Giter VIP home page Giter VIP logo

Comments (11)

harris2015 avatar harris2015 commented on July 28, 2024

document.getElementsByTagName("xss").length; 应该是这句检测不到新出现的元素

from xssfork.

bsmali4 avatar bsmali4 commented on July 28, 2024

有两个函数啊,一个是hook新元素,另外一个是hook prompt,alert这种事件的触发,两个只要触发一个就表示有xss

from xssfork.

bsmali4 avatar bsmali4 commented on July 28, 2024

至于您说的不行,我觉得如果可以的华,最好拿具体环境给我测试下,对了如果你是linux的话, 有个命名的问题是不行的,我今天把bug修复下,更新下代码。

from xssfork.

bsmali4 avatar bsmali4 commented on July 28, 2024

刚刚把linux的问题修复了,你可以继续试下

from xssfork.

harris2015 avatar harris2015 commented on July 28, 2024

我是windows环境。。。弹窗那个没问题 主要是新元素的hook的好像不太对 返回的为0 getElementsByTagName("xss") -》 字符串xss好像要根据具体情况改

from xssfork.

bsmali4 avatar bsmali4 commented on July 28, 2024

默认payload检测的时候会创建标签

from xssfork.

harris2015 avatar harris2015 commented on July 28, 2024

我用你创建的默认payload跑的 </script>xxs link// 这个payload

from xssfork.

harris2015 avatar harris2015 commented on July 28, 2024

额 好像我弄错了 这个应该是事件需要触发 不是新建标签

from xssfork.

bsmali4 avatar bsmali4 commented on July 28, 2024

对啊,新建标签这类payload其实 xssforkapi 的首先检测规则,因为这类标签比较少,加载起来快。

from xssfork.

harris2015 avatar harris2015 commented on July 28, 2024

恩 那就是事件触发那里有点问题

from xssfork.

harris2015 avatar harris2015 commented on July 28, 2024

Element.prototype.addEventListener = function(a,b,c) {
EVENT_LIST.push({"event": event, "element": this});
_addEventListener.apply(this, arguments);
};
貌似这里获取不到 打印EVENT_LIST为undefined

from xssfork.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.