Catalog

One 、 recommend

Less10（ Find hidden parameters ）

characteristic ：

utilize ：

Less11（Referer The ginseng ）

characteristic ：

utilize ：

Less12（ua The ginseng ）

characteristic ：

utilize ：

Less13（cookie The ginseng ）

characteristic ：

utilize ：

Less14（ No injection ）

characteristic ：

utilize ：

One 、 recommend

【xss shooting range 1-9】 See the box and insert ： closed 、 Filter 、 code 、 Triggering event 、http head 、 label https://blog.csdn.net/qq_53079406/article/details/125829545?spm=1001.2014.3001.5501

【XSS Cross Station collection 】 reflective 、 Storage type 、DOM class XSS principle ; Output in HTML、CSS、Javascript In the code https://blog.csdn.net/qq_53079406/article/details/123694180?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165802668016781818737899%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165802668016781818737899&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-4-123694180-null-null.185^v2^control&utm_term=xss&spm=1018.2226.3001.4450

Less10（ Find hidden parameters ）

characteristic ：

Insert

Look for available parameters

reflective

utilize ：

Insert as soon as you see the parameters , See that there are parameters , insert

<script>alert()</script>

---

Right click on the source

The input content is HTML code

But we also found 3 Hidden parameters

t_link、t_history、t_sort

---

  Assign values to the found parameters

?t_link=1&t_history=1&t_sort=1

Right click on the source  

Find out t_sort=1 The value of is assigned successfully

---

  Yes t_sort Parameter utilization

&t_sort=" οnclick="alert()" type="text"

 

 

 

Less11（Referer The ginseng ）

characteristic ：

Insert

There are filters

There are hidden parameters

towards Referer Parameter passed in

reflective

utilize ：

Insert as soon as you see the parameters , See that there are parameters , insert

<script>alert()</script>

---

 

Right click on the source

The input content is HTML code

But we also found 3 Hidden parameters

t_link、t_history、t_sort、t_ref

---

 

  Assign values to the found parameters

t_link=1&t_history=1&t_sort=1&t_ref=1

Right click on the source  

Find out t_sort=1 The value of is assigned successfully

---

 

  Yes t_sort Parameter utilization

&t_sort=" οnclick="alert()" type="text"

  Did not produce the desired effect

  Right click on the source

  Found filtering

 

---

guess t_ref Abbreviations in ref May be http In the head Referer, Like head injection

open HackBar Of Referer The ginseng

"οnclick="alert(1)"type="text"

effect

  Source code

 

 

 

Less12（ua The ginseng ）

characteristic ：

Insert

There are filters

There are hidden parameters

towards ua Parameter passed in

reflective

utilize ：

Refer to the source code to see the parameters

t_link、t_history、t_sort、t_ua

 

t_ua According to the data in

ua It's worth it http In the head ua（user agent）, Like head injection

open HackBar Of ua Pass on the reference

"οnclick="alert(1)"type="text"

 

effect

  Source code

 ​​​​

 

Less13（cookie The ginseng ）

characteristic ：

Insert

There are filters

There are hidden parameters

towards cookie Parameter passed in

reflective

utilize ：

See source , See the parameters

t_link、t_history、t_sort、t_ua

 

t_cookie In the clear

cookie It's worth it http In the head cookie, Like head injection

open HackBar Of cookie Pass on the reference

"οnclick="alert(1)"type="text"

 

No effect

View source code

It didn't get in

 

---

Use bp try

 ​​​​ Set up the agent , And open

Find out cookie There are also parameters in

Change it to ：

user=" type="text" οnclick=alert() "

  Then send the bag back

---

perhaps

user=" οnclick=alert() type="botton""

 

 

 

Less14（ No injection ）

characteristic ：

Try to iframe In the injection

utilize ：

View source code

Find out iframe Labels and src Attributes may have injection points

  Use bp Grab the bag

Inject fruitless

Jump out later

  No sponsors
ww1.exifviewer.org There are currently no sponsors .