我可以用来测试页面输入的XSS示例? [英] Examples of XSS that I can use to test my page input?
问题描述
我遇到过XSS问题。具体来说,我有个人注入JS警报,显示我的输入有漏洞。我已经对XSS进行过研究并找到了例子,但由于某些原因我不能让它们起作用。
I have had issues with XSS. Specifically I had an individual inject JS alert showing that the my input had vulnerabilities. I have done research on XSS and found examples but for some reason I can't get them to work.
我可以得到我可以抛出的XSS示例吗?在我的输入中,当我将其输出回用户时,会看到某种变化,如警报,知道它是易受攻击的?
Can I get example(s) of XSS that I can throw into my input and when I output it back to the user see some sort of change like an alert to know it's vulnerable?
我正在使用PHP而且我要去实现htmlspecialchars(),但我首先尝试重现这些漏洞。
I'm using PHP and I am going to implement htmlspecialchars() but I first am trying to reproduce these vulnerabilities.
谢谢!
推荐答案
你可以使用这个firefox插件:
You can use this firefox addon:
- XSS Me
XSS-Me是Exploit-Me工具,用于测试反映的跨站点
脚本(XSS)。它目前不测试存储的XSS。
XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.
工具通过提交HTML表单并用表格
替换为具有代表性的字符串来工作XSS攻击如果
生成的HTML页面设置了特定的JavaScript值
(document.vulnerable = true),那么该工具会将该页面标记为给定XSS字符串的易受攻击的
。该工具不会试图破坏
给定系统的安全性。它会针对系统攻击寻找可能的入口点
。
工具没有端口扫描,数据包
嗅探,密码破解或防火墙攻击。
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. If the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string. The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.
你可以想到完成的工作该工具与该网站的
QA测试人员一样,手动将所有这些字符串输入
表格字段。
You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
这篇关于我可以用来测试页面输入的XSS示例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
