1. Image insertion
The colorful web pages we look at today are all because of the effects of images. Images can be inserted in HTML pages. Commonly used image formats on web pages are JPEG and GIF. There is only one tag to insert the picture, that is, the <img> tag, the general format is: <img src=filename>. The src attribute must be assigned a value in the <img> tag. This value can be the path and file name of the image file, and it can also be the URL. In addition, there are more commonly used attributes in the <img> tag.
① alt= function is to set the text displayed when the current mouse moves to the image.
②width= acts as setting the width of the image.
③Height= is used to set the height of the image.
For example: <img src=image/1.gif src="/uploads/allimg/140625/11541U642-0.gif" />
(Figure 2)
Enter the cross-site code <script>alert(cmd)</SCRIPT> in the input box of the complete Url address. After submitting, it was found that there was no cross-site effect. As shown in Figure 3, the data returned after entering the cross-site code. From this, it is shown that the system does not filter our data. This is an empirical question, and all the bad friends should remember it.
(Figure 3)
In the future, if some characters appear on the returned data after writing cross-site code, such as the <script> keyword is displayed, there is generally a cross-site vulnerability. If you are not at ease, you can view the source code and use the search function of Notepad to find cross-site keywords. There is no cross-site code filtering above, so why is there no cross-site? This is because the cross-site code is blocked by quotes, <, and > in HTML. In this case, the first thing is to check the code that returns to the client and find the cross-site code. Here we just need to search for the keyword cmd. Here is the key source code found: <td width=198 height=32>Avatar <img id=face src=<script>alert(cmd)</SCRIPT> width=32 height=32>**</td> We can see that our cross-site code is not filtered, but is blocked by < and > and single quotes, so we just need to avoid those characters and let <script>alert(cmd)</SCRIPT> exist in the code alone. This is still very easy to implement. After entering the code ><script>alert(cmd)</SCRIPT><, the whole statement becomes <img id=face src=<script>alert(cmd)</SCRIPT>< width=32 height=32>, thus achieving the cross-site effect, as shown in Figure 4.
(Figure 4)