Здесь я выложу все html коды, которыми оперирует набор
IE xss kit.
Cookies:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zExpires() {
var expires = new Date();
expires.setYear(expires.getYear() + 10);
return expires.toUTCString();
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zCookie = zDocument.cookie;
var zNew = zWindow.prompt('New Cookie?', zCookie);
if (zNew != null) {
var zNewCookie = zWindow.prompt('New Cookie:', '; EXPIRES=' + zExpires() + ';');
if (zNewCookie != null) zDocument.cookie = zNewCookie;
}
</script>
Action2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
with (zForms[i]) {
if (!zForms[i].zAction) {
innerHTML = '<input type="text" id="zAction" value="' + zConvert(action) + '" title="action" onChange="document.forms[' + i + '].action = this.value">' + innerHTML;
}
}
}
</script>
Checkbox2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
for (var j = 0; j <= zForms[i].elements.length - 1; j ++) {
with (zForms[i].elements[j]) {
if (type == 'checkbox') {
outerHTML = '<input type="text" name="' + name + '" id="' + name + '" value="' + zConvert(value) + '" title="' + type + ' / ' + name + '" onDblClick="this.outerHTML = \'\'">';
}
}
}
}
</script>
EventsOFF:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
for (var ii in zForms[i]) {
if (ii.match(/^on/i) && (zForms[i].getAttribute(ii) != null)) {
zForms[i].setAttribute(ii, null);
}
}
for (var j = 0; j <= zForms[i].elements.length - 1; j ++) {
for (var jj in zForms[i].elements[j]) {
if (jj.match(/^on/i) && (zForms[i].elements[j].getAttribute(jj) != null)) {
zForms[i].elements[j].setAttribute(jj, null);
}
}
}
}
</script>
Hidden2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
for (var j = 0; j <= zForms[i].elements.length - 1; j ++) {
with (zForms[i].elements[j]) {
if (type == 'hidden') {
outerHTML = '<input type="text" name="' + name + '" id="' + name + '" value="' + zConvert(value) + '" title="' + type + ' / ' + name + '">';
}
}
}
}
</script>
Method2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
with (zForms[i]) {
if (!zForms[i].zMethod) {
innerHTML = '<input type="text" id="zMethod" value="' + zConvert(method) + '" title="method" onChange="document.forms[' + i + '].method = this.value">' + innerHTML;
}
}
}
</script>
Radio2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
for (var j = 0; j <= zForms[i].elements.length - 1; j ++) {
with (zForms[i].elements[j]) {
if (type == 'radio') {
outerHTML = '<input type="text" name="' + name + '" id="' + name + '" value="' + zConvert(value) + '" title="' + type + ' / ' + name + '" onDblClick="this.outerHTML = \'\'">';
}
}
}
}
</script>
Select-One2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
for (var j = 0; j <= zForms[i].elements.length - 1; j ++) {
with (zForms[i].elements[j]) {
if (type == 'select-one') {
outerHTML = '<input type="text" name="' + name + '" id="' + name + '" value="' + zConvert(value) + '" title="' + type + ' / ' + name + '">';
}
}
}
}
</script>
Target2Text:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
function zConvert(text) {
var text2 = '';
for (var i = 0; i <= text.length - 1; i ++) {
if (text.charAt(i) != escape(text.charAt(i))) {
text2 += escape(text.charAt(i)).replace(/%/, '&#x') + ';';
} else {
text2 += text.charAt(i);
}
}
return text2;
}
var zWindow = external.menuArguments;
var zDocument = zWindow.document;
var zForms = zDocument.forms;
for (var i = 0; i <= zForms.length - 1; i ++) {
with (zForms[i]) {
if (!zForms[i].zTarget) {
innerHTML = '<input type="text" id="zTarget" value="' + zConvert(target) + '" title="target" onChange="document.forms[' + i + '].target = this.value">' + innerHTML;
}
}
}
</script>
LocationReplace:
Код HTML:
<script type="text/javascript">
// Created by zFailure
// Web-site: http://zfailure.narod.ru
var zWindow = external.menuArguments;
var zLocation = zWindow.location;
var zNewLocation = zWindow.prompt('New Location:', zLocation);
if (zNewLocation != null) zLocation.replace(zNewLocation);
</script>
=================================================
Вот все коды, кому нибудь они обязательно пригодятся.
PS Описание команд я буду постепенно добавлять в первый пост.
PSS спасибо zFailure за данный набор
