-
Notifications
You must be signed in to change notification settings - Fork 146
/
index.html
105 lines (94 loc) · 3.48 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<!DOCTYPE html>
<html>
<head>
<title>Httphijack Test</title>
</head>
<style type="text/css">
.container{
overflow: hidden;
width: 800px;
}
.btn{
font-size: 18px;
display: block;
float: left;
padding: 10px;
cursor: pointer;
background-color: #03A9F4;
color: #fff;
margin-right: 20px;
margin-bottom: 40px;
}
.btn:hover{
background-color: #1B84B3;
}
.cf::after{
content: "";
visibility:hidden;
display: block;
height: 0;
clear: both;
}
#cnzz_stat_icon_1259441963 {
display: block;
width: 0;
height: 0;
overflow: hidden;
}
</style>
<body>
<a style="width:149px;height:149px;position:fixed;top:0;right:0;z-index:9999;" href="https://github.com/chokcoco/css3-" target="_blank">
<img src="http://chokcoco.github.io/demo/curveJS/images/forkme.png">
</a>
<div class="container">
<div class="group cf">
<div id='btn-inline-click' class="btn" onclick="alert('xss')">此按钮被注入恶意内联click事件</div>
<div id='btn-inline-click2' class="btn cf" onclick="alert('123')">此按钮被注入非恶意内联click事件</div>
</div>
<div class="group cf">
<a id='a-inline-href' class="btn" href="javascript:alert('xss')">此a标签href被注入javascript:恶意代码</a>
<a id='a-inline-href2' class="btn cf" href="javascript:alert('123')">此a标签href被注入javascript:非恶意代码</a>
</div>
<div class="group cf">
<div id='btn-append-xss-js' class="btn">动态添加可疑脚本文件</div>
<div id='btn-append-normal-js' class="btn">动态添加正常脚本文件</div>
</div>
<div class="group cf">
<div id='btn-setAttribute' class="btn">使用setAttribute添加XSS内容</div>
<div id='btn-document-write' class="btn">使用document-write添加XSS内容</div>
</div>
</div>
<script type="text/javascript" src='./httphijack1.0.0.js'></script>
<script>
window.httphijack.init();
// 动态添加可疑脚本文件
document.getElementById('btn-append-xss-js').addEventListener('click', function(){
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = './xss/b.js';
document.getElementsByTagName('body')[0].appendChild(script);
});
// 动态添加正常脚本文件
document.getElementById('btn-append-normal-js').addEventListener('click', function(){
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = './normal/normal.js';
document.getElementsByTagName('body')[0].appendChild(script);
});
// 动态添加正常脚本文件
document.getElementById('btn-document-write').addEventListener('click', function(){
document.write('XSS hijack');
});
// 动态添加正常脚本文件
document.getElementById('btn-setAttribute').addEventListener('click', function(){
var script = document.createElement('script');
script.setAttribute('type', 'text/javascript');
script.setAttribute('src', 'http://www.example.com/xss/c.js');
document.getElementsByTagName('body')[0].appendChild(script);
});
</script>
<script type="text/javascript" src="./xss/a.js"></script>
<!-- <iframe srcdoc="<p>XSS Hijack!</p>" src="http://www.baidu.com"></iframe> -->
<script type="text/javascript">var cnzz_protocol = (("https:" == document.location.protocol) ? " https://" : " http://");document.write(unescape("%3Cspan id='cnzz_stat_icon_1259441963'%3E%3C/span%3E%3Cscript src='" + cnzz_protocol + "s4.cnzz.com/z_stat.php%3Fid%3D1259441963' type='text/javascript'%3E%3C/script%3E"));</script>
</body>
</html>