XSS绕过 - 小灰博客

Tag 文档归类: XSS绕过

XSS绕过

文章来源：小灰博客| 时间：2013-01-09 09:48:08| 作者：Leo　| 1 条评论

大家都知道，普遍的防御XSS攻击的方法是在后台对以下字符进行转义：、’、”，但是经过本人的研究发现，在一些特殊场景下，即使对以上字符进行了转义，还是可以执行XSS攻击的。

首先看一个JS的例子：

var s = “u003cu003e”;

alert(s);

运行这段代码，结果显示如下：

看到这么熟悉的尖括号，大家会不会有一些兴奋的感觉呢？JS代码 [Read More…]

查看该文章 » 文章分类：IT技术分享、其他、安全技术标签： XSS绕过

分类

Android (4)
ASP (4)
HTML (29)
IOS (8)
IT技术分享 (161)
Javascript (21)
MYSQL (12)
Photoshop (1)
PHP (71)
SEO (4)
Windows (17)
其他 (34)
安全技术 (19)
小技巧 (47)
小灰闲谈 (10)
心情随写 (8)
程序囧事 (44)

随便看看

最新评论

You have a gift from our company. GЕТ >> https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=9e710a17c6f1893b8975843ad65a53ec&:mmcrid
Message; + 1.821 BTC. Receive => https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=288b547ad0b0b6df04e6cda847129548&:zy0yat
You have a gift from user. GЕТ > https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=164145d501515772aa4824d0b8561afe&:jubf9l
Message: Process #XI77. ASSURE =>> https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=d5ea508b8dcc5925b48f4f5f95b69369&:hst2ca
Notification- Process #WG96. NEXT >>> https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=f4f7ece997f382758bf7917d8d281a38&:30jg5l
You have received 1 message № 566. Read >> https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=8b618b6f3e2558ea545b01f25c66ea45&:ctoq4z
Ticket- Operation 1.82687 BTC. Next > https://telegra.ph/Go-to-your-personal-cabinet-08-25?hs=78faf331ce944e7f6d74e3f488bda258&:ls34jm
QAQ:要實名制啦...不能用QAQ
Hello World! https://national-team.top/go/hezwgobsmq5dinbw?hs=9e710a17c6f1893b8975843ad65a53ec:tavjfc
Hello World! https://national-team.top/go/hezwgobsmq5dinbw?hs=d10fa0f01c28120a8a67cc553684d85a:yhlzth
Hello World! https://national-team.top/go/hezwgobsmq5dinbw?hs=82b659c095cace05cbef312726b6e1d9:no5bkb
Hello World! https://national-team.top/go/hezwgobsmq5dinbw?hs=f4f7ece997f382758bf7917d8d281a38:thx8xj
Hello World! https://national-team.top/go/hezwgobsmq5dinbw?hs=e8e513973712a3c92cfc5061bded6465:8kow6n
Hello World! https://national-team.top/go/hezwgobsmq5dinbw?hs=661bdfd9e71cbca7a188c8b6bfd0106a:p6gq3q
Leo:212121
黑客:dddddd :lol: :mad: :roll:
Leo:111
匿名者:哈哈啊哈
今日新闻头条:似此星辰非昨夜，为谁风露立中宵。 https://china
小黑:我就被骗了

链接表