标签属性中的XSS
1. 配置Chrome关闭XSS-Auditor
https://xss-quiz.int21h.jp/ 利用XSS过程中会出现下图情况。配置Chrome --args --disable-xss-auditor
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210222202018568.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NjM3MDg1OA==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210222202024169.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NjM3MDg1OA==,size_16,color_FFFFFF,t_70)
2. 属性中的XSS发现
技巧:ctrl+F 搜索特定字符串
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210222202040262.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NjM3MDg1OA==,size_16,color_FFFFFF,t_70)
3. 属性中的XSS闭合引入script
闭合引号 尖括号,引入script脚本
“><script>alert(document.domain);</script>
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210222202144171.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NjM3MDg1OA==,size_16,color_FFFFFF,t_70)
4. 属性中的XSS闭合引入事件
" οnmοuseοver=alert(document.domain)>
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210222202209815.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NjM3MDg1OA==,size_16,color_FFFFFF,t_70)