s0md3v/AwesomeXSS

# AwesomeXSS 该仓库是一个精选的 Awesome XSS 资源合集。欢迎提交贡献，请通过 issue 提交。 ### 精选内容 - [挑战](https://github.com/s0md3v/AwesomeXSS#awesome-challenges) - [阅读与演讲](https://github.com/s0md3v/AwesomeXSS#awesome-reads--presentations) - [工具](https://github.com/s0md3v/AwesomeXSS#awesome-tools) - [思维导图](https://github.com/s0md3v/AwesomeXSS#awesome-xss-mind-maps) - [DOM XSS](https://github.com/s0md3v/AwesomeXSS#awesome-dom-xss) - [Payloads](https://github.com/s0md3v/AwesomeXSS#awesome-payloads) - [Polyglots](https://github.com/s0md3v/AwesomeXSS#awesome-polyglots) - [标签与事件处理程序](https://github.com/s0md3v/AwesomeXSS#awesome-tags--event-handlers) - [上下文突破](https://github.com/s0md3v/AwesomeXSS#awesome-context-breaking) - [HTML 上下文](https://github.com/s0md3v/AwesomeXSS#html-context) - [属性上下文](https://github.com/s0md3v/AwesomeXSS#attribute-context) - [JavaScript 上下文](https://github.com/s0md3v/AwesomeXSS#javascript-context) - [Confirm 变体](https://github.com/s0md3v/AwesomeXSS#awesome-confirm-variants) - [漏洞利用](https://github.com/s0md3v/AwesomeXSS#awesome-exploits) - [探测](https://github.com/s0md3v/AwesomeXSS#awesome-probing) - [绕过](https://github.com/s0md3v/AwesomeXSS#awesome-bypassing) - [编码](https://github.com/s0md3v/AwesomeXSS#awesome-encoding) - [提示与技巧](https://github.com/s0md3v/AwesomeXSS#awesome-tips--tricks) ### 精选挑战 - [prompt.ml](https://prompt.ml) - [alf.nu/alert1](https://alf.nu/alert1) - [xss-game.appspot.com](https://xss-game.appspot.com) - [polyglot.innerht.ml](https://polyglot.innerht.ml) - [sudo.co.il/xss](http://sudo.co.il/xss) - [root-me.org](https://www.root-me.org/?page=recherche&lang=en&recherche=xss) - [chefsecure.com](https://chefsecure.com/courses/xss/challenges) - [wechall.net](https://www.wechall.net/challs/XSS) - [codelatte.id/labs/xss](https://codelatte.id/labs/xss) ### 精选阅读与演讲 - [绕过 XSS 检测机制](https://github.com/s0md3v/MyPapers/tree/master/Bypassing-XSS-detection-mechanisms) - [通过 PNG Content Type 在 Facebook 中发现 XSS](https://whitton.io/articles/xss-on-facebook-via-png-content-types/) - [我是如何遇到你女朋友的](https://www.youtube.com/watch?v=fWk_rMQiDGc) - [如何在一小时内找到 1,352 个 Wordpress 插件 XSS 漏洞](https://www.youtube.com/watch?v=9ADubsByGos) - [Blind XSS](https://www.youtube.com/watch?v=OT0fJEtz7aE) - [Copy Pest](https://www.slideshare.net/x00mario/copypest) ### 精选工具 - [XSStrike](https://github.com/UltimateHackers/XSStrike) - [BeEF](https://github.com/beefproject/beef) - [JShell](https://github.com/UltimateHackers/JShell) ### 精选 XSS 思维导图 由 Jack Masa 制作的一张精美的 XSS 思维导图，[在这里](https://github.com/s0md3v/AwesomeXSS/blob/master/Database/jackmasa-mind-map.png) ### 精选 DOM XSS - 你的输入进入 sink 了吗？ `存在漏洞` - 没有吗？ `不存在漏洞` **Source（源）**：可以被外部（不受信任的）源控制的输入。 ``` document.URL document.documentURI document.URLUnencoded (IE 5.5 or later Only) document.baseURI location location.href location.search location.hash location.pathname document.cookie document.referrer window.name history.pushState() history.replaceState() localStorage sessionStorage ``` **Sink（汇）**：可能导致漏洞的危险方法。在这种情况下会导致 DOM Based XSS。 ``` eval Function setTimeout setInterval setImmediate execScript crypto.generateCRMFRequest ScriptElement.src ScriptElement.text ScriptElement.textContent ScriptElement.innerText anyTag.onEventName document.write document.writeln anyElement.innerHTML Range.createContextualFragment window.location document.location ``` 这份详尽的 sink 和 source 列表取自 [domxsswiki](https://github.com/wisec/domxsswiki)。 ### 精选 Payloads ``` z z z

"/ondblclick=`<`[confir\u006d``]>z click click