Tag: 安全

1.Non-persistent XSS 便携a.php <?php $input = $_GET[“param”]; echo “<div>”.$input.”</div>”; ?> 访问 https://www.moneyslow.com/a.php?param=<script>alert(/xss/)</script> 2.DOM XSS <html> <head> <meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″> <script type=”text/javascript”> function changeLink() { var str = document.getElementById(“text”).value; document.getElementById(“t”).innerHTML=”<a href='”+str+”‘ >testlink</a>”; } </script> </head> <div id=”t”></div> <input type=”text” id=”text” value=”” /> <input type=”button” id=”s” value=”write” onclick=”changeLink()” /> </html> 测试输入 ‘ onclick=alert(/xss) //