Dead-end construction method

Zero Customer Network SecurityXiao xiaoshuai! Bytes ﹊

1. Disassemble value ..

There are countless xss in the school ..
The simplest example is ......
For example:
<Form action = "post" name = "bloodsword" value = "">
Xxxx
</Form>

Let me use get as an example. If he supports get, it's easy...
Http://xiaonei.com/fuck.do? Bloodsword = bink "onload = alert (/xss /);
In this way. Check the source code and the result is:
<A href = "http://xiaonei.com/back.do" value = "bink" onload = alert (/xss/)>
This is used in get ...... Most of the sites, as long as you carefully look at the name. Some Hidden elements can be found.
This is because quotation marks have not been filtered out.

2. Character Set xss inject
This method depends on the server ...... I'm not sure...
It is also subject to browser restrictions.

For example, FF

Http://xiaonei.com/do.do? Bink = aaa % afalert ("xss ")

3. Create tags with special points for different browsers.

Continue with the example. For example, in IE6 kernel,
This is gone after IE 7 or above. -. -Is this IE backward compatible ......
There are also FF video tags.
IE8 began to support some strange ones, such as the javascript in the title tag of the anchor.

4. self-built bypass.

For more information, see the rich text Bypass Method.

Some programmers know that xss protection is required, but they do not know that they can bypass

You know that you want to prevent events starting with "o". In this way, you will see onload onclick onreadystatechang onmouseover again.

But oolooad
Ooclick... OK ..
It's very simple. You need to look at rich texts in a complicated way.

5. hexadecimal

In some places, programmers filter a lot. When there is almost no such thing, do not try the hexadecimal system. The hexadecimal system is mainly the one that is afraid of being filtered ..

6. src attributes.
This attribute is almost very common. Some websites know that xss is protected, and they think it will be okay if they end with jpg...
For example, yahoo .... Xss in a profile .. ..

7. cookie xss

This is ...... What DOM and what cookies are directly output. It seems that xxxxxx in the cookie is directly read.
FF can change the cookie. Directly write the script to generate the cookie xss... Google appears once.

8. DOM xss
Similar to cookie principles.
Look at baidu xss week, and you will know that DOM is similar to what I wrote earlier ..