一、环境:DVWA
二、修改网页链接
1、点击下面的网址,访问的是不同的内容
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084858750.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084907791.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084918829.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
2、通过xss漏洞,修改这些网址都指向百度
window.onload:当窗口加载时,执行匿名函数
3、在漏洞处输入上面代码,提交
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084931493.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
4、点击这些网址,都是跳转到百度,查看审查元素
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084939178.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
三、生成恶意链接(kali攻击,win7被攻击)
1、kali启动beff-xss
2、启动apache服务:service apache2 start
3、cd /var/www/html
修改index.html
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084948994.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
4、在xss漏洞处,输入,提交
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226084956826.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
5、被控端上线
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226085003832.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MTQ4OTkwOA==,size_16,color_FFFFFF,t_70)
禁止非法,后果自负
欢迎关注公众号:web安全工具库
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191226085014257.png)