一个不错的IE漏洞查找(HTML源码)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><!-- saved from url=(0060)http://metasploit.com/users/hdm/tools/domhanoi/domhanoi.html -->
<HTML><HEAD><TITLE>DOM-Hanoi v0.2</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<SCRIPT>
/*
---===[ DOM-Hanoi v0.2
H D Moore :: hdmmetasploit.com
Aviv Raff :: avivragmail.com
(c) 2006 All rights reserved.
]===---
*/
var ctrls = new Array(
"a",
"abbr",
"acronym",
"address",
//"applet",
"area",
"b",
"base",
"basefont",
"bdo",
"bgsound",
"big",
"blink",
"blockquote",
"br",
"button",
"caption",
"center",
"cite",
"code",
"col",
"colgroup",
"comment",
// "custom", use XMLNS ?
"dd",
"del",
"dfn",
"dir",
"div",
"dl",
"dt",
"em",
"embed",
"fieldset",
"font",
"form",
"frame",
"frameset",
"head",
"h1",
"h2",
"h3",
"h4",
"h5",
"h6",
"hr",
"html",
"i",
"iframe",
"img",
"input",
/* "input type='button'",
"input type='checkbox'",
"input type='hidden'",
"input type='image'",
"input type='password'",
"input type='radio'",
"input type='reset'",
"input type='submit'",
"input type='text'",
*/
"ins",
"isindex",
"kbd",
"label",
"legend",
"li",
"link",
"listing",
"map",
"marquee",
"menu",
"meta",
"nobr",
"noframes",
"noscript",
"object",
"ol",
"optgroup",
"option",
"p",
"param",
"plainText",
"pre",
"q",
"rt",
"ruby",
"s",
"samp",
"script",
"select",
"small",
"span",
"strike",
"strong",
"style",
"sub",
"sup",
"table",
"tbody",
"td",
"textarea",
"tfoot",
"th",
"thead",
"title",
"tr",
"tt",
"u",
"ul",
"var",
"wbr",
"xml",
"xmp"
)
var maxLevel=0;
var removeElement=false;
function appendAllTags(obj, level, top) {
for (var i in ctrls) {
try {
var t=document.createElement(ctrls);
var newTop=top+" - "+ctrls;
updateStatus("Adding "+newTop);
if (level<maxLevel) {
//window.setTimeout(function () { appendAllTags(t, level+1, newTop);obj.appendChild(t);if (removeElement) obj.removeChild(t);}, 15);
appendAllTags(t, level+1, newTop);
}
obj.appendChild(t);
if (removeElement) {
obj.removeChild(t);
}
}
catch (e) { }
}
}
function go() {
var cbxRC=document.getElementById("cbxRC");
removeElement=cbxRC.checked;
var maxLevelCont=document.getElementById("maxLevel");
maxLevel=parseInt(maxLevelCont.value);
var dcont=document.getElementById("dcont");
//window.setTimeout(function () { appendAllTags(dcont, 0, ""); }, 15);
appendAllTags(dcont, 0, "");
}
function updateStatus(status) {
var dStatus=document.getElementById("dStatus");
dStatus.innerText="Status: "+status;
window.status=status;
}
</SCRIPT>
<META content="MSHTML 6.00.2800.1555" name=GENERATOR></HEAD>
<BODY>
<H3>Welcome to <A
href="http://metasploit.com/users/hdm/tools/domhanoi/">DOM-Hanoi</A>.</H3>
<DIV>DOM-Hanoi is a community-developed utility for verifying browser integrity,
written by H D Moore and Aviv Raff.<BR>DOM-Hanoi will look for common DHTML
implementation flaws by adding/removing DOM elements, in a similar way to the
known <A href="http://en.wikipedia.org/wiki/Tower_of_Hanoi" target=_blank>Tower
of Hanoi</A> game.<BR>This utility may cause the browser to "freeze" for a long
period of time, this is OK, and interrupting the process will prevent all the
tests from completing. Some browsers will raise a warning if a script is taking
too long to execute - you will need to click "No, do not abort" or the
equivalent to allow all tests to complete. <BR></DIV><BR>Maximum recursion
level: <INPUT id=maxLevel value=3><BR><INPUT id=cbxRC type=checkbox
CHECKED><LABEL for=cbxRC>Remove element after append</LABEL><BR><BR><INPUT onclick=go() type=button value="Start Testing"><BR>
<DIV id=dStatus></DIV>
<DIV id=dcont style="VISIBILITY: hidden"></DIV></BODY></HTML>
本帖最后由 ansinjay 于 2009-5-20 04:48 编辑
······好久没看见雪风哥发贴了,难得呀,我在论坛找雪风大哥以前的教程,好多都是以前博客去下载的,但那个博客似乎不存在了,所以我求雪风哥以前发布过的教程,比如修改鸽子那个14课,我在论坛里面找了好久才找到了6课,是只出了6课还是什么原因我不清楚,还有就是那个修改鸽子为专用上线教程,我不想自己的DAT被别人拿去乱用,你的那个博客我去了,但好像已经不存在,打不开了,哪么多经典的教程就那样付之东流了,好可惜,所以在这里,我求雪风大哥以前发布过的所有教程,只要是你出的,不管什么,我都要,希望雪风大哥给个下载地址谢谢,黑狼和雪风我是永远支持的@!!!!!我的邮箱:kofzjf@tom.com 是保存一个页面,然后在空间上运行的吗? 感觉不错来看下
页:
[1]