mingzhi61 2022-02-13 05:09:33 阅读数:870
For more penetration courses, you can click on my avatar to watch my video , You can also click on the link below
JavaScript( abbreviation “JS”) It is a kind of lightweight with function priority , Interpreted or just in time compiled programming languages . That's the scripting language .
JavaScript and Java What's the difference ?JavaScript and Java It doesn't matter , Two different languages .
JavaScript Widely used Web application development , Used to add various dynamic functions to web pages , Provide users with more smooth and beautiful browsing effect .
Embed dynamic text in HTML page .
Respond to browser Events .
Reading and writing HTML Elements .
Validate data before it is submitted to the server .
Check the browser information of visitors .
control cookies, Including creation and modification .
browser --> development tool (F12)
take Js Turn into html Format , Look at the above. Js Very nonstandard , Click... In the lower left corner of the middle box {} You can standardize its format
1、 Find more attack surfaces (URL、 domain name 、 Path, etc )
Test station 、 Backstage path 、 Unpublished path 、api Address, etc.
2、 Discover sensitive information ( Hard coded account password 、API secret key 、 Annotations, etc. )
Hard coded account can log in 、 The test account can be logged in 、 Key disclosure 、 Development information in comments, etc
3、 Find dangerous code (eval、dangerouslySetInnerHTML wait )
XSS Loophole 、 Template Injection
4、 Understand the functions of the website
Analysis method
Search keywords :
$.ajax(
$.get(
$.post(
method:"get
http.get(“
path:"
route:"
For the current page js Do a global search :
firefox -->F12--> The debugger -->Ctrl+Shift+F
webpack It is currently the most popular front-end resource modular management and packaging tool .
There is .map file
• Use reverse-sourcemap Tools
•reverse-sourcemap -v app.3c8aa9676f686b3a7caf.js.map -o sourcecode
Analysis after restore , Test data found :
Log in and access with test data , Successfully logged in
The debugger of the developer tools of each browser is assisted by the package capture tool at the same time
Found website packet encryption , Then look for the logic to submit the login , Go to the next breakpoint , Then step through the debugging
Trace encryption function :
Search encryption function call method aesUtil.encryptAES()
Guess the packet decryption method aesUtil.decryptAES()
Encrypt and decrypt the data packet through the console , structure sql Injection of statements , Find a place SQLServer Of SQL Inject
Further, the data is directly output through encryption and decryption
copyright:author[mingzhi61],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/02/202202130509305869.html