当前位置:theitroad>在没有脚本标签的情况下为 XSS 执行 JavaScript

在没有脚本标签的情况下为 XSS 执行 JavaScript

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/37435077/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-23 20:19:47  来源:igfitidea点击:

Execute JavaScript for XSS without script tags

javascripthtmlsecurityxss

提问by BillyBob

I am learning about XSS (for ethical purposes), and I was wondering how to execute some JavaScript code without using <script>tags. This is within the

我正在学习 XSS(出于道德目的),我想知道如何在不使用<script>标签的情况下执行一些 JavaScript 代码。这是在

HTML tag:

HTML 标签:

"The search term" <p> *JavaScript here* </p> "returned no results"

For some reason, the script tags are not working.

出于某种原因,脚本标签不起作用。

采纳答案by nv1t

  1. Try putting in different types of strings with special characters and look if any of these get encoded or outputed. (I personaly use '';!--"<XSS>=&{()})
  2. Now you have three options:
    1. Inside a HTML Tag:The <>won't matter, because you are already inside a HTML Tag. You can look if this Tag supports Events and use some kind of onload=alert(1)or other event. If <>is allowed, you can break out and create your own tag '><img src=0 onerror=alert(1)>
    2. Outside of HTML Tag:the <>are important. With these you can open a new Tag and the whole world is below your feet (or so...)
    3. Inside Javascript:Well...if you can break out of a string with '", then you can basically write ';alert(1)
  3. Craft your XSS accordingly to your encoded characters and the surrounding of where the string get's outputed
  1. 尝试放入具有特殊字符的不同类型的字符串,并查看这些字符串中的任何一个是否被编码或输出。(我个人使用'';!--"<XSS>=&{()}
  2. 现在你有三个选择:
    1. 在 HTML 标签内:<>无关紧要,因为您已经在 HTML 标签内。您可以查看此标签是否支持事件并使用某种onload=alert(1)或其他事件。如果<>允许,您可以突破并创建自己的标签'><img src=0 onerror=alert(1)>
    2. HTML标签之外:<>是很重要的。有了这些,您可以打开一个新标签,整个世界都在您的脚下(或者……)
    3. Javascript 内部:嗯……如果你能用 打破一个字符串'",那么你基本上可以写';alert(1)
  3. 根据您的编码字符和字符串输出位置的周围来制作 XSS

<XSS>disappears entirely:the application uses some kind of strip_tags. If you are outside of a HTML Tag and no HTML Tags are whitelisted, I unfortunatly don't know any method to achieve an XSS.

<XSS>完全消失:应用程序使用某种strip_tags. 如果你在 HTML 标签之外并且没有 HTML 标签被列入白名单,很遗憾我不知道任何实现 XSS 的方法。

Crafting your own payload

制作你自己的有效载荷

There are various methods to achieve this and too much to name them all. Look on these two sites, which have a lot of the methods and concept to construct your own. It comes down to: What the page allows to go through.

有多种方法可以实现这一点,而且无法一一列举。看看这两个网站,它们有很多方法和概念来构建你自己的。归结为:页面允许通过的内容。

  1. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator_.28short.29
  2. https://html5sec.org/
  1. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator_.28short.29
  2. https://html5sec.org/

回答by Bubble Hacker

You can use the onclickattribute that is presented in HTML elements so you can create something like this:

您可以使用onclickHTML 元素中显示的属性,这样您就可以创建如下内容:

"The search term" <p> <a href="" onclick="alert('I excuted JavaScript!');">Click me to see the JavaScript work!</a> </p> "returned no results"

Now when clicking on the element the JavaScript will be executed.

现在,当单击元素时,将执行 JavaScript。

相关推荐

在 JavaScript 中,从 switch 语句返回是否被认为是比使用 break 更好的做法?

在 JavaScript 中,从 switch 语句返回是否被认为是比使用 break 更好的做法?

Javascript Node.js ES6 如何从模块导出类?

Javascript Node.js ES6 如何从模块导出类?

Javascript Jquery图像叠加?

Javascript Jquery图像叠加?

Javascript 如何隐藏手机浏览器的地址栏?

Javascript 如何隐藏手机浏览器的地址栏?

相关推荐
最近更新
标签