其他分享
首页 > 其他分享> > Portswigger-web-security-academy:reflected_xss

Portswigger-web-security-academy:reflected_xss

作者:互联网

reflected xss

目录

Reflected XSS into HTML context with nothing encoded

Reflected XSS into HTML context with most tags and attributes blocked

Reflected XSS into HTML context with all tags blocked except custom ones

Reflected XSS with event handlers and href attributes blocked

Reflected XSS with some SVG markup allowed

Reflected XSS into attribute with angle brackets HTML-encoded

Reflected XSS into a JavaScript string with single quote and backslash escaped

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Reflected XSS in a JavaScript URL with some characters blocked

Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Reflected XSS with AngularJS sandbox escape without strings

Reflected XSS with AngularJS sandbox escape and CSP

Reflected XSS protected by CSP, with dangling markup attack

Reflected XSS protected by very strict CSP, with dangling markup attack

暂留

Reflected XSS protected by CSP, with CSP bypass

暂留

​ 笔者水平有限,如果所述有错误,欢迎指正交流。


  1. https://xz.aliyun.com/t/7612 ↩︎

  2. https://www.freebuf.com/articles/network/147951.html ↩︎

标签:XSS,函数,web,academy,alert,标签,xss,payload
来源: https://www.cnblogs.com/R3col/p/12989789.html