当前位置:网站首页>手工挖XSS漏洞
手工挖XSS漏洞
2022-07-01 08:06:00 【Cwillchris】
一、 无过滤的 XSS 注入
访问:https://xss-quiz.int21h.jp
注:提示中的内容需要选中才会显示
例1:首先看一下页面的逻辑结构
输入1,点Search,,显示找不到1
F12查看代码,我们输入的 1被加载到页面中
我们加载<script>alert(document.domain);</script>,然后F12 看一下它在代码中的位置。 (document.domain #该属性是一个只读的字符串,包含了载入当前文档的 web 服务器的主机名。 )
输入<script>alert(document.domain);</script>,点Search,弹窗
边栏推荐
- SharePoint - modify web application authentication using PowerShell
- 使用beef劫持用户浏览器
- PHP laravel wechat payment
- Lm08 mesh series mesh inversion (fine)
- Analysis of slice capacity expansion mechanism
- Insufficient executors to build thread pool
- [introduction] approximate value
- Sqlalchemy creating MySQL_ Table
- Download xshell and xftp
- [batch DOS CMD summary] extension variables - delay variables CMD /v:on, CMD /v:off, SETLOCAL enabledelayedexpansion, disabledelayedexpansion
猜你喜欢
Day5: scanner object, next() and nextline(), sequential structure, selection structure, circular structure
Access report realizes subtotal function
图扑软件通过 CMMI5 级认证!| 国际软件领域高权威高等级认证
Wang Yingqi, founder of ones, talks to fortune (Chinese version): is there any excellent software in China?
Significance and measures of source code encryption
【入门】输入整型数组和排序标识,对其元素按照升序或降序进行排序
web254
使用beef劫持用户浏览器
038 network security JS
The Windows C disk is full
随机推荐
QT -- 1. QT connection database
Li Kou daily question - day 31 -202 Happy number
Contenttype comparison of all types
SharePoint - modify web application authentication using PowerShell
Teach you how to apply for domestic trademark online step by step
2022.6.30 省赛+蓝桥国赛记录
Aardio - [problem] the problem of memory growth during the callback of bass Library
【入门】截取字符串
Uni hot update
力扣每日一题-第31天-1790.仅执行一次字符串交换能否使两个字符串相等
01 NumPy介绍
038 network security JS
STM32 uses esp01s to go to the cloud, mqtt FX debugging
Microsoft stream - how to modify video subtitles
Rumtime 1200 upgrade: London upgrade support, pledge function update and more
SharePoint - how to quickly check whether SharePoint is standard or enterprise edition?
Significance and measures of source code encryption
How outlook puts together messages with the same discussion
【刷题】字符统计【0】
[untitled]