实验室：允许使用一些SVG标记反映XSS

从业者

这个实验室有一个简单的反映XSS脆弱性。该网站正在阻止常见标签，但错过了一些SVG标签和事件。

要解决实验室，执行跨站脚本攻击称呼警报（）功能。

访问实验室

解决方案

注入标准XSS有效载荷，例如：
观察该有效载荷被阻止。在接下来的几个步骤中，我们将使用Burp Intruder测试哪些标签和属性被阻止。
通过Burp Suite浏览器代理流量，请在实验室中使用搜索功能。将最终的请求发送给Burp Intruder。
在Burp Intruder中，在“位置”选项卡中，单击“清除§”。
在请求模板中，用以下方式替换搜索词的值<>
将光标放在角括号之间，然后单击两次“添加§”以创建有效载荷位置。搜索词的价值现在应该是：<§§>
参观XSS备忘单然后单击“复制标签到剪贴板”。
在Burp Intruder中，在“有效载荷”选项卡中，单击“粘贴”以将标签列表粘贴到有效负载列表中。单击“开始攻击”。
攻击完成后，请检查结果。观察所有有效载荷都会造成HTTP 400响应，除了使用的载荷，，，，，，，，</code>，和<code><image></code>标签，收到200个响应。</li> <li><p>返回Burp Intuder中的“位置”选项卡，然后替换您的搜索词：</p><code class="code-scrollable"><svg> <animateTransform％20 = 1></code></li> <li><p>将光标放在<code>=</code>字符，然后单击两次“添加§”以创建有效负载位置。搜索词的价值现在应该是：</p><code class="code-scrollable"><svg> <animateTransform％20§= 1></code></li> <li>参观<a href="//www.muteki-anime.com/web-security/cross-site-scripting/cheat-sheet">XSS备忘单</a>然后单击“将事件复制到剪贴板”。</li> <li>在Burp Intruder中，在“有效载荷”选项卡中，单击“清除”以删除先前的有效载荷。然后单击“粘贴”以将属性列表粘贴到有效载荷列表中。单击“开始攻击”。</li> <li><p>攻击完成后，请检查结果。请注意，所有有效载荷都会造成HTTP 400响应<code>OnBegin</code>有效载荷，导致200响应。</p><p>访问浏览器中的以下URL，以确认调用Alert（）函数并解决了实验室：</p><code class="code-scrollable">https://your-lab-id.beplay体育能用吗web-security-academy.net/?search=%22%3E%3CSVG%3E%3CANIMATETRANSFORM%20ONBEGIN= ALERT = alert(1)%3e</code></li> </ol> </div> </div> <div class="component-solution is-expandable"> <h4>社区解决方案beplay维护得多久</h4> <div> <h5>迈克尔·索默（Michael Sommer）</h5> <div class="youtube-wrapper"> <iframe src="https://www.youtube.com/embed/80vn2dLQW04?origin=//www.muteki-anime.com&rel=0" allowfullscreen></iframe> </div> </div> </div> </div> <div class="rightcol rightcol-boxes"> <input class="hidden" id="trackerpopup" type="checkbox"> <div class="widgetcontainer-box is-twobtns academy-account-status" id="AcademyAccountStatusWidget"> <p class="hidden-when-collapsed">是否想跟踪您的进度并拥有更个性化的学习经验？（免费！）</p> <div class="flex-center"> <a href="//www.muteki-anime.com/users/register" class="btn">注册</a> <a href="//www.muteki-anime.com/users?returnurl=%2fweb-security%2fcross-site-scripting%2fcontexts%2flab-some-svg-markup-allowed" class="btn">登录</a> </div> </div> <div class="widgetcontainer-box is-linklist"> <h4>在这个主题中</h4> <a href="//www.muteki-anime.com/web-security/cross-site-scripting">跨站脚本</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/reflected">反映XSS</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/stored">存储的XSS</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/dom-based">基于DOM的XSS</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/contexts">XSS上下文</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/contexts/angularjs-sandbox">Angularjs沙箱</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/exploiting">利用XSS漏洞</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/content-security-policy">内容安全策略</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/dangling-markup">晃来晃去的标记</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/preventing">防止XSS</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting/cheat-sheet">XSS备忘单</a> </div> <div class="widgetcontainer-box is-linklist"> <h4>所有主题</h4> <a