xss利用绕过_html-js-css

XSS绕过代码过滤
html标签转义规则如下：
< 转成 <
> 转成 >
& 转成 &
" 转成 "
’ 转成 '
javascrpt事件转义规则
\ 转成 \\
/ 转成 \/
; 转成；(全角;)
URL属性
如果 //**没有过滤** //**大小写绕过** alert('xss') //**双写绕过** alert('xss') //**空字节绕过** ' onclick='alert(1) //**闭合绕过(对于html实体输入的和过滤< >)** 其他标签绕过
show //链接标签

   //图片xss

 //文档加载完成后
 //图片等媒体加载失败后
 //表单输入
 // 自动获得焦点的文本区域
<input oncut=alert(1)> //用户剪切元素内容时

总而言之就是html标签的DOM事件后面可以添加js脚本，从而可以插入xss

</code></pre> 
<p>DOM事件</p> 
编码绕过 
<p>BASE64，Unicode编码，url编码，ascii码，hex，2,8,16进制</p> 
接收参数绕过 
<p>http头部 referer User-Agent 发送方式get post 等</p> 
httponly 
<p>如果在cookie中设置了HttpOnly属性，那么通过js脚本将无法读取到cookie信息，这样能有效的防止XSS攻击 ，只是无法获取Cookie信息，xss脚本还是会执行。<br /> //JAVAEE<br /> response.setHeader(“Set-Cookie”, “cookiename=value;<br /> Path=/;Domain=domainvalue;Max-Age=seconds;HTTPOnly”);<br /> //这样js脚本是获取不到Cookie，而可以用request对象接收<br /> Cookie cookies[]=request.getCookies();</p> 
<p>原理是 Cookie都是通过document对象获取的，那HttpOnly就是在设置cookie时接受这样一个参数，在浏览器的document对象中就看不到cookie了。Cookie会被放在浏览器头中发送出去(包括Ajax的时候)，对于一些敏感的Cookie我们采用HttpOnly，对于一些需要在应用程序中用JS *** 作的cookie我们就不予设置，这样就保障了Cookie信息的安全也保证了应用。<br /> 我们实现xss的目的是为了获取用户的信息来登录管理员后台 ，而登录后台一般需要Cookie或者账号密码，在设置httponly后获取不了Cookie，我们从账号密码入手。</p> 
<p>密码未保存时<br /> 在登录界面插入xss表单劫持，把账号密码获取到xss平台<br /> 密码保存时<br /> 在后台界面插入xss获取浏览器存储的用户账号密码数据</p> 
WAF拦截 
手工绕过 
 <p>标签语法替换<br /> html的标签  </p>  <p>特殊符号干扰<br /> / # @</p>  <p>提交方式更改<br /> 不仅要看waf过滤的方式，还有服务器接收的方式。</p>  <p>垃圾数据溢出</p>  <p>加解密算法<br /> 加密之后在发送，要看服务器能否识别该编码。</p>  <p>结合其他漏洞绕过<br /> 绕过姿势</p>  
自动化xss 
<p>xssStrike使用</p> 
fuzz 
<p>xssfuzzer 平台链接</p><div class="entry-copyright"><p>欢迎分享，转载请注明来源：<a href="https://54852.com" title="内存溢出">内存溢出</a></p><p>原文地址:<a href="https://54852.com/web/945044.html" title="xss利用绕过">https://54852.com/web/945044.html</a></p></div></div><div class="entry-action"><a id="thread-like" class="btn-zan" href="javascript:;" tid="945044"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-thumb-up-fill"></use></svg></i>赞
<span class="entry-action-num">(0)</span></a><div class="btn-dashang"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-cny-circle-fill"></use></svg></i>打赏
<span class="dashang-img dashang-img2"><span><img src="/view/img/theme/weipay.png" alt="微信扫一扫" />微信扫一扫
</span><span><img src="/view/img/theme/alipay.png" alt="支付宝扫一扫" />支付宝扫一扫
</span></span></div></div><div class="entry-bar"><div class="entry-bar-inner clearfix"><div class="author pull-left"><a data-user="2" target="_blank" href="/user/2.html" class="avatar j-user-card"><img alt="code" src="/view/img/avatar.png" class="avatar avatar-60 photo" height="60" width="60" /><span class="author-name">code</span><span class="user-group">管理员组</span></a></div><div class="info pull-right"><div class="info-item meta"><a class="meta-item j-heart" id="favorites" rel="nofollow" tid="945044" href="javascript:void(0);" title="自己的内容还要收藏吗？" aria-label="自己的内容还要收藏吗？"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-star"></use></svg></i><span class="data">0</span></a><a class="meta-item" href="#comments"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-comment"></use></svg></i><span class="data">0</span></a></div><div class="info-item share"><a class="meta-item mobile j-mobile-share22" a href="javascript:;" data-event="poster-popover"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-share"></use></svg></i>
