• XSS测试环境(Flask实现)


    文档结构:

    XSS.html

     1 from flask import Flask,render_template,request
     2 from flask_wtf import FlaskForm
     3 from wtforms import StringField,SubmitField
     4 app=Flask(__name__)
     5 app.config['SECRET_KEY'] = 'hard to guess string'
     6 class InputForm(FlaskForm):
     7     string=StringField()
     8     sub=SubmitField('submit')
     9     
    10 @app.route('/',methods=['GET', 'POST'])    
    11 def fontPage():
    12     info=InputForm()
    13     if request.method=='POST':
    14         string=request.form['string']
    15         return render_template('show.html',string=string)
    16     return render_template('form.html',info=info)
    17 
    18 if __name__=='__main__':
    19     app.run()

    form.html

     1 <!DOCTYPE html>
     2 <html lang="en">
     3 <head>
     4     <meta charset="UTF-8">
     5     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     6     <meta http-equiv="X-UA-Compatible" content="ie=edge">
     7     <title>Document</title>
     8 </head>
     9 <body>
    10     <form method="POST">
    11         {{info.string()}}
    12         {{info.sub()}}
    13     </form>
    14 </body>
    15 </html>

    show.html

     1 <!DOCTYPE html>
     2 <html lang="en">
     3 <head>
     4     <meta charset="UTF-8">
     5     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     6     <meta http-equiv="X-UA-Compatible" content="ie=edge">
     7     <title>Document</title>
     8 </head>
     9 <body>
    10     what you input is:
    11     {{string|safe}}  <!--注意这里"|safe"关闭jinja2自动转义功能-->
    12 </body>
    13 </html>

    测试:

    1.运行:

    2.输入测试脚本:

    3.提交触发漏洞:

    一个简单的Python实现的XSS漏洞环境就完成了!

  • 相关阅读:
    【BZOJ】1552/3506 [Cerc2007]robotic sort
    【BZOJ】1014 [JSOI2008]火星人prefix
    【BZOJ】1500: [NOI2005]维修数列
    【51NOD-0】1046 A^B Mod C
    【51NOD-0】1019 逆序数
    【51NOD-0】1018 排序
    【51NOD-0】1012 最小公倍数LCM
    The Grove(poj 3182)
    Iahub and Permutations(codeforces 314c)
    多边形之战(bzoj 2927)
  • 原文地址:https://www.cnblogs.com/devlige/p/8433405.html
Copyright © 2020-2023  润新知