close

WEB安全

WEB安全透测试

XSS平台大合集–GD-sec

xss-Gd-sec

XSS攻击全称跨站脚本攻击,是为不和层叠样式表(Cascading Style Sheets, CSS)的缩写混淆,故将跨站脚本攻击缩写为XSS,XSS是一种在web应用中的计算机安全漏洞,它允许恶意web用户将代码植入到提供给其它用户使用的页面中。

XSS是一种经常出现在web应用中的计算机安全漏洞,它允许恶意web用户将代码植入到提供给其它用户使用的页面中。比如这些代码包括HTML代码和客户端脚本。攻击者利用XSS漏洞旁路掉访问控制——例如同源策略(same origin policy)。这种类型的漏洞由于被黑客用来编写危害性更大的网络钓鱼(Phishing)攻击而变得广为人知。对于跨站脚本攻击,黑客界共识是:跨站脚本攻击是新型的“缓冲区溢出攻击“,而JavaScript是新型的“ShellCode”。并且现在来说还是一种渗透不二的手法、有时候可以打到管理员的cookie这样可以助你渗透一臂之力,直接拿到后台权限。

xss攻击可以分成两种类型:

1.非持久型攻击
2.持久型攻击

非持久型xss攻击:顾名思义,非持久型xss攻击是一次性的,仅对当次的页面访问产生影响。非持久型xss攻击要求用户访问一个被攻击者篡改后的链接,用户访问该链接时,被植入的攻击脚本被用户游览器执行,从而达到攻击目的。

持久型xss攻击:持久型xss,会把攻击者的数据存储在服务器端,攻击行为将伴随着攻击数据一直存在。

下面小编祭出xss平台大合集、有些平台不能使用了、请自行判定!

 

XSS platform supporting HTTPS
https://www.w0ai1uo.org/xss/xss.php?do=login
https://x.secbox.cn/index.php?do=login
https://xss.96sec.org
https://www.chinabaiker.com/xss/index.php?do=login
https://knock.xss.moe/index
https://www.xxs.nz
https://rmp.tk/index.php?do=login
https://xsshunter.com/
https://sess.me/#!user/login
https://xssx.io/index.php?do=login
https://xss.jozxing.cc/index.php?do=login
https://xss.gt.gs/index.php?do=login
https://xss.skylark.site/index.php?do=login
https://www.myzt.me/
https://www.phck.us/
https://www.dtf.re/
https://xss.north6.pw/xss.php?do=login

XSS platform that does not support HTTPS
http://00l.me/Admin/index.php?&m=login&a=index
http://xss.chengyin.org/index.php?do=login
http://www.xssec.com/
http://xss.hackmall.cn/index.php?do=register
http://xss.fbisb.com/index.php?do=login
http://www.xss8.net/
http://xss.51zuosi.com/index.php?do=login
http://xssapp.com/
http://xss.spriteking.com/
http://skyxss.sinaapp.com/
http://webxss.net/
http://xsspt.com/index.php?do=login
http://x.00l.me/Admin/index.php?&m=login&a=index
http://v-2.cc/index.php?do=login
http://xssing.sinaapp.com/
http://xss.re/
http://xss.systemsec.cn/index.php?do=login
http://xss.dunwl.com/
http://www.secist.com/xsser/index.php?do=login
http://xss.chamd5.org/login.esp
http://xssnow.com/
http://www.gkniu.com/xss8/xssadmin/login.php
http://xss.molix.top/index.php?do=login
http://ixss.warsong.pw/index.php?do=login
http://xss.moxia.org/index.php?do=login
http://xss.isilic.org//index.php?do=login
http://xss.phpinfo.me/index.php?do=login
http://pxss.96.lt/
http://xss.cnit.pro/index.php?do=login
http://jquerybrowser.com/
http://xss.jyhack.com
http://xss.tv/index.php?do=login
http://xss.yinsec.com/index.php?do=login
http://xss.evilclay.com/index.php?do=login
http://cker.in/index.php?do=login
http://www.backlion.org/xss//index.php?do=register
http://webxss.top/xss/index.php?do=register
http://www.iosmosis.org/xss/index.php?do=login
http://gdd.gd/xss.php?do=login
http://rui0.cn/RXSS/index.php?do=register
http://www.kevinchow.cn/xss/index.php?do=login
http://cssv.top/index.php?do=login
http://uo2.tv/index.php?do=login
http://a6z9.com/index.php?do=login
http://pp-2-i.freakpanda.com/index.php?do=login
http://vxss.cc/index.php?do=login
http://www.ccisa.cn//index.php?do=login
http://yqy.tv/index.php?do=login
http://92xss.com/index.php?do=login
http://xss.reven.me/index.php?do=login
http://www.p1p.tw/index.php?do=login
http://x.ohlinge.cn/index.php?do=login
http://zsbx.gg/xss/index.php?do=login
http://sys7em.info/xss/index.php?do=login
http://xsswv.cn/xss/index.php?do=login
http://xss.ht
http://2xss.cc/xss.php?do=login
http://www.heimo.space/index.php?do=login
http://k2y.in/index.php?do=login
http://py4.me/index.php?do=login
http://x11.in/index.php?do=login
http://www.nosec.win/index.php?do=login
http://c.pentest.club/index.php?do=login
http://www.09im.com/index.php?do=login
http://src2.cc/index.php?do=login
http://l0l.lol/index.php?do=login
http://xss.wucj.me/index.php?do=login
http://xss.empers.cn/index.php?do=login
http://www.xxs1.top/index.php?do=login
http://www.webxss.website/xss.php?do=login
http://www.wusec.cn/xss.php?do=login
http://xss.0e0w.com/xss.php?do=login
http://xss.srcbug.com/xss.php?do=login
http://qqdnn.co/xss.php?do=login
http://3sss.pw/index.php?do=login
http://www.xssno.com/xss.php?do=login
http://www.hhct.vip/
http://0xa.cc/index.php?do=login
http://www.xss9.com/index.php?do=login
http://isaya.cn/xss.php?do=login
http://mzd6.cn/
http://xss.iguoli.cn/index.php?do=login
http://215726.012012f9.cn/
http://www.37c8.com/index.php?do=login
http://www.gscsds.com/
http://xss.asgsec.cn/index.php?do=login
http://011.tw/index.php?do=login
http://www.probaidu.com/
http://www.00xss.org/
http://www.wusec.cn/xss.php?do=login
http://xss.javahk.com/index.php?do=login
http://xssa.me/xss.php?do=login
http://www.xsstest.com/index.php?do=login
http://xss.d0ve.com/
http://imxss.com/
http://www.xssphp.cn/xss.php?do=login
http://www.radebit.com/xss/
http://www.chinahackcn.com/XSS/index.php?do=login
http://www.webhack.cn/
http://www.mimayun.club/xss/index.php?do=login
http://www.w3bsafe.cn/xss/
http://oxss.cn/xss.php?do=login
http://d9city.com:81//index.php?do=login
http://xsser.boomeye.com/xsser/index.php?do=login
http://wxss.me/
http://www.stardustsky.net/xss/index.php?do=login
http://001.rip/index.php?do=login
http://h1c.win/index.php?do=login
http://xss.wtf/index.php?do=login
http://xssa.vip/

XSS platform source code
http://coao.co/2894.html
https://github.com/lietdai/xss-mitm-attack
https://github.com/firesunCN/BlueLotus_XSSReceiver
http://imxss.com/
https://github.com/beefproject/beef

read more