动态脚本黑客回调

发布于 2024-12-13 22:57:08 字数 1021 浏览 1 评论 0原文

我有一个仅包含字符串的页面，需要从不同域中的页面读取它。我尝试通过动态脚本 hack 来完成此操作（以避免安全限制），并且可以读取该字符串，但无法将其带入回调中以继续在变量中使用它。

我的问题是我只需要使用 javascript 来完成它。

这是我当前使用的代码：

index.html:

<html>
<head>
<script type="text/javascript">
    function xss_ajax(url) {
        var script_id = null;
        var script = document.createElement('script');
        script.setAttribute('type', 'text/javascript');
        script.setAttribute('src', url);
        script.setAttribute('id', 'script_id');

        script_id = document.getElementById('script_id');
        if(script_id){
            document.getElementsByTagName('head')[0].removeChild(script_id);
        }

        document.getElementsByTagName('head')[0].appendChild(script);
    }

    var url = "http://otherdomain.com/ping.html";

    xss_ajax(url);
</script>
</head>
<body>
</body>
</html>

ping.html:

1|1739

非常感谢，抱歉我的英语。

原文

I have a page that only contains a string and need to read it from a page in a different domain. I have tried to do it via a dynamic script hack (to avoid the security restrictions) and can read that string but cant bring it in a callback to keep working with it in a variable.

My problem is that I need to do it only using javascript.

Here is the code that I am currently using:

index.html:

<html>
<head>
<script type="text/javascript">
    function xss_ajax(url) {
        var script_id = null;
        var script = document.createElement('script');
        script.setAttribute('type', 'text/javascript');
        script.setAttribute('src', url);
        script.setAttribute('id', 'script_id');

        script_id = document.getElementById('script_id');
        if(script_id){
            document.getElementsByTagName('head')[0].removeChild(script_id);
        }

        document.getElementsByTagName('head')[0].appendChild(script);
    }

    var url = "http://otherdomain.com/ping.html";

    xss_ajax(url);
</script>
</head>
<body>
</body>
</html>

ping.html: