<html>
<head><title>WebApp.aspx</title></head>
<body bgColor="#ccffff">
<script LANGUAGE="javascript">alert("xss");</script> </body>
</html>
这是一个网页,运行后会弹出XSS对话框。我用<script LANGUAGE="javascript">alert("xss");</script>的编码替换它,
<html>
<head><title>WebApp.aspx</title></head>
<body bgColor="#ccffff">
<script LANGUAGE="javascript">alert("xss");</script>
</body>
</html>
这时网页运行后只是显示<script LANGUAGE="javascript">alert("xss");</script>,而不是运行它。我试了只编码alert("xss");好像也没用,哪位高手知道??
<head><title>WebApp.aspx</title></head>
<body bgColor="#ccffff">
<script LANGUAGE="javascript">alert("xss");</script> </body>
</html>
这是一个网页,运行后会弹出XSS对话框。我用<script LANGUAGE="javascript">alert("xss");</script>的编码替换它,
<html>
<head><title>WebApp.aspx</title></head>
<body bgColor="#ccffff">
<script LANGUAGE="javascript">alert("xss");</script>
</body>
</html>
这时网页运行后只是显示<script LANGUAGE="javascript">alert("xss");</script>,而不是运行它。我试了只编码alert("xss");好像也没用,哪位高手知道??
lz想要什么效果呢?
<head> <title>WebApp.aspx </title>
<script>
function window_onload(){
var str = document.body.innerText;
alert("body中字符串:"+str);
str = str.replace(/<script[^>]*>([^<]*)<\/script>/gi,"$1");
alert("获取js语句:"+str);
eval(str);
}
</script>
</head> <body bgColor="#ccffff" onload="window_onload()">
<script LANGUAGE="javascript">alert("xss");</script>
</body>
</html>
<head> <title>WebApp.aspx </title> </head>
<script>
window.onload=function(){
var s=document.getElementById('dvScript').innerHTML.replace(/</gi,'<').replace(/>/gi,'>');
var code=/<script[^>]*>([\s\S]+?)<\/script>/.exec(s);
if(code)eval(code[1]);//运行代码
}
</script>
<body bgColor="#ccffff">
<div id="dvScript">
<script LANGUAGE="javascript">alert("xss");</script> </script>
</body>
</html>
<html>
<head> <title>WebApp.aspx </title> </head> <body bgColor="#ccffff" onload="window_onload()">
<script language="javascript">
eval('<script LANGUAGE="javascript">alert("xss");</script>')
</script>
</body>
</html>
var oldonload = window.onload;
if (typeof window.onload != 'function') {
window.onload = func;
} else {
window.onload = function() {
if (oldonload) {
oldonload();
}
func();
}
}
}addLoadEvent(nameOfSomeFunctionToRunOnPageLoad);
addLoadEvent(function() {
/* more code to run on page load */
});
document.write('<script LANGUAGE="javascript">alert("xss");</script>'.replace(/&#(x[a-z0-9]+)\;/ig,function($0,$1){return String.fromCharCode('0'+$1)}));
</script>
document.write('<script LANGUAGE="javascript">alert("xss");</script>'.replace(/&#(x[a-z0-9]+)\;/ig,function($0,$1){return String.fromCharCode('0'+$1)}));
</script>