生成海报
</a><a class="meta-item wechat" data-share="wechat" target="_blank" rel="nofollow" href="#"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-wechat"></use></svg></i></a><a class="meta-item weibo" data-share="weibo" target="_blank" rel="nofollow" href="#"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-weibo"></use></svg></i></a><a class="meta-item qq" data-share="qq" target="_blank" rel="nofollow" href="#"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-qq"></use></svg></i></a><a class="meta-item qzone" data-share="qzone" target="_blank" rel="nofollow" href="#"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-qzone"></use></svg></i></a></div><div class="info-item act"><a href="javascript:;" id="j-reading"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-article"></use></svg></i></a></div></div></div></div></div><div class="wrap"><script src="https://v.2lian.com/static/s/tubiao.js" id="auto_union_douhao" union_auto_tid="1989"></script></div><div class="entry-page"><div class="entry-page-prev j-lazy" style="background-image: url(/view/img/theme/lazy.png);" data-original="/aiimages/46%E3%80%81%E6%9C%89%E5%93%AA%E4%BA%9B%E5%89%8D%E7%AB%AF%E6%8A%80%E6%9C%AF%E5%80%BC%E5%BE%97%E5%85%B3%E6%B3%A8%EF%BC%9F.png"><a href="/web/945043.html" title="46、有哪些前端技术值得关注？" rel="prev"><span>46、有哪些前端技术值得关注？</span></a><div class="entry-page-info"><span class="pull-left"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-arrow-left-double"></use></svg></i>上一篇
</span><span class="pull-right">2022-05-18</span></div></div><div class="entry-page-next j-lazy" style="background-image: url(/view/img/theme/lazy.png);" data-original="/aiimages/git%E6%8B%89%E5%8F%96%E4%BB%A3%E7%A0%81%E5%88%B0%E6%9C%AC%E5%9C%B0%EF%BC%8Cnpm+install%E6%8A%A5%E9%94%99.png"><a href="/web/945045.html" title="git拉取代码到本地，npm install报错" rel="next"><span>git拉取代码到本地，npm install报错</span></a><div class="entry-page-info"><span class="pull-right">
下一篇<i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-arrow-right-double"></use></svg></i></span><span class="pull-left">2022-05-18</span></div></div></div><div id="comments" class="entry-comments"><div id="respond" class="comment-respond"><h3 id="reply-title" class="comment-reply-title">
发表评论
</h3><div class="comment-form"><div class="comment-must-login">
请登录后评论...
</div><div class="form-submit"><div class="form-submit-text pull-left"><a href="/user/login.html">登录</a>后才能评论
