2010年11月2日 星期二

How to embed your site on another site

Source

http://drnicwilliams.com/wp-content/uploads/2006/11/xss_magic.js

function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d+)/, '');
var iever = (rslt != null && Number(rslt[1]) >= 5.5 && Number(rslt[1]) <= 7 );
}
return iever;
}

MyXssMagic = new function() {
var BASE_URL = 'http://drnicwilliams.com/wp-content/uploads/2006/11/';
var STYLESHEET = BASE_URL + "xss_magic.css"
var CONTENT_URL = BASE_URL + 'people_list.js';
var ROOT = 'my_xss_magic';

function requestStylesheet(stylesheet_url) {
stylesheet = document.createElement("link");
stylesheet.rel = "stylesheet";
stylesheet.type = "text/css";
stylesheet.href = stylesheet_url;
stylesheet.media = "all";
document.lastChild.firstChild.appendChild(stylesheet);
}

function requestContent( local ) {
var script = document.createElement('script');
// How you'd pass the current URL into the request
// script.src = CONTENT_URL + '&url=' + escape(local || location.href);
script.src = CONTENT_URL;
document.getElementsByTagName('head')[0].appendChild(script);
}

this.init = function() {
this.serverResponse = function(data) {
if (!data) return;
var div = document.getElementById(ROOT);
var txt = "";
for (var i = 0; i < data.length; i++) {
if (txt.length > 0) { txt += ", "; }
txt += data[i];
}
div.innerHTML = "<strong>Names:</strong> " + txt; // assign new HTML into #ROOT
div.style.display = 'block'; // make element visible
div.style.visibility = 'visible'; // make element visible
}

requestStylesheet(STYLESHEET);
document.write("<div id='" + ROOT + "' style='display: none'></div>");
requestContent();
var no_script = document.getElementById('no_script');
if (no_script) { no_script.style.display = 'none'; }
}
}
MyXssMagic.init();



http://drnicwilliams.com/wp-content/uploads/2006/11/xss_magic.css

#my_xss_magic {
background: #ff7;
padding: 7px;
}


http://drnicwilliams.com/wp-content/uploads/2006/11/people_list.js

MyXssMagic.serverResponse(['Dr Nic', 'Banjo', 'Angus']);


other :
http://www.informit.comarticles/article.aspx?p=603037
XSS (Cross Site Scripting) Cheat Sheet
HTML Purifier XSS Attacks Smoketest

【下列文章您可能也有興趣】

下午5:16
標籤: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)