javascript - XSS注入和innerhtml(XSS injection and innerhtml)

Question

I am trying to learn about XSS vulnerabilities and am having some issue grasping the concept.(我正在尝试了解XSS漏洞，并且在掌握该概念时遇到了一些问题。)

I have a test site http://mytestpage/index.html and am trying to launch an alert box via xss from a secondary page http://xsstest.html .(我有一个测试站点http：//mytestpage/index.html ，正在尝试从辅助页面http：//xsstest.html通过xss启动警报框。) I can not seem to get the alert to occur.(我似乎无法得到警报的发生。) I think my issue is that the code from my xsstest page is not injecting into my mytestpage/index.html page.(我认为我的问题是我的xsstest页面中的代码没有注入到mytestpage / index.html页面中。) I am trying to use innerhtml as the posts I read seemed to leverage this in XSS testing.(我正在尝试使用innerhtml，因为我阅读的帖子似乎在XSS测试中利用了这一点。) I am fairly certain that I am not using the innerhtml correctly or pehaps it is not the right "tool for the job" and i am running down the wrong path.(我可以肯定的是，我没有正确使用innerhtml，或者它可能不是正确的“工作工具”，而且我走错了路。) Any suggestions would be appreciated.(任何建议，将不胜感激。) My code for the XSS test is as follows:(我的XSS测试代码如下：) <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <title>XSS TEST PAGE</title> </head> <body> <body onload="document.forms[0].submit()"> <form method="POST" id="test" onsubmit="test()" action="http://mytestpage/index.html" > </form> </body> <script> function test(){ alert("Hiya buddy!"); } document.getElementById().innerHTML = test(); </script> </html> The test homepage code is as follows:(测试首页代码如下：) <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <title>My Test Home Page</title> </head> <body> <form method="post"> <label>Enter Your Name:</label> <input type="text" name="myname"> <button class="btn" type="submit" name="action" value="submit">Submit</button> </form> </body> </html>   ask by RookieMistake translate from so

Answer 1

This right here is no bueno:(这里的权利不是布宜诺斯艾利斯：)

<script> function test( ){ alert("Hiya buddy!"); } document.getElementById().innerHTML = test(); </script> document.getElementById() requires you pass it the ID of an element.(document.getElementById()要求您向其传递元素的ID。) So, for example, if there's a div on the page with the ID of #alert , you'd do document.getElementById('alert') .(因此，例如，如果页面上有一个ID为#alert的div ， #alert执行document.getElementById('alert') 。) You also can't assign a function to the inner HTML of an element.(您也不能将函数分配给元素的内部HTML。) You need to create a script element and then append it to the document or another element.(您需要创建一个script元素，然后将其附加到文档或其他元素。) Instead, try:(相反，请尝试：) <script> let myTest = document.createElement('script') myTest.text = ` function test() { alert('Hiya buddy!') }; test(); ` const body = document.querySelector('body') body.appendChild(myTest) </script>