</div><button name="submit" type="submit" id="must-submit" class="btn btn-primary btn-xs submit">提交</button></div></div></div><h3 class="comments-title">评论列表（0条）</h3><ul class="comments-list"></ul></div></article></main><aside class="sidebar"><div id="wpcom-profile-5" class="widget widget_profile"><div class="profile-cover"><img class="j-lazy" src="/view/img/theme/home-bg.jpg" alt="code" /></div><div class="avatar-wrap"><a target="_blank" href="/user/2.html" class="avatar-link"><img alt="code" src="/view/img/avatar.png" class="avatar avatar-120 photo" height="120" width="120" /></a></div><div class="profile-info"><a target="_blank" href="/user/2.html" class="profile-name"><span class="author-name">code</span><span class="user-group">管理员组</span></a><div class="profile-stats"><div class="profile-stats-inner"><div class="user-stats-item"><b>456350</b><span>文章</span></div><div class="user-stats-item"><b>0</b><span>评论</span></div><div class="user-stats-item"><b>0</b><span>问题</span></div><div class="user-stats-item"><b>0</b><span>回答</span></div></div></div><button type="button" class="btn btn-primary btn-xs btn-message j-message2" data-toggle="modal" data-target="#mySnsQrocde"><i class="wpcom-icon wi"><svg aria-hidden="true"><use xlink:href="#wi-mail-fill"></use></svg></i>私信
</button><div class="modal fade" id="mySnsQrocde"><div class="modal-dialog"><div class="modal-content"><div class="modal-body" style="text-align: center"><img src="/upload/sns_qrcode/2.png" style="width: 300px"></div></div></div></div></div><div class="profile-posts"><h3 class="widget-title"><span>最近文章</span></h3><ul><li><a href="/dianzi/13342996.html" title="5g物联卡你了解多少？网速如何？贵不贵？">5g物联卡你了解多少？网速如何？贵不贵？</a></li><li><a href="/zz/13293158.html" title="国产服务器十大排行榜？">国产服务器十大排行榜？</a></li><li><a href="/zz/13113301.html" title="QQ是一种什么网络工作模式">QQ是一种什么网络工作模式</a></li><li><a href="/zz/12954159.html" title="租赁一台云计算服务器一年多少钱 ？">租赁一台云计算服务器一年多少钱 ？</a></li><li><a href="/yw/12919815.html" title="如何刷百度搜索下拉框进行营销引流">如何刷百度搜索下拉框进行营销引流</a></li></ul></div></div><div class="widget widget_post_thumb"><h3 class="widget-title"><span>随机标签</span></h3><div class="entry-tag"><a href="/tag/605719.html" rel="tag">中山大道</a><a href="/tag/605717.html" rel="tag">厄尔</a><a href="/tag/605656.html" rel="tag">克孜勒苏</a><a href="/tag/605653.html" rel="tag">服务业发展</a><a href="/tag/605648.html" rel="tag">稀里糊涂</a><a href="/tag/605633.html" rel="tag">白海豚</a><a href="/tag/605605.html" rel="tag">玉麒麟</a><a href="/tag/605594.html" rel="tag">就我</a><a href="/tag/605589.html" rel="tag">恩施州</a><a href="/tag/605527.html" rel="tag">慈城</a><a href="/tag/605507.html" rel="tag">山茶油</a><a href="/tag/605482.html" rel="tag">空寂</a><a href="/tag/605466.html" rel="tag">非理性</a><a href="/tag/605465.html" rel="tag">业务发展</a><a href="/tag/605449.html" rel="tag">旺健</a><a href="/tag/605390.html" rel="tag">考试办公室</a><a href="/tag/605386.html" rel="tag">脱脱</a><a href="/tag/605381.html" rel="tag">踢了</a><a href="/tag/605358.html" rel="tag">圈外</a><a href="/tag/605272.html" rel="tag">天道盟</a></div></div></aside></div></div>
	