href="//www.muteki-anime.com/web-security/sql-injection">SQL注入</a> <a href="//www.muteki-anime.com/web-security/cross-site-scripting">XSS</a> <a href="//www.muteki-anime.com/web-security/csrf">CSRF</a> <a href="//www.muteki-anime.com/web-security/clickjacking">点击劫机</a> <a href="//www.muteki-anime.com/web-security/dom-based">基于DOM</a> <a href="//www.muteki-anime.com/web-security/cors">科尔斯</a> <a href="//www.muteki-anime.com/web-security/xxe">xxe</a> <a href="//www.muteki-anime.com/web-security/ssrf">SSRF</a> <a href="//www.muteki-anime.com/web-security/request-smuggling">要求走私</a> <a href="//www.muteki-anime.com/web-security/os-command-injection">指挥注射</a> <a href="//www.muteki-anime.com/web-security/server-side-template-injection">服务器端模板注入</a> <a href="//www.muteki-anime.com/web-security/deserialization">不安全的挑战</a> <a href="//www.muteki-anime.com/web-security/file-path-traversal">目录遍历</a> <a href="//www.muteki-anime.com/web-security/access-control">访问控制</a> <a href="//www.muteki-anime.com/web-security/authentication">验证</a> <a href="//www.muteki-anime.com/web-security/oauth">OAuth身份验证</a> <a href="//www.muteki-anime.com/web-security/logic-flaws">业务逻辑漏洞</a> <a href="//www.muteki-anime.com/web-security/web-cache-poisoning">beplay体育能用吗网络缓存中毒</a> <a href="//www.muteki-anime.com/web-security/host-header">HTTP主机标头攻击</a> <a href="//www.muteki-anime.com/web-security/websockets">beplay体育能用吗Websocket</a> <a href="//www.muteki-anime.com/web-security/information-disclosure">信息披露</a> <a href="//www.muteki-anime.com/web-security/file-upload">文件上传漏洞</a> </div> <div class="widget-orange"> <img alt="免费尝试Burp Suite" src="//www.muteki-anime.com/content/images/logos/burp-suite-icon.svg"> <h4>使用Burp Suite查找XSS漏洞</h4> <a class="button-white" href="//www.muteki-anime.com/burp">bepaly下载app </a> </div> </div> </div> </section> <div class="section-full-width theme-community-6 text-center"> <h2>免费注册以跟踪您的学习进度</h2> <div class="container-columns-vertically-centered"> <div class="text-right"> <img alt="通过Portswigger的网络安全学院工作的好处beplay官网可以赌beplay体育能用吗" src="//www.muteki-anime.com/burp/community-download-thank-you/images/academy.png"> </div> <div class="text-left"> <ul class="unordered-list-vertical-ticks-small"> <li><p>练习在现实目标上利用漏洞。</p></li> <li><p>记录您从学徒到专家的发展。</p></li> <li><p>看看您在我们的名人堂中排名。</p></li> </ul> <form action="/users/register" class="recaptchaloadingmask text-left" id="RegistrationWidget-F9F55B993857710F3C5E6EB05892EFCE" method="post"> <input type="hidden" name="RequestVerificationToken" value="67FBC64E6F5730AC1158CB1E5A83A4F380122A21A3319A1FAD70F6B171C18F35C7B3CE0D97630CD3333C0143CF2D9DB272E7B58AD02E1FDCE70B5AE84FCEC3BD"> <div class="form-small disable-no-recaptcha"> <div class="font-small-error hidden"> <span class="icon-alert-white"></span> <span class="font-small-error-text"></span> </div> <label><input name="EmailAddress" placeholder="Enter your email" type="email"><button class="button-orange" type="submit"><span>登记</span></button></label> </div> <div id="Recaptcha-F9F55B993857710F3C5E6EB05892EFCE" class="recaptcha-div"> <div class="recaptcha-inner"> <div class="hidden" id="NoRecaptcha-F9F55B993857710F3C5E6EB05892EFCE"> <div class="notify-inline no-padding-bottom error"> <div class="notify-logo icon-error"></div> <div class="notify-message"> 当我们使用recaptcha时，您需要能够访问Google的服务器以使用此功能。