xssprobe icon indicating copy to clipboard operation
xssprobe copied to clipboard

Published 20 hours ago verified publisher icon evilcos

Metadata

xss probe to steal page info: browser, ua, lang, referer, location, toplocation, cookie, domain, title, screen, flash, etc.

Results 1 xssprobe issues
Sort by recently updated
recently updated
newest added

修改两处

1 comment

1 json标准中都是使用双引号的,http://www.json.org/json-zh.html 。最近使用django和您的xss probe写一个xss平台,发现python的json.loads()等函数在处理单引号的json的时候会报错。规范一下比较好。 2 去掉了window.onload 这样在部分xss利用场景中可以插入xss代码后就立即起作用。比如我上面自己写的平台,构造一个dom xss,提供一个文本框,点击后插入到html中,如果使用window.onload,就不会起作用。 我说的有什么问题,还希望大神提出来~~

virusdefender avatar virusdefender

Metadata

223
Stars
90
Forks
Watchers

Owner

verified publisher icon evilcos

Metadata

xss probe to steal page info: browser, ua, lang, referer, location, toplocation, cookie, domain, title, screen, flash, etc.

Back