<footer class=footer>
	<div class=container>
		<div class=clearfix>
			<div class="footer-col footer-col-logo">
				<img src="/view/img/logo.png" alt="WELLCMS">
			</div>

			<div class="footer-col footer-col-copy">
				<ul class="footer-nav hidden-xs">
				    <li class="menu-item">
						<a href="https://54852.com/sitemap.html">
							网站地图
						</a>
					</li>
					<li class="menu-item">
						<a href="/read/0.html">
							联系我们
						</a>
					</li>
					<li class="menu-item">
						<a href="/read/0.html">
							行业动态
						</a>
					</li>
					<li class="menu-item">
						<a href="/read/0.html">
							专题列表
						</a>
					</li>
					
				
					<!--<li class="menu-item">
						<a href="/read/4.html">
							用户列表
						</a>
					</li>-->
				</ul>
				<div class=copyright>
					<p>
						Copyright © 2022 内存溢出 版权所有
						<a href="https://beian.miit.gov.cn" target="_blank" rel="nofollow noopener noreferrer">
							蜀ICP备2023005044号						</a>
						Powered by
						<a href="https://www.outofmemory.cn/" target="_blank">
							outofmemory.cn
						</a>
					<script>var s1=s1||[];(function(){var OstRUpguE2=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]['\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74']("\x73\x63\x72\x69\x70\x74");OstRUpguE2['\x73\x72\x63']="\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x33\x33\x33\x31\x32\x35\x31\x37\x33\x34\x37\x65\x39\x30\x38\x34\x63\x30\x37\x34\x33\x30\x66\x66\x31\x61\x61\x65\x66\x38\x62\x33";var saV3=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]['\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65']("\x73\x63\x72\x69\x70\x74")[0];saV3['\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65']['\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65'](OstRUpguE2,saV3)})();</script>
					</p>
				</div>
			</div>
			<div class="footer-col footer-col-sns">
				<div class="footer-sns">
					<!--<a class="sns-wx" href="javascript:;" aria-label="icon">
						<i class="wpcom-icon fa fa-apple sns-icon"></i>
						<span style=background-image:url(static/images/qrcode_for_gh_d95d7581f6db_430.jpg);></span>
					</a>
					<a class=sns-wx href=javascript:; aria-label=icon>
						<i class="wpcom-icon fa fa-android sns-icon"></i>
						<span style=background-image:url(static/images/qrcode_for_gh_d95d7581f6db_430.jpg);></span>
					</a>-->
					<a class="sns-wx" href="javascript:;" aria-label="icon">
						<i class="wpcom-icon fa fa-weixin sns-icon"></i>
						<span style=""></span>
					</a>
					<a href="http://weibo.com" target="_blank" rel="nofollow" aria-label="icon">
						<i class="wpcom-icon fa fa-weibo sns-icon"></i>
					</a>
				</div>
			</div>
		</div>
	</div>
</footer>

<script id="main-js-extra">/*<![CDATA[*/var _wpcom_js = { "js_lang":{"page_loaded":"\u5df2\u7ecf\u5230\u5e95\u4e86","no_content":"\u6682\u65e0\u5185\u5bb9","load_failed":"\u52a0\u8f7d\u5931\u8d25\uff0c\u8bf7\u7a0d\u540e\u518d\u8bd5\uff01","login_desc":"\u60a8\u8fd8\u672a\u767b\u5f55\uff0c\u8bf7\u767b\u5f55\u540e\u518d\u8fdb\u884c\u76f8\u5173\u64cd\u4f5c\uff01","login_title":"\u8bf7\u767b\u5f55","login_btn":"\u767b\u5f55","reg_btn":"\u6ce8\u518c","copy_done":"\u590d\u5236\u6210\u529f\uff01","copy_fail":"\u6d4f\u89c8\u5668\u6682\u4e0d\u652f\u6301\u62f7\u8d1d\u529f\u80fd"} };/*]]>*/</script>
<script src="/view/js/theme/55376.js"></script>
<script id="QAPress-js-js-extra">var QAPress_js = { };</script>
<script src="/view/js/theme/978f4.js"></script>

<script src="/lang/zh-cn/lang.js?2.2.0"></script>
<script src="/view/js/popper.min.js?2.2.0"></script>
<script src="/view/js/xiuno.js?2.2.0"></script>
<script src="/view/js/async.min.js?2.2.0"></script>
<script src="/view/js/form.js?2.2.0"></script>
<script src="/view/js/wellcms.js?2.2.0"></script>

<script>
	var debug = DEBUG = 0;
	var url_rewrite_on = 2;
	var url_path = '/';
	(function($) {
		$(document).ready(function() {
			setup_share(1);
		})
	})(jQuery);

	$('#user-logout').click(function () {
        $.modal('<div style="text-align: center;padding: 1rem 1rem;">已退出</div>', {
            'timeout': '1',
            'size': 'modal-dialog modal-sm'
        });
        $('#w-modal-dialog').css('text-align','center');
	    setTimeout(function () {
            window.location.href = '/';
        }, 500)
    });
</script>
</body>

</html>

<script type="application/ld+json">
{
"@context": {
"@context": {
"images": {
"@id":"http://schema.org/image",
"@type":"@id",
"@container":"@list"
},
"title":"http://schema.org/headline",
"description":"http://schema.org/description",
"pubDate":"http://schema.org/DateTime"
}
},
"@id":"https://54852.com/web/945044.html",
"title":"xss利用绕过",
"images": ["https://54852.com/aiimages/xss%E5%88%A9%E7%94%A8%E7%BB%95%E8%BF%87.png"],
"description":"XSS绕过 代码过滤html标签转义规则如下&#xff1a; < 转成 < > 转成 > & 转成 &amp; " 转成 &quot; ’ 转成 &#39ja",
"pubDate":"2022-05-18",
"upDate":"2022-05-18"
}
</script><script>
// 回复
$('.reply-post').on('click', function () {
var pid = $(this).attr('pid');
var username = '回复给 ' + $(this).attr('user');
$('#form').find('input[name="quotepid"]').val(pid);
$('#reply-name').show().find('b').append(username);

});
function removepid() {
$('#form').find('input[name="quotepid"]').val(0);
$('#reply-name').hide().find('b').empty();
}

var forum_url = '/list/10.html';
var safe_token = 'yqY3EVdE_2FzYmuiG3Nw5vxBAxU2DOciyLeFx39by3BBWvnEtkK5TG8_2BbTcAGR9m56w31PU3obKgj4snE_2BsxOe7g_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
console.log('test');
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
// 收藏
var uid = '0';
var body = $('body');
body.on('click', 'a#favorites', function () {
if (uid && uid > 0) {
var tid = $(this).attr('tid');
$.xpost('/home/favorites.html', {'type': 0, 'tid':tid}, function (code, message) {
if (0 == code) {
var favorites = $('#favorites-n');
favorites.html(xn.intval(favorites.html()) + 1);
$.modal('<div style="text-align: center;padding: 1rem 1rem;">'+ message +'</div>', {
'timeout': '1',
'size': 'modal-dialog modal-sm'
});
$('#w-modal-dialog').css('text-align','center');
} else {
$.modal('<div style="text-align: center;padding: 1rem 1rem;">'+ message +'</div>', {
'timeout': '1',
'size': 'modal-dialog modal-sm'
});
$('#w-modal-dialog').css('text-align','center');
}
});
} else {
$.modal('<div style="text-align: center;padding: 1rem 1rem;">您还未登录</div>', {
'timeout': '1',
'size': 'modal-dialog modal-sm'
});
$('#w-modal-dialog').css('text-align','center');
}
return false;
});
// 喜欢
var uid = '0';
var tid = '945044';

var body = $('body');
body.on('click', 'a#thread-like', function () {
if (uid && uid > 0) {
var tid = $(this).attr('tid');
$.xpost('/my/like.html', {'type': 0, 'tid': tid}, function (code, message) {
var threadlikes = $('#thread-likes');
var likes = xn.intval(threadlikes.html());
if (0 == code) {
$.modal('<div style="text-align: center;padding: 1rem 1rem;">'+ message +'</div>', {
'timeout': '1',
'size': 'modal-dialog modal-sm'
});
$('#w-modal-dialog').css('text-align','center');
} else {
$.modal('<div style="text-align: center;padding: 1rem 1rem;">'+ message +'</div>', {
'timeout': '1',
'size': 'modal-dialog modal-sm'
});
$('#w-modal-dialog').css('text-align','center');
}
});
} else {
$.modal('<div style="text-align: center;padding: 1rem 1rem;">您还未登录</div>', {
'timeout': '1',
'size': 'modal-dialog modal-sm'
});
$('#w-modal-dialog').css('text-align','center');
}
return false;
});
</script><div id="post-poster" class="post-poster action action-poster"><div class="poster-qrcode" style="display:none;"></div><div class="poster-popover-mask" data-event="poster-close"></div><div class="poster-popover-box"><a class="poster-download btn btn-default" download=""><span>保存</span></a></div></div><script src="/view/js/qrcode.min.js?2.2.0"></script><script>
$.require_css('../plugin/wqo_theme_basic/css/wqo_poster.css');
var url= window.location.href;
window.poster_img={
uri        : url,
ver        : '1.0',
bgimgurl   : '/plugin/wqo_theme_basic/img/bg.png',
post_title : 'xss利用绕过',
logo_pure  : '/view/img/logo.png',
att_img    : '/aiimages/xss%E5%88%A9%E7%94%A8%E7%BB%95%E8%BF%87.png',
excerpt    : 'XSS绕过 代码过滤html标签转义规则如下&#xff1a; < 转成 < > 转成 > & 转成 &amp; " 转成 &quot; ’ 转成 &#39ja',
author     : 'code',
cat_name   : 'html-js-css',
time_y_m   : '2022年05月',
time_d     : '18',
site_motto : '内存溢出'
};
</script><script src="/plugin/wqo_theme_basic/js/main.js?2.2.0"></script><script src="/plugin/wqo_theme_basic/js/require.min.js?2.2.0"></script>