[英]Why is this alert box not popping up when button clicked?
I've been writing a script to check for reflective XSS vulnerabilities. 我一直在编写脚本来检查反射性XSS漏洞。 So far, it has an input for a URL with * in place of queries and an error checker for malformed URLs.
到目前为止,它具有URL的输入(带有*代替查询)和错误检查器,用于格式错误的URL。 It also has a file uploader for users to upload "payloads".
它还有一个文件上传器,供用户上传“有效载荷”。 However, I recently made a part that replaces * with the contents of the payload, and then for debugging purposes, I made it
alert()
the variable with the file contents. 但是,我最近制作了一个用有效载荷的内容替换*的部件,然后出于调试目的,我将其具有文件内容的变量
alert()
了。 However, its not working. 但是,它不起作用。 Here's my code:
这是我的代码:
function selectPayload(y) { var fr = new FileReader(); fr.readAsText(document.getElementById('file').files[0]); fr.onload = function() { var dir = fr.result; var payload = y.replace("*", fr.result); alert(payload); }; } function myFunction() { var errors = []; var x = document.getElementById("myText").value; if (!x.includes("http://") && !x.includes("https://")) { errors.push('missing HTTP or HTTPS in URL'); } if (!x.includes("*")) { errors.push('missing * in place of query') } // Renders errors if (errors.length) { x = 'Error: ' + errors.join(', ') + '!'; } document.getElementById("demo").innerHTML = x; selectPayload(x); }
<!DOCTYPE html> <html> <head> <title>Slingshot.XSS</title> </head> <body style="font-family:monospace;" align="center"> <h2>Slingshot.XSS</h2> <h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3> <h4>Please report all issues to <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at email@example.com.</h4> <a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a> <br /> <h4>Enter a URL with <b>*</b> in the place of query.</h4> <h5>Example: <code>https://www.google.com/#q=*</code></h5> <input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button> <p id="demo">No Submitted URL</p> <h4>Select a payload:</h4> <h5>Default payloads in <code>payloads</code></h5> <input type="file" id="file"> <button onclick="selectPayload()">Submit</button> </body> </html>
What am I doing wrong? 我究竟做错了什么?
You have the second button calling the wrong function. 您有第二个按钮调用了错误的功能。 Changed to call
myFunction()
instead of selectPayload()
. 更改为调用
myFunction()
而不是selectPayload()
。 Unless you intended to call selectPayload()
with the second button, in which case you neet to pass it an argument like it expects. 除非您打算使用第二个按钮调用
selectPayload()
,否则在这种情况下,您无需向其传递期望的参数。
function selectPayload(y) { var fr = new FileReader(); fr.readAsText(document.getElementById('file').files[0]); fr.onload = function() { var dir = fr.result; var payload = y.replace("*", fr.result); alert(payload); }; } function myFunction() { var errors = []; var x = document.getElementById("myText").value; if (!x.includes("http://") && !x.includes("https://")) { errors.push('missing HTTP or HTTPS in URL'); } if (!x.includes("*")) { errors.push('missing * in place of query') } // Renders errors if (errors.length) { x = 'Error: ' + errors.join(', ') + '!'; } document.getElementById("demo").innerHTML = x; selectPayload(x); }
<!DOCTYPE html> <html> <head> <title>Slingshot.XSS</title> </head> <body style="font-family:monospace;" align="center"> <h2>Slingshot.XSS</h2> <h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3> <h4>Please report all issues to <a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at keeganjkuhn@gmail.com.</h4> <a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a> <br /> <h4>Enter a URL with <b>*</b> in the place of query.</h4> <h5>Example: <code>https://www.google.com/#q=*</code></h5> <input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button> <p id="demo">No Submitted URL</p> <h4>Select a payload:</h4> <h5>Default payloads in <code>payloads</code></h5> <input type="file" id="file"> <button onclick="myFunction()">Submit</button> </body> </html>
Here: I've found code that will work: 在这里:我发现了可以使用的代码:
<!DOCTYPE html>
<html>
<head>
<title>Slingshot.XSS</title>
</head>
<body style="font-family:monospace;" align="center">
<script>
function selectPayload() {
var x = document.getElementById("myText").value;
var fr = new FileReader();
fr.readAsText(document.getElementById('file').files[0]);
fr.onload = function() {
var dir = fr.result;
var payload = x.replace("*", fr.result);
alert(payload);
};
}
function myFunction() {
var errors = [];
var x = document.getElementById("myText").value;
if (!x.includes("http://") && !x.includes("https://")) {
errors.push('missing HTTP or HTTPS in URL');
}
if (!x.includes("*")) {
errors.push('missing * in place of query')
}
// Renders errors
if (errors.length) {
x = 'Error: ' + errors.join(', ') + '!';
}
document.getElementById("demo").innerHTML = x;
}
</script>
<h2>Slingshot.XSS</h2>
<h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3>
<h4>Please report all issues to
<a href="https://github.com/keeganjk/slingshot.xss/issues"></a> or contact me at keeganjkuhn@gmail.com.</h4>
<a href="github.com/keeganjk/slingshot.xss" style="font-family:monospace" align="center">Source Code / Learn More</a>
<br />
<h4>Enter a URL with <b>*</b> in the place of query.</h4>
<h5>Example: <code>https://www.google.com/#q=*</code></h5>
<input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button>
<p id="demo">No Submitted URL</p>
<h4>Select a payload:</h4>
<h5>Default payloads in <code>payloads</code></h5>
<input type="file" id="file"> <button onclick="selectPayload()">Submit</button>
</body>
</html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.