What does XSS commonly mean by payload? 01/19 Update SLTechnology News&Howtos

What does XSS commonly mean by payload?

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/01 Report--

This article will explain in detail what the common payload of XSS refers to. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Environment: http://xss-quiz.int21h.jp

1. Stage # 1 has no filtering xss vulnerabilities

1. Enter characters casually: 123

2. Enter payload:

II. Xss vulnerability in Stage # 2 attribute

1. Enter payload in the window:

, look at the review element, payload is written in a tag

Or "onmouseover=alert (document.domain) >"

3. Xss vulnerability in Stage # 3 choose list box

1. Click search to grab the package

2. Modify post data and add payload:

, send to repeater,send

4. Hide xss vulnerabilities of submitted parameters

"> 0a

1. Enter characters at will, search, grab the package

2. Add payload,forward after the hidden parameter to view the review element

3. Close the parameter and reconstruct payload: ">

, send the packet, pop up successfully

2. Restructure payload: "onmouseover=" alert (document.domain)

Or ">"

3. Pop up successfully

6. Xss vulnerability in space-separated attributes

1. Enter the characters 111 222 333 casually

3. Construct payload:111 onclick=alert (document.domain) and pop up successfully.

Bypass filtering xss vulnerabilities

1. Enter payload: ">

, censoring elements, domain has been filtered

2. Close payload and modify 100 ">

On event, replaced by onxxx

3. Use pseudo-protocol plus "" to bypass

100 "> xss

Use the IE feature to bypass the filter ", ``can close double quotes

``onmousemove=alert (document.domain)

For IE browsers only

11. Use css feature to bypass filtering ", IE lower version

Background-color:#f00;background:url (_ javascript:alert (document.domain);)

Thirteen, hexadecimal bypass filtering

1. Input

2. Reuse unicode to construct payload:

\\ u003cscript\\ u003ealert (document.domain);\\ u003c/script\\ u003e

About XSS common payload refers to what is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.