当前位置:网站首页>手工挖XSS漏洞
手工挖XSS漏洞
2022-07-01 08:06:00 【Cwillchris】
一、 无过滤的 XSS 注入
访问:https://xss-quiz.int21h.jp
注:提示中的内容需要选中才会显示
例1:首先看一下页面的逻辑结构
输入1,点Search,,显示找不到1
F12查看代码,我们输入的 1被加载到页面中
我们加载<script>alert(document.domain);</script>,然后F12 看一下它在代码中的位置。 (document.domain #该属性是一个只读的字符串,包含了载入当前文档的 web 服务器的主机名。 )
输入<script>alert(document.domain);</script>,点Search,弹窗
边栏推荐
猜你喜欢
Why some people earn nearly 10billion a year, while others earn 3000 a month: the details you ignore actually make the most money
【入门】提取不重复的整数
Cyclic neural network
Thesis learning -- Analysis and Research on similarity query of hydrological time series
Connect timed out of database connection
Teach you how to apply for domestic trademark online step by step
OJ input and output exercise
Software testing methods and techniques - overview of basic knowledge
window c盘满了
凸印的印刷原理及工艺介绍
随机推荐
slice扩容机制分析
【入门】截取字符串
Android screen adaptation (using constraintlayout), kotlin array sorting
【入门】输入n个整数,输出其中最小的k个
Insufficient executors to build thread pool
Instead of houses, another kind of capital in China is rising
How to check ad user information?
Latex formula code
LM08丨网格系列之网格反转(精)
How to make the two financial transactions faster
empirical study and case study
Implementation and encapsulation of go universal dynamic retry mechanism
STM32 uses esp01s to go to the cloud, mqtt FX debugging
7-26 word length (input and output in the loop)
Scala language learning-07-constructor
How to prevent the other party from saying that he has no money after winning the lawsuit?
力扣每日一题-第31天-1790.仅执行一次字符串交换能否使两个字符串相等
[getting started] input n integers and output the smallest K of them
[force deduction 10 days SQL introduction] Day9 control flow
Learn reptiles for a month and earn 6000 a month? Tell you the truth about the reptile, netizen: I wish I had known it earlier