网站地图    收藏   

主页 > 后端 > 网站安全 >

XSS technique without parentheses - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-17 13:02 作者: 阅读:

[导读] This is a very old technique I discovered years ago which I used to bypass a filter and itrsquo;s pretty awesome. It might come in handy to bypass a WAF or filter ......

This is a very old technique I discovered years ago which I used to bypass a filter and it’s pretty awesome. It might come in handy to bypass a WAF or filter since it’s not public until now. First you need to understand (which you probably do) that the window object is the default object in JavaScript and every time you execute code it’s like you’ve run a with statement on the window if your not more specific. So stuff like onload is really window.onload and so on lets see if you can guess what comes next….
 
So in JavaScript we have a onerror handler which is also on the window object, this means if we assign a function to onerror we can call it by generating a JavaScript error! How do we generate a JavaScript error? Throw is a nice way, this means throw can pass an argument to a function you can create some pretty awesome crazy looking JavaScript.
 
 
onerror=alert;throw 1;
 
 
www.2cto.com This works on every browser apart from Firefox *, Safari and IE will just call the function with the argument but Chrome and Opera add uncaught to the argument. This is no big deal though since we can just modify it slightly and use a different object as an argument such as a string.
 
 
onerror=eval;throw'=alert\x281\x29';
 
 
Thought I’d post this before this technique gets lost forever and I forget about it pretty awesome XSS eh? 
 
* Does actually work in Firefox. My site was disabling the error handling.
 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论