Home > Web Front-end > JS Tutorial > About cross-site scripting attacks_javascript skills

About cross-site scripting attacks_javascript skills

WBOY
Release: 2016-05-16 17:57:53
Original
1176 people have browsed it

A general attack is to write a script to see if it can be executed, and then you can determine whether it is an attack. For example, if I write
, and then see if it can be executed when the page is loaded, that's it. So far, this code will not be executed on ordinary websites, but what about another way?

For example,
, there are probably a few websites that implement it, and everyone knows it.
Let’s look at a more obscene test example, '';!--"
=&{()}, this is a good example to test whether there will be xxs, try again and see how many websites there are If you can resist, here is an example I wrote casually, and then tested a few websites to see,
Source code: '';!--";eval('alert('What the hell is going on with you uncle? ! ')');"
SS>=&{()}, and then try taking a screenshot (no malicious intent, just testing!): <script> alert("执行了我了哦!!!"); </script><script>alert(String.fromCharCode(88,83,83))</script>http://search.360buy.com/Search? book=y&keyword=1

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template