README
¶
compare比较规则记录
属性
比较内容:数量,key,value 是否继续比较:false 特殊属性:style,
text
比较内容:data 是否继续比较:false
tag
比较内容:data 是否继续比较:false
注释
比较内容:data 是否继续比较:false
问题
script 标签内检测,例:example7.php example8.php特殊情况 example9.php自己x自己,没意义
NewXssFuzz方法提取get和post参数 多个参数如何fuzz:GenFuzzParams
script处检查不严谨
所有回显位置
属性、text、comment、path
所有绕过方式
大小写、双写、单引号,双引号,无引号、a标签伪协议、/代替属性的空格、 <img/src=x onerror=alert(1)>,,
构造payload
属性(单引号、双引号、没引号),文本(script标签)
后端行为猜测
直接插入文本(闭合标签内文本、闭合属性)
过滤
php后端htmlspecialchars
特殊位置绕过方式 属性可以html实体编码,
参考文献 https://www.freebuf.com/vuls/256239.html https://www.ddosi.org/xss-bypass/#%E6%B2%A1%E6%9C%89%E8%BF%87%E6%BB%A4%E5%99%A8%E8%A7%84%E9%81%BF%E7%9A%84%E5%9F%BA%E6%9C%AC_XSS_%E6%B5%8B%E8%AF%95 https://github.com/payloadbox/xss-payload-list https://github.com/ethicalhackersrepo/Xss-payloads
Documentation
¶
Index ¶
- Constants
- Variables
- func AddElement2Set(arr *[]string, e string)
- func GenPayload(testStr string, ends []string) []string
- func GenerateXPath(node *html.Node) string
- func IsEscaped(s string) bool
- func MatchBetween(srcBody interface{}, start string, end string, n int) (int, string)
- func Node2Raw(node *html.Node) string
- func RandSafeString(n int) string
- func RandStrFromCharSet(charSet string, n int) string
- func RandomUpperAndLower(s string) string
- func WalkNode(node *html.Node, handler func(node *html.Node)) error
- func Walker(h interface{}, handler func(node *html.Node)) error
- type DiffInfo
- type MatchNodeInfo
- type MatchType
- type OutputPosType
Constants ¶
const ( StructLarger = "node1 contains node2" StructSmaller = "node2 contains node1" )
Variables ¶
var Exports = map[string]interface{}{ "Walker": Walker, "CompareHtml": CompareHtml, "GenerateXPath": GenerateXPath, "Find": FindNodeFromHtml, "RandomUpperAndLower": RandomUpperAndLower, "MatchBetween": MatchBetween, }
Functions ¶
func AddElement2Set ¶
func GenPayload ¶
func GenerateXPath ¶
GenerateXPath 根据节点引用生成一个节点的 XPath 路径 Example: ``` xhtml.Walker("<html><body><div>hello</div></body></html>", func(node) { println(xhtml.GenerateXPath(node)) }) ```
func MatchBetween ¶
MatchBetween 从字符串中匹配两个字符串之间的内容,最多匹配 n 个字符,n 为 -1 时不限制 返回匹配到的内容的起始位置与匹配到的内容 Example: ``` xhtml.MatchBetween("123456789", "2", "6", -1) // 2, "345" ```
func RandSafeString ¶
func RandStrFromCharSet ¶
func RandomUpperAndLower ¶
RandomUpperAndLower 返回一个随机大小写的字符串 Example: ``` xhtml.RandomUpperAndLower("target") // TArGeT ```
Types ¶
type DiffInfo ¶
type DiffInfo struct {
OriginRaw string
FuzzRaw string
XpathPos string
Reason string
Type OutputPosType
Node *html.Node
}
func CompareHtml ¶
CompareHtml 比较两段 HTML 代码的差异,返回差异的节点信息结构体引用切片与错误 Example: ``` diff, err = xhtml.CompareHtml(html1, html2) ```
type MatchNodeInfo ¶
type MatchNodeInfo struct {
Xpath string
TagName string
MatchNode *html.Node
MatchText string
Key, Val, Quote string
// contains filtered or unexported fields
}
func FindNodeFromHtml ¶
func FindNodeFromHtml(htmlRaw interface{}, matchStr string) []*MatchNodeInfo
Find 解析并遍历一段 HTML 代码的每一个节点并找到匹配字符串的节点,返回匹配字符串的节点信息的引用切片 Example: ``` matchInfoRes = xhtml.Find("<html><body><div>hello</div></body></html>", "hello") ```
func (*MatchNodeInfo) IsAttr ¶
func (m *MatchNodeInfo) IsAttr() bool
func (*MatchNodeInfo) IsCOMMENT ¶
func (m *MatchNodeInfo) IsCOMMENT() bool
func (*MatchNodeInfo) IsText ¶
func (m *MatchNodeInfo) IsText() bool
type OutputPosType ¶
type OutputPosType string
const ( Tag OutputPosType = "Tag" Text OutputPosType = "Text" Attr OutputPosType = "Attr" AttrHref OutputPosType = "AttrHref" AttrOnxxx OutputPosType = "AttrOnxxx" )
Source Files