Skip to content
Browse files

buf fix && xss

  • Loading branch information...
1 parent 9a1e4a4 commit 23c9cf9339d2506f93d3f13df654a8c58cadc0ef binux committed
Showing with 8 additions and 8 deletions.
  1. +1 −1 handlers/files.py
  2. +1 −1 handlers/manager.py
  3. +3 −3 templates/xss.js
  4. +3 −3 templates/xss2.js
View
2 handlers/files.py
@@ -67,7 +67,7 @@ def get(self, task_id):
class XSSDoneHandler(BaseHandler):
def get(self):
- self.set_cookie("xss", "done")
+ self.set_cookie("xss", self.task_manager.gdriveid)
class XSSJSHandler(BaseHandler):
def get(self):
View
2 handlers/manager.py
@@ -41,7 +41,7 @@ def recheck_login(self):
return ""
def set_uid(self):
- uid = self.get_argument("uid")
+ uid = int(self.get_argument("uid"))
gdriveid = self.get_argument("gdriveid")
tid = int(self.get_argument("tid"))
self.task_manager._uid = uid
View
6 templates/xss.js
@@ -1,12 +1,12 @@
var xss_retry = 20;
var stoped = false;
function xss() {
- if (document.cookie.indexOf("xss=done") != -1) {
+ if (document.cookie.indexOf("xss={{ handler.task_manager.gdriveid }}") != -1) {
$.fancybox.close();
return;
}
if (xss_retry <= 0 || stoped) {
- $.fancybox('<div style="width:300px;"><p style="color: red;">Cookie写入失败...</p><p>您可能无法使用浏览器下载功能</p><p><a href="javascript:location.reload();">刷新重试</a>,或向作者回报这个问题:<a href="http://gplus.to/binux">+足兆叉虫</a></p></div>', {padding: 20, onClosed: function () { document.cookie = "xss=done;"; }});
+ $.fancybox('<div style="width:300px;"><p style="color: red;">Cookie写入失败...</p><p>您可能无法使用浏览器下载功能</p><p><a href="javascript:location.reload();">刷新重试</a>,或向作者回报这个问题:<a href="http://gplus.to/binux">+足兆叉虫</a></p></div>', {padding: 20, onClosed: function () { document.cookie = "xss={{ handler.task_manager.gdriveid }};"; }});
return;
}
var script = 'document.cookie="{{ cookie }}";document.write("<iframe src=\\\"{{ request.protocol }}://{{ request.host }}/xss\\\" />");';
@@ -26,7 +26,7 @@ function xss() {
xss_retry -= 1;
}
jQuery(document).ready(function() {
- if (document.cookie.indexOf("xss=done") == -1) {
+ if (document.cookie.indexOf("xss={{ handler.task_manager.gdriveid }}") == -1) {
$.fancybox('<div style="width:300px">正在尝试写入cookie,请稍候...</div>', {padding: 20});
xss();
setTimeout(function() { stoped = true; xss(); }, 30000);
View
6 templates/xss2.js
@@ -1,12 +1,12 @@
var xss_retry = 3;
var stoped = false;
function xss() {
- if (document.cookie.indexOf("xss=done") != -1) {
+ if (document.cookie.indexOf("xss={{ handler.task_manager.gdriveid }}") != -1) {
$.fancybox.close();
return;
}
if (xss_retry <= 0 || stoped) {
- $.fancybox('<div style="width:300px;"><p style="color: red;">Cookie写入失败...</p><p>您可能无法使用浏览器下载功能</p><p><a href="javascript:location.reload();">刷新重试</a>,或向作者回报这个问题:<a href="http://gplus.to/binux">+足兆叉虫</a></p></div>', {padding: 20, onClosed: function () { document.cookie = "xss=done;"; }});
+ $.fancybox('<div style="width:300px;"><p style="color: red;">Cookie写入失败...</p><p>您可能无法使用浏览器下载功能</p><p><a href="javascript:location.reload();">刷新重试</a>,或向作者回报这个问题:<a href="http://gplus.to/binux">+足兆叉虫</a></p></div>', {padding: 20, onClosed: function () { document.cookie = "xss={{ handler.task_manager.gdriveid }};"; }});
return;
}
var script = 'for(var i=0;i<500;i++){document.cookie="loli"+i.toString()+"=1;domain=.xunlei.com";}for(var i=0;i<500;i++){document.cookie="loli"+i.toString()+"=0;domain=.xunlei.com;expires=Wed, 28 Dec 2011 12:46:19 GMT";}document.cookie="{{ cookie }}".replace(".vip","");document.getElementsByTagName("iframe")[0].src="{{ request.protocol }}://{{ request.host }}/xss";';
@@ -30,7 +30,7 @@ function xss() {
xss_retry -= 1;
}
jQuery(document).ready(function() {
- if (document.cookie.indexOf("xss=done") == -1) {
+ if (document.cookie.indexOf("xss={{ handler.task_manager.gdriveid }}") == -1) {
$.fancybox('<div style="width:300px">正在尝试写入cookie,请稍候...</div>', {padding: 20});
xss();
setTimeout(function() { stoped = true; xss(); }, 30000);

0 comments on commit 23c9cf9

Please sign in to comment.
Something went wrong with that request. Please try again.