在没有脚本标记的情况下为XSS执行JavaScript [英] Execute JavaScript for XSS without script tags

问题描述

我正在学习XSS（出于道德目的），我想知道如何在不使用< script> 标签的情况下执行一些JavaScript代码。

 搜索字词< p> * JavaScript here *< / p> 返回没有结果
  

由于某些原因，脚本标记无法使用。

解决方案

1. 尝试将不同类型的字符串放入特殊字符中，并查看是否有任何字符被编码或输出。 （我个人使用'';！ - < XSS> =& {（）} ）


2. 三个选项：
   
   
   
   
   1. 在HTML标记中： <> 无关紧要，因为你已经在HTML标签中了，你可以看看这个标签是否支持事件，并使用某种 onload = alert（1）或其他事件如果允许<> ，你可以创建自己的标签'>< img src = 0 onerror = alert（ 1）>
   
   
   2. HTML标签之外：<>

   3. Javascript内部： ...如果你可以用'打破一个字符串，那么你基本上可以写'; alert（1）
   
   
   4. 根据您的编码字符和字符串get的输出位置来制作您的XSS
   
   

   < XSS> 完全消失：应用程序使用某种 strip_tags 。如果您不在HTML标签之外，并且没有将HTML标签列入白名单，我不知道任何实现XSS的方法。

   
   
   

   制作自己的有效载荷

   
   
   

   有多种方法可以实现这一点，并且可以将它们命名为全部。
   看看这两个网站，它们有很多方法和概念来构建自己的网站。
   归结为：页面允许通过的内容。

   
   
   1. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator_.28short.29
   
   
   2. https://html5sec.org/
   
   

   
   

   I am learning about XSS (for ethical purposes), and I was wondering how to execute some JavaScript code without using <script> tags. This is within the

   HTML tag:

   "The search term" <p> *JavaScript here* </p> "returned no results"
   

   For some reason, the script tags are not working.

   解决方案

   1. Try putting in different types of strings with special characters and look if any of these get encoded or outputed. (I personaly use '';!--"<XSS>=&{()})
   2. Now you have three options:
      1. Inside a HTML Tag: The <> won't matter, because you are already inside a HTML Tag. You can look if this Tag supports Events and use some kind of onload=alert(1) or other event. If <> is allowed, you can break out and create your own tag '><img src=0 onerror=alert(1)>
      2. Outside of HTML Tag: the <> are important. With these you can open a new Tag and the whole world is below your feet (or so...)
      3. Inside Javascript: Well...if you can break out of a string with '", then you can basically write ';alert(1)

   3. Craft your XSS accordingly to your encoded characters and the surrounding of where the string get's outputed

   <XSS> disappears entirely: the application uses some kind of strip_tags . If you are outside of a HTML Tag and no HTML Tags are whitelisted, I unfortunatly don't know any method to achieve an XSS.

   Crafting your own payload

   There are various methods to achieve this and too much to name them all. Look on these two sites, which have a lot of the methods and concept to construct your own. It comes down to: What the page allows to go through.

   1. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator_.28short.29
   2. https://html5sec.org/

   这篇关于在没有脚本标记的情况下为XSS执行JavaScript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！