[Safety] P 4-26 Storage type XSS gray box test

Others 2021-03-01 04:08:46 views: null

0X01 environment construction
0X02 Directional XSS mining
0X03 blacklist audit
0X04 Bypass filtering and trigger XSS

0X01 environment construction

Use PhpStudy to build a micro community program-ROCBOSS
Insert picture description here

0X02 Directional XSS mining

XSS vulnerabilities can exist in personal data, article publication or comment, etc.
Insert picture description here

The unknown function of publishing articles is entityized by HTML, and XSS cannot be continued

0X03 blacklist audit

The location of the private message is not materialized, and XSS can be performed, but it is filtered by the blacklist.
Insert picture description here

No filtering details and ontaggle

0X04 Bypass filtering and trigger XSS

Known programs filter javascript and construct Payload.

"><details open οntοggle=eval("\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert('xss')")><"

Insert picture description here

Please leave a message if you need source code

Guess you like

Origin blog.csdn.net/Z_David_Z/article/details/113922690

[Safety] P 4-26 Storage type XSS gray box test

bluecms gray box test

Reflection type, storage type XSS exploits

DVWA (seven): XSS (stored) storage-type XSS attacks

DVWA's XSS cross-site scripting attack (storage type)

DVWA shooting range-XSS (DOM type, reflection type, storage type)

4-26

4-26 Notes

Small research - Java Web gray box fuzzing test based on parse tree (2)

Small research - Java Web gray box fuzzing test based on parse tree (1)

Kali penetration testing of DVWA series 5-- storage type XSS (cross site scripting)

Gray-box testing techniques

Safety testing (xss \ csrf attack)

What is black box testing, white box testing, gray box testing?

XSS type of attack and defense

XSS-DOM type

DOM XSS type

Type Security & Safety weak type

JS vue text box to enter and change the content of the test label p

Type safety is very important

8.7.3. Type Safety

Type safety Hashtable

Storage xss stealing cookie experiment

Page gray box centered floating layer effects

Safety, security encrypted storage (oracle)

Once XSS test experience

XSS attacks test code

xss test statement

Gray code P5657

kubernetes safety test

Recommended

Ranking

Goldman: Microsoft is winning the war cloud services

Change admob ids on existing apps

【C++】Introduction to Object-Oriented Programming③ (Process-Oriented Programming Structured Programming Method | Structured Programming Method Concept / Features / Advantages and Disadvantages | Object-Oriented Programming Introduction )

2021-02-26 Luogu P1966 digging landmines-dfs violent search (backtracking method)

jqgrid seleccione todo cancelar una sola fila haga clic en cancelar evento

InstructTTS: Modeling Expressive TTS in Discrete Latent Space with Natural Language Style Prompt

hdu1312 “Red and Black”——DFS与递归的应用

【Linux】孤儿进程、僵死进程和信号

OCRアーティファクト、PDF、数式を変換可能

Linux kernel Tcp performance tuning

Daily

2024-06-04(0)

2024-06-03(1)

2024-06-02(0)

2024-06-01(1)

2024-05-31(1)

2024-05-30(0)

2024-05-29(1)

2024-05-28(1)

2024-05-27(1)

2024-05-26(0)

[Safety] P 4-26 Storage type XSS gray box test

table of Contents

0X01 environment construction

0X02 Directional XSS mining

0X03 blacklist audit

0X04 Bypass filtering and trigger XSS

Guess you like