从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 标题:XSS in hidden input fields 2. 作者:Gareth Heyes 3. 发布日期:16 November 2015 at 11:25 UTC 4. 更新日期:14 June 2019 at 12:03 UTC 5. 漏洞描述: - XSS in hidden inputs is frequently very difficult to exploit because typical JavaScript events like onmouseover and onfocus can't be triggered due to the element being invisible. - The author decided to investigate further to see if it was possible to exploit this on a modern browser. They found that the onclick event would be called on the hidden input when it activated via an access key. - The vector used was: - This vector isn't ideal because it involves some user interaction, but it's vastly better than expression() which only works on IE<=9. 6. 工作原理: - The author thought about access keys and wondered if the onclick event would be called on the hidden input when it activated via an access key. - They found that this works on Firefox, where the key combination is ALT+SHIFT+X on Windows and on OS X it is CTRL+ALT+X. - You can specify a different key combination using a different key in the access key attribute. 7. 更新: - The technique now works in Chrome and link/meta and any other elements. - It also works in link elements where you only control attributes can be exploited using this technique. - For example, if you have a link element with a rel attribute on canonical, if you inject the accesskey attribute with an onclick event then you have XSS. - The vector used is: 8. POC: - The POC using link elements is available. - The author suggests visiting the Web Security Academy to learn more about cross-site scripting (XSS). 这些信息详细描述了如何利用隐藏输入字段的XSS漏洞,以及如何通过访问键触发 onclick 事件来执行 XSS 攻击。