src赏金xss反射型注入实战记录-WEB安全-看雪-安全社区|安全招聘|kanxue.com

src赏金xss反射型注入实战记录

发表于: 2021-5-7 16:40 1645

src赏金xss反射型注入实战记录

wx_里里

2021-5-7 16:40

1645

这篇文章是记录一次tumblr网站的反射型xss注入。
该漏洞的提交人是巴西的keer0k
1、进入页面后点击我的
图片描述
2、添加扩展到firefox

3、点击扩展进入分享页面

4、使用847K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2@1N6h3#2T1L8s2u0Q4x3X3g2U0L8$3#2Q4x3V1k6%4K9h3c8Y4k6i4c8K6i4K6u0r3M7$3S2S2M7X3g2Q4x3V1k6@1L8$3!0D9i4K6y4r3N6i4u0D9i4K6y4p5K9s2c8@1M7s2y4Q4x3U0f1K6b7g2)9J5y4e0u0r3i4K6t1#2x3V1k6C8k6h3g2J5L8$3E0Q4x3X3g2Y4K9i4c8Z5N6h3u0Q4x3X3g2A6L8#2)9J5y4e0u0r3i4K6t1$3j5h3#2H3i4K6y4n7N6r3W2@1L8r3g2Q4x3@1c8Q4x3U0f1K6b7$3q4Q4x3U0f1J5x3r3S2J5k6h3k6Q4x3@1c8Q4x3U0f1J5x3X3A6S2N6X3q4K6j5%4u0A6M7s2c8Q4x3@1q4S2L8r3g2J5N6q4)9J5z5r3c8G2j5%4g2E0k6h3&6@1i4K6u0W2k6r3!0E0j5h3W2F1i4K6t1&6i4K6y4n7i4K6u0r3i4K6u0r3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3g2$3K9h3I4Q4x3X3g2U0L8$3#2Q4x3V1k6Q4x3U0f1J5x3W2)9J5y4e0y4q4j5$3I4A6j5$3E0Q4x3U0f1J5x3r3#2W2i4K6t1#2x3@1y4Q4x3V1k6S2i4K6t1#2x3@1g2Q4x3U0k6S2L8i4m8Q4x3@1u0K6k6h3I4W2j5%4c8A6L8$3&6Q4x3@1c8U0L8r3W2U0K9#2)9J5y4e0t1H3K9h3&6Q4x3U0f1J5x3s2c8Z5k6g2)9J5y4e0t1H3L8r3W2F1K9#2)9J5y4e0t1H3j5h3k6@1k6i4u0Q4x3U0f1J5x3s2u0W2j5X3I4G2k6#2)9J5y4X3q4E0M7q4)9K6b7Y4y4Z5j5i4u0W2f1$3!0#2M7X3y4W2i4K6y4p5j5$3S2J5L8$3#2W2i4K6g2X3k6i4S2@1k6h3&6K6K9h3!0F1
图片描述
5、tumblr是可以发送html代码，代码发送后都会进行过滤，这里a标签跳转网页内容使用了//dc6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3g2$3K9h3I4Q4x3X3g2U0L8$3#2Q4c8e0S2Q4b7V1k6Q4z5e0W2Q4c8e0N6Q4b7e0N6Q4z5p5c8Q4c8e0k6Q4z5e0k6Q4b7U0W2Q4c8e0k6Q4b7U0y4Q4z5e0g2Q4c8e0S2Q4b7V1k6Q4z5f1u0Q4c8e0S2Q4b7e0q4Q4z5p5y4Q4c8e0c8Q4b7V1q4Q4z5o6k6Z5N6r3#2D9i4@1f1^5i4@1t1%4i4@1t1K6i4@1f1^5i4@1u0p5i4@1q4o6i4@1f1&6i4K6V1^5i4@1t1J5i4@1f1^5i4@1u0r3i4K6R3%4i4@1f1$3i4@1u0n7i4@1p5@1i4@1f1$3i4K6V1$3i4@1t1&6i4@1f1#2i4@1u0o6i4K6S2r3i4@1f1$3i4K6R3^5i4K6V1H3i4@1f1#2i4K6S2m8i4K6W2r3i4@1f1#2i4@1t1H3i4K6R3$3P5s2y4K6i4@1f1@1i4@1u0n7i4@1p5K6i4@1f1%4i4@1p5H3i4K6R3I4i4@1f1$3i4@1p5@1i4K6S2p5i4@1f1#2i4K6R3#2i4@1p5#2i4@1f1#2i4K6R3^5i4@1t1H3i4@1f1#2i4K6S2r3i4K6V1I4i4@1f1#2i4@1t1^5i4K6R3K6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1@1i4@1u0r3i4@1p5I4i4@1f1$3i4K6R3I4i4@1q4r3i4@1f1@1i4@1t1^5i4@1q4p5i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1u0r3i4K6W2n7i4@1f1#2i4K6R3#2i4@1p5#2i4@1f1$3i4K6R3^5i4K6V1I4i4@1f1%4i4K6W2m8i4K6R3@1N6s2g2E0j5X3I4J5i4@1f1&6i4@1p5I4i4@1t1#2i4@1f1&6i4K6W2p5i4@1p5J5i4@1f1#2i4K6S2p5i4K6V1#2i4@1f1#2i4K6R3%4i4@1u0n7i4@1f1^5i4@1u0p5i4@1q4o6i4@1f1#2i4K6S2r3i4K6V1I4
图片描述
6、点击click me进行跳转

7、成功弹出了xss的alert框并获取到域名

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

最后于 2021-5-7 16:49 被wx_里里编辑，原因：

收藏・1

免费・1

支持