- 1. XSS (Reflected) Low level
The most basic test, enter <script>alert(1)</script> in the input box and the following effect will appear on the page
The result we expect shows that there is an xss reflection vulnerability
- 2. XSS (Reflected) medium level
Also use the above method to test and find that the page does not have the expected results, and then change to another method,
Through the output content, it can be found that the previously entered <script> is not displayed. The guess is likely to be filtered out. Since the code can only be filtered once when it is executed, use this feature to enter <scr<script> in the input box. ipt>alert(1)</scr</script>ipt>
At this time, I found that it was still not possible, and then press F12 to check the elements at Hello and find interesting things.
At this time, I finally understood, only filtered the front and not the latter, so enter <scr<script>ipt>alert(1)</script> in the input box, and the expected effect finally appeared.
- 3. XSS (Reflected) High level
This time, I still follow the process, first enter <script>alert(1)</script>, the following strange phenomenon occurs, and there is less information than the previous one.
Then start to use the capitalization method to bypass and try, and find that it does not work. The guess may directly filter out the entire statement. At this time, another way is to use the img tag (of course other tags can also be used), in the input box Enter <img src=a onclick=alert(1)/> and find that this method can actually work
ß-------------------------I am the dividing line-------------------- ------à
- Xss Challenge 1
Given such a scene, I looked everywhere and found that there was no input box. This is because it was considered that the parameter of the get type might be passed, and I found the clue when I looked at the address bar.
Start the test: first modify the test here to <script>alert(1)</script>, an incredible picture appears
change browser,
emmm... It's really easy to change browsers.
- Xss Challenge 2
At a glance, it can be judged that it is a post type. The old method, enter in the input box and the following situation occurs, indicating that it was unsuccessful
At this time, I went to view the element and found that the previously entered content appeared in the value
At this time, it is necessary to find a way to isolate the input content so that it can be executed, because the string cannot be run. There are many methods here. What I use is to construct a new tag, close the previous tag first, and enter "> <script>alert(1)</script> in the input box
- Xss Challenge 3
This time, I learned to be smart and check the source code first to see if there is any special code
Careful people will find that there are single quotes here, pits.
Using the idea of the above question to input ' > <script>alert(1)</script> and encountering a pit, it does not work. I still check the source code and find that the other party has escaped the angle brackets. At this time, I thought of another method. , do not construct a new label, directly manipulate this label, use events to bypass, enter ' onfocus=alert(1) ', and finally succeed!
- Xss Challenge 4
View the source code and the second question has the same situation, enter " onclick=alert(1) in the input box and it is a one-time success.
- XSS Challenge 5
The same view of the source code has the same situation as the second question,
Use the method of the second question to test, fail to view the source code and see that the script here has been manipulated
Switch to the method of the third question and find that onclick has also been manipulated.
At this time, try using a mix of upper and lower case. It doesn't seem to work. Now script and events can't be used. Try another method <iframe src=javascript:alert(1);> Success
- XSS Challenge 6
There is also the case of the fifth question, first try to mix upper and lower case, I did not expect a one-time success" Onclick=alert(1) >
