Jump to content

Title: Daily SRC in xss tips

UKhackteam
UKhackteam
in Hacker Cracking / Penetration Testing / Cybersecurity

Featured Replies

Posted

0x00 Preface

Regarding the public test and exclusive test, how to pick up xss holes, hydrology, hydrology, hydrology!

0x01  Daily Test

Daily boring testing site. When you are in penetration testing, you find that there is an html tag calling the image in the server, and it is the type that adds the server IP address. You can try to fuzz by modifying the host header to detect whether there is xss.1049983-20221205120118289-2003703296.jpg 1049983-20221205120119178-982184139.jpg Seeing this situation, we can roughly guess that the latter code may look like: img src='?php echo 'http://{$_SERVER['HTTP_HOST']}/'?xxx/aaa.png'/This seems very simple. Modifying the host in the request package can cause xss.1049983-20221205120119915-1550751559.jpg

Success pop-up window 1049983-20221205120120690-217287024.jpg 1049983-20221205120121286-2038736915.jpg The tips to pick up rags were completed.

Reprinted from the original link: https://blog.csdn.net/Guapichen/article/details/124040935?spm=1001.2014.3001.5501

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Reply to this topic...
    Go to topic listing

    Important Information

    HackTeam Cookie PolicyWe have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.