</div> </div> </div> <input id="RecaptchaToken-F9F55B993857710F3C5E6EB05892EFCE" name="RecaptchaToken" type="hidden" value=""> <input type="hidden" id="RecaptchaClientSecret-F9F55B993857710F3C5E6EB05892EFCE" value="6LFGVPCUAAAAAMLIC7GC5KN_9OQIZGINUMO8VGHM"> <input type="hidden" id="RecaptchaV2ClientSecret-F9F55B993857710F3C5E6EB05892EFCE" value="6leqhpwuaaaaaaj4lai9akvqarvxaimo1eezetj6v"> <div id="RecaptchaRenderLocation-F9F55B993857710F3C5E6EB05892EFCE" class="grecaptcha-v2-box"></div> </div> <span class="field-validation-valid Warning" data-valmsg-for="RecaptchaToken" data-valmsg-replace="true"></span> </div> </form> <sup>已经有一个帐户？<a href="//www.muteki-anime.com/users">在此登录</a></sup> </div> </div> </div> <footer class="wrapper"> <div class="container"> <div> <p>Burp Suite</p> <a href="//www.muteki-anime.com/burp/vulnerability-scanner">bepaly下载 </a> <a href="//www.muteki-anime.com/burp">bepaly下载app </a> <a href="//www.muteki-anime.com/burp/releases">发行说明</a> </div> <div> <p>漏洞</p> <a href="//www.muteki-anime.com/web-security/cross-site-scripting">跨站点脚本（XSS）</a> <a href="//www.muteki-anime.com/web-security/sql-injection">SQL注入</a> <a href="//www.muteki-anime.com/web-security/csrf">跨站点伪造</a> <a href="//www.muteki-anime.com/web-security/xxe">XML外部实体注入</a> <a href="//www.muteki-anime.com/web-security/file-path-traversal">目录遍历</a> <a href="//www.muteki-anime.com/web-security/ssrf">服务器端请求伪造</a> </div> <div> <p>顾客</p> <a href="//www.muteki-anime.com/organizations">组织</a> <a href="//www.muteki-anime.com/testers">测试人员</a> <a href="//www.muteki-anime.com/developers">开发人员</a> </div> <div> <p>公司</p> <a href="//www.muteki-anime.com/about">关于</a> <a href="//www.muteki-anime.com/news">beplay官网可以赌Portswigger新闻</a> <a href="//www.muteki-anime.com/careers">职业</a> <a href="//www.muteki-anime.com/about/contact">接触</a> <a href="//www.muteki-anime.com/legal">合法的</a> <a href="//www.muteki-anime.com/privacy">隐私声明</a> </div> <div> <p>见解</p> <a href="//www.muteki-anime.com/web-security">beplay体育能用吗网络安全学院</a> <a href="//www.muteki-anime.com/blog">博客</a> <a href="//www.muteki-anime.com/research">研究</a> <a href="//www.muteki-anime.com/daily-swig">每日swbeplay2018官网ig</a> </div> <div> <a href="//www.muteki-anime.com/"><img src="//www.muteki-anime.com/content/images/logos/portswigger-logo.svg" alt="beplay官网可以赌PortSwigger徽标" class="footer-logo"></a> <a class="button-outline-blue-small camelcase" href="https://twitter.com/Burp_Suite" rel="noreferrer"><span class="icon-twitter"></span>跟着我们</a> <p class="grey">©2022 Pbeplay官网可以赌ortswigger Ltd.</p> </div> </div> </footer> <a href="#top" class="back-to-top"> <svg xmlns="http://www.w3.org/2000/svg" width="26" height="26" viewbox="0 0 26 26"> <polygon points="4.07 14.7 5.03 15.78 12.48 9.13 19.94 15.78 20.9 14.7 12.48 7.2 4.07 14.7" fill="#f63"></polygon> <path d="M13,0A13,13,0,1,0,26,13,13,13,0,0,0,13,0Zm0,24.56A11.56,11.56,0,1,1,24.56,13,11.58,11.58,0,0,1,13,24.56Z" fill="#f63"></path> </svg></a> </body> </html>