>Default payloads in <code>payloads</code></h5> <input type="file" id="file"> <button onclick="myFunction()">Submit</button> </body> </html>

解决方案2
 0 已采纳  2017-04-28 22:03:41

Here: I've found code that will work: 在这里:我发现了可以使用的代码: 

<!DOCTYPE html>

<html>

<head>

  <title>Slingshot.XSS</title>

</head>

<body style="font-family:monospace;" align="center">

  <script> 

    function selectPayload() {

      var x = document.getElementById("myText").value;
      var fr = new FileReader();
      fr.readAsText(document.getElementById('file').files[0]);
      fr.onload = function() {

        var dir = fr.result;
        var payload = x.replace("*", fr.result);
        alert(payload);

      };

    }

    function myFunction() {

      var errors = [];
      var x = document.getElementById("myText").value;

      if (!x.includes("http://") && !x.includes("https://")) {

        errors.push('missing HTTP or HTTPS in URL');

      }

      if (!x.includes("*")) {

        errors.push('missing * in place of query')

      }

      // Renders errors
      if (errors.length) {

        x = 'Error: ' + errors.join(', ') + '!';

      }

      document.getElementById("demo").innerHTML = x;

      }


  </script>

  <h2>Slingshot.XSS</h2>
  <h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3>
  <h4>Please report all issues to
    <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at keeganjkuhn@gmail.com.</h4>
  <a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a>
  <br />

  <h4>Enter a URL with <b>*</b> in the place of query.</h4>
  <h5>Example: <code>https://www.google.com/#q=*</code></h5>
  <input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button>
  <p id="demo">No Submitted URL</p>

  <h4>Select a payload:</h4>
  <h5>Default payloads in <code>payloads</code></h5>
  <input type="file" id="file"> <button onclick="selectPayload()">Submit</button>

</body>

</html>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么我的警报在 if() 中时没有弹出? - Why is my alert not popping up when it is in if()? 当单击按钮时,jQuery没有显示警告框 - Jquery no displaying alert box when a button is clicked 单击浏览器的刷新按钮时如何弹出警告框? - How to pop up an alert box when the browser's refresh button is clicked? 单击按钮时如何在警报框中显示选择? (使用Javascript) - How to display the selections in an alert box when the button is clicked? (with Javascript) IF / Else条件后,警报或消息框未弹出 - Alert or Message Box are not popping up after an IF/Else Condition 警报不弹出在PHP - alert not popping up in php 在警报框中单击“确定”按钮 - Checking OK button is clicked on alert box 单击按钮时不弹出模态 - Modal Not Popping Up When Clicking Button 为什么我的警报没有弹出? Asp.net C# - Why is my alert not popping up? Asp.net C# 按下按钮时不弹出 Bootstrap 模态 - Bootstrap modal not popping up when button is pressed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM