当前位置:网站首页>手工挖XSS漏洞
手工挖XSS漏洞
2022-07-01 08:06:00 【Cwillchris】
一、 无过滤的 XSS 注入
访问:https://xss-quiz.int21h.jp
注:提示中的内容需要选中才会显示
例1:首先看一下页面的逻辑结构
输入1,点Search,,显示找不到1
F12查看代码,我们输入的 1被加载到页面中
我们加载<script>alert(document.domain);</script>,然后F12 看一下它在代码中的位置。 (document.domain #该属性是一个只读的字符串,包含了载入当前文档的 web 服务器的主机名。 )
输入<script>alert(document.domain);</script>,点Search,弹窗
边栏推荐
- Lm08 mesh series mesh inversion (fine)
- Long way to go with technology
- Uni hot update
- [MySQL learning notes27] stored procedure
- [getting started] intercepting strings
- [untitled]
- IMDB practice of emotion classification (simplernn, LSTM, Gru)
- [staff] high and low octave mark (the notes in the high octave mark | mark range are increased by one octave as a whole | low octave mark | mark range are decreased by one octave as a whole)
- 【网站架构】一招搞定90%的分布式事务,实打实介绍数据库事务、分布式事务的工作原理应用场景
- Vhost kick & call principle
猜你喜欢
Principle and process of embossing
How to check ad user information?
Learn reptiles for a month and earn 6000 a month? Tell you the truth about the reptile, netizen: I wish I had known it earlier
The Windows C disk is full
【网站架构】一招搞定90%的分布式事务,实打实介绍数据库事务、分布式事务的工作原理应用场景
【无标题】
使用threejs简单Web3D效果
IMDB practice of emotion classification (simplernn, LSTM, Gru)
Five combination boxing, solving six difficult problems on campus and escorting the construction of educational informatization
Gru of RNN
随机推荐
Teach you how to apply for domestic trademark online step by step
谈谈数字化转型的几个关键问题
Anddroid 文本合成语音TTS实现
Aardio - 自己构造的getIconHandle的方法
【力扣10天SQL入门】Day9 控制流
base64
Analysis of slice capacity expansion mechanism
Office365 - how to use stream app to watch offline files at any time
Lm08 mesh series mesh inversion (fine)
Access report realizes subtotal function
[getting started] extract non repeating integers
Connect timed out of database connection
Insufficient executors to build thread pool
Gru of RNN
[untitled]
The difference between interceptors and filters
Li Kou daily question - Day 32 -1822 Symbol of array element product
Li Kou daily question - day 31 -202 Happy number
Transaction method call @transactional
Why some people earn nearly 10billion a year, while others earn 3000 a month: the details you ignore actually